Newly developed Node.js vulnerability hunting tool ODGEN, which is based on the new Object Dependence Graph structure inspired by Code Property Graph, has been able to determine 180 security flaws within the Node.js environment used for network application creation, SecurityWeek reports.
Six different vulnerability types were identified by ODGEN, prompting the discovery of 137 package-level and 43 application-level zero-days with 84 and 14 false positives, respectively, with 70 already being given Common Vulnerabilities and Exposures identifiers, according to researchers from Johns Hopkins University and Renmin University of China who developed the new tool.
"Specifically, ODG includes fine-grained data dependencies between objects, thus helping taint-style vulnerability detection such as command injection," said researchers, who added that the novel approach could enable usage of ODG for offline Node.js vulnerability detection.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.