Джерело:
Slashdot
Дата публікації:
10/06/2024 20:23
Постійна адреса новини:
http://www.vsinovyny.com/11045513
Malicious VSCode Extensions With Millions of Installs Discovered
10/06/2024 20:23 // Slashdot
A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. From a report: Visual Studio Code (VSCode) is a source code editor published by Microsoft and used by many professional software developers worldwide. Microsoft also operates an extensions market for the IDE, called the Visual Studio Code Marketplace, which offers add-ons that extend the application's functionality and provide more customization options. Previous reports have highlighted gaps in VSCode's security, allowing extension and publisher impersonation and extensions that steal developer authentication tokens. There have also been in-the-wild findings that were confirmed to be malicious.
Read more of this story at Slashdot.
| « |
Наступна новина з архіву Україна наростила виробництво сталі |
Попередня новина з архіву Nokia меняет мир мобильной связи: иммерсивные звонки – это уже не фантастика |
» | |
|
|
||||