Tamir Ben Ari


Tamir Ben Ari is a malware researcher at Mend.io specializing in software supply chain. Previously, he held the role of security researcher at Mend.io, which included detailed vulnerability research in open source libraries.

Latest Content By Tamir

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.

Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration

Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...

Subscribe to Our Blog