Checkmarx launches Supply Chain Threat Intelligence

No Comments

The software supply chain is increasingly being weaponized by attackers seeking to compromise businesses and steal information.

Application security specialist Checkmarx is looking to combat this with the launch of a new product which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

Supply Chain Threat Intelligence offers a number of features including identification of malicious packages by attack type such as dependency confusion, typosquatting, chainjacking and more. There's also analysis of contributor reputation through identification of anomalous activity within open source packages; intelligence on the malicious behavior of packages, including static and dynamic analysis to understand how the code runs; and a data lake that allows the ongoing analysis of packages long after they have been deleted from package managers, with over one million packages scanned per month.

"In 2022, Checkmarx researchers exposed some of the most prolific open source attack groups, including RED-LILI and Lofygang," says Checkmarx CEO Emmanuel Benzaquen. "Given the dramatic proliferation of malicious open source packages from organized attack groups, we’re pleased to empower security stakeholders by revealing adversarial motives, tactics, techniques and procedures in a constantly updated intelligence feed."

The product is delivered as an API that is simple for users to integrate into many dashboards and development environments. Users obtain a unique token from Checkmarx, send in a package name and version and receive back threat intelligence on the package.

"Our Checkmarx Labs supply chain security team discovered 150,878 unique malicious packages in 2022 alone," says Erez Yalon, VP of security research at Checkmarx. "We're seeing attackers continue to strike and publish malicious packages even after they’ve been reported. They simply create new sock-puppet accounts and nothing stops them from doing so. Their relentless malicious behavior and the increasing velocity of new malicious package releases have led us to share our threat intelligence to help keep the open source ecosystem safe."

Find out more and request a demo on the Checkmarx site.

Image credit: artursz/depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

We're not going to deal with today's IT admin issues with yesterday's technology

AI-powered data management: Navigating data complexity in clinical trials

Workforces need the skills to defend against AI-enabled threats

Overcoming real-time data integration challenges to optimize for surgical capacity and better care

From Windows XP to Windows 10 -- How Microsoft's end-of-life nag screens have changed

Pour one out for the Linux homies: Fedora 40 released

Phishing attacks up 60 percent driven by AI

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

20 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

17 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.