Vulnerability Found in Open-Source Website Development Tool

An open source security firm, Snyk, recently alerted developers that a compromised version of the open-source website development tool bootstrap-sass was published to the RubyGems repository where programmers share application code. Threat actors most likely built the malicious copy by either compromising the system or phishing a developer's credentials. Enterprise and startup businesses use this popular tool, and now there is potential that many applications are vulnerable to remote code execution. Snyk further advised its users to update their systems away from the infected framework (version 3.2.0.3). The NJCCIC recommends patching systems as soon as updates become available. For more information, please review CyberScoop's article.

AdvisoryNJCCIC