Tracking Attackers in Open Source Supply Chain Attacks - The New Frontier
Offered By: Linux Foundation via YouTube
Course Description
Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the evolving landscape of open source supply chain attacks in this 42-minute Linux Foundation conference talk. Dive into automated threat detection processes and discover open source tools for identifying malicious packages at scale. Examine the RED LILI attack, involving over 1,500 malicious packages from a single threat actor, and learn about the infrastructure required for such large-scale operations. Investigate the UA-Parser incident, where a legitimate account was compromised, and understand the tactics, techniques, and procedures used in account takeovers. Learn about Chain Alert, a free service for the open-source community to warn against these attacks. Analyze the "Protestware" phenomenon, exemplified by the node-ipc package incident targeting Russian and Belarusian IP addresses. Gain insights into attacker evolution, identity theft, and the trust paradox in open source software. Understand the critical nature of open source and the need for a mindset shift in addressing these security challenges.
Syllabus
Introduction
Whats the problem
Open Source is Critical
Identity Theft
Attackers Targeting Open Source
Rhetoric Question
Attackers evolving
Cuteboy
Wrong Package
Package Lab
Metadata
The Trust Paradox
Change the Mindset
Summary
Taught by
Linux Foundation
Tags
Related Courses
AWS Security Traffic Monitoring and Packet AnalysisAmazon Web Services via AWS Skill Builder AWS: Threat Detection, Logging and Monitoring
Whizlabs via Coursera Basics of Amazon GuardDuty (AWS Partner-led Support)
Amazon Web Services via AWS Skill Builder Chronicle Technical Training
Google via Google Cloud Skills Boost Cloud Security on AWS
Edureka via Coursera