Liam Tung
| September 6, 2021 — 11:02 GMT (12:02 BST)
| Topic: Security
Securing a system from inception can help it survive cyberattacks
Watch Now
A very popular NPM package called ‘pac-resolver’ for the JavaScript programming language has been fixed to address a remote code execution flaw that could affect a lot of Node.js applications.
The flaw in the pac-resolver dependency was found by developer Tim Perry who notes it could have allowed an attacker on a local network to remotely run malicious code inside a Node.js process whenever an operator tried to send an HTTP request. Note.js is the popular JavaScript runtime for running JavaScript web applications.
“In any of those cases, an attacker (by configuring a malicious PAC URL, intercepting PAC file requests with a malicious file, or using WPAD) can remotely run arbitrary code on your computer any time you send an HTTP request using this proxy configuration,” notes Perry.
Security
T-Mobile hack: Everything you need to know
Surfshark VPN review: It’s cheap, but is it good?
The best browsers for privacy
Cyber security 101: Protect your privacy
The best antivirus software and apps
The best VPNs for business and home use
The best security keys for 2FA
The ransomware threat is growing: What needs to happen to stop attacks getting worse? (ZDNet YouTube)
Related Topics:
Security TV
Data Management
CXO
Data Centers
Liam Tung
| September 6, 2021 — 11:02 GMT (12:02 BST)
| Topic: Security