Browsing tag
The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. “A npm package’s manifest is published independently from its tarball,” Darcy Clarke, a former GitHub and npm engineering […]
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke down […]
Features Auto VoIP/UC penetration test Report generation Performance RFC compliant SIP TLS and IPv6 support SIP over websockets (and WSS) support (RFC 7118) SHODAN, exploitsearch.net and Google Dorks SIP common security tools (scan, extension/password bruteforce, etc.) Authentication and extension brute-forcing through different types of SIP requests SIP Torture (RFC 4475) partial support SIP SQLi check […]
Short Bytes: To ensure an improvement performance experience for its 3.5 million users, Node.js Foundation has released Node.js Version 6 with Long Term Support. This release supports 93 percent of the ECMAScript 6 standard and uses Google’s V8 version 5.0 for the JS engine. Node.js, the JavaScript runtime, has hit version 6. The new Node.js […]
Short Bytes: Nativefier is based on the Node.js runtime environment which can convert any web page into an automated desktop application. Nativefier does this using a framework called Electron. The Electron framework enables a programmer to write desktop applications in JavaScript, HTML, and CSS. Even if the web pages’ capabilities have increased with HTML 5 and JavaScript, we […]