GHSA-97m3-w2cp-4xx6
Windows-Sandbox
GHSA-97m3-w2cp-4xx6 | Windows-Sandbox | |
---|---|---|
13 | 52 | |
- | 312 | |
- | 8.7% | |
- | 5.8 | |
- | 3 days ago | |
PowerShell | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GHSA-97m3-w2cp-4xx6
-
Selecting the Right Dependencies: A Comprehensive Practical Guide
How safe is it to use? It may sound like fiction, but yes, dependencies can be dangerous. For example, an interesting feature was added to a library with 500k downloads: it tries to replace all files on the computer with ❤️ if your IP address falls within a specific range.
- Embedded Malicious Code in node-ipc
- Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers
-
With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
Source: CVE-2022-23812
- CVE-2022-23812 - mbedded Malicious Code in node-ipc - The package node-ipc versions 10.1.1 and 10.1.2 are vulnerable to embedded malicious code that was introduced by the maintainer. The malicious code was intended to overwrite arbitrary files on Russian systems
- My entire PC got wiped Do not download
- NPM supply chain attack - Wipes your disk if you have a Russian/Byelorussian IP
-
Ukraine Invasion Megathread #3
I have not audited the malicious code myself, so you might be right, I'm going by the CVE reports that say it does this to arbitrary files.
Windows-Sandbox
-
Deno in 2023
Windows has a lot of things in this department. https://github.com/microsoft/Windows-Sandbox-Utilities sounds similar to what you describe, but there are also finer-grained APIs: https://learn.microsoft.com/en-us/windows/win32/secauthz/app...
-
Ask HN: For those using Stable Diffusion locally, how do you filter fishy repos?
You could use the Windows Sandbox to prevent them from accessing anything sensitive on your computer. https://docs.microsoft.com/en-us/windows/security/threat-pro...
- what are the differences between vmware free and virtual box?
- Got infected with Ransomware and both SSD's are totally encrypted
-
Is there a torrent website with no malware?
If you're unsure about a program's security (and you have 10 Pro), run it in Sandbox mode. Otherwise, download VMWare Workstation and create a virtual machine.
-
What Is Qubes OS?
https://docs.microsoft.com/en-us/windows/security/threat-pro...
-
LPT: when taking tests requiring a monitoring software on your personal device, download a virtual machine (ex.OracleVM) and set up windows on it.
Windows Sandbox is literally made for this, is lighter, integrated into the OS and free.
-
Fake "Geek Squad" auto-renewal refund email scam (no "kindly"!!)
He directed me to start a browser, which I did inside Windows Sandbox (a new lightweight container-based VM-ish on Windows). He asked me to go to "9190.org" in the browser, enter the invoice number. That downloads a "ScreenShareClientRefund.exe" which he instructed me to start. At that point I told him "Nice try, scammer! That would have fooled a lot of people." He hung up - no drama.
-
Trojan when downloading RDR1 from Internet Archive
Windows Sandbox is a feature of Windows 10+. If you use older or can't use it for some reason, get VirtualBox and make a VM without any network access.
-
What Antivirus Program should I use?
Do you think he is confusing the partial sandboxing of Windows Defender with Windows Sandbox? If so, why?
What are some alternatives?
es5-ext - ECMAScript extensions (with respect to upcoming ECMAScript features)
node-ipc - A nodejs module for local and remote Inter Process Communication (IPC), Neural Networking, and able to facilitate machine learning.
peacenotwar - Attempts to determine if the computer its running on has an IP originating from Russia or Belarus. If it is then depending on the version of the malware either attempts to delete all files on the computer, or creates a text file on the computers desktop protesting the war in ukraine.
AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
Sandboxie - Sandboxie Plus & Classic
Symfony - The Symfony PHP framework
Sandbox-Setup - Bootstraping a Windows Sandbox
Visual Studio Code - Visual Studio Code
barrier - Open-source KVM software
OctoPrint - OctoPrint is the snappy web interface for your 3D printer!
rclone - "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files