Search cyberveille.decio.ch

Found 48 bookmarks

Newest

Cybercriminals pose as "helpful" Stack Overflow users to push malware

Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.

#bleepingcomputer #EN #2024 #Information-stealing-malware #Packages #PyPI #Python #Stack-OverFlow #pytoileur

·bleepingcomputer.com·May 30, 2024

Cybercriminals pose as "helpful" Stack Overflow users to push malware

Over 170K users hit by poisoned Python package ruse

Supply chain attack targeted GitHub community of Top.gg Discord server

#theregister #EN #2024 #Top.gg #GitHub #Supply-chain-attack #Python

·theregister.com·Mar 25, 2024

Over 170K users hit by poisoned Python package ruse

‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices.

#bleepingcomputer #EN #2023 #Python #Wall #Flippers #Bluetooth #Denial #BLE #blespam #iphones #DoS #Spam

·bleepingcomputer.com·Dec 30, 2023

‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

A pernicious potpourri of Python packages in PyPI

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.

#welivesecurity #EN #2023 #Python #packages #malicious #PyPI

·welivesecurity.com·Dec 15, 2023

A pernicious potpourri of Python packages in PyPI

Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification

Python’s e-mail libraries smtplib, imaplib, and poplib do not verify server certificates unless a proper SSL context is passed to the API. This leads to security problems.

#pentagrid #EN #Python #e-mail #libraries #smtplib #imaplib #poplib #SSL #insecure #analysis

·pentagrid.ch·Nov 14, 2023

Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification

Python obfuscation traps

In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example involves developers being targeted by seemingly legitimate Python obfuscation packages that harbor malicious code.

#checkmarx #EN #2023 #Python #obfuscation #Supply-chain-attack

·checkmarx.com·Nov 8, 2023

Python obfuscation traps

The evolutionary tale of a persistent Python threat 

Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft.

#checkmarx #EN #2023 #Supply-chain-attack #malicious #packages #Python

·checkmarx.com·Oct 5, 2023

The evolutionary tale of a persistent Python threat 

New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials

Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology sectors.

#netskope #EN #2023 #analysis #Python #NodeStealer #Facebook #Credentials #Login

·netskope.com·Sep 18, 2023

New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials

Emerging Threat! Exposing JOKERSPY

Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.

#elastic.co #EN #2023 #JOKERSPY #macOS #Python #backdoor

·elastic.co·Jun 22, 2023

Emerging Threat! Exposing JOKERSPY

Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild

Follow security researchers as they uncover malicious packages on open-source registries, trace bad actors to Discord, and unveil AI-assisted code.

#hackernoon #EN #2023 #python #PyPI #Supply-Chain-Attack #ChatGPT

·hackernoon.com·May 3, 2023

Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild

A Backdoor with Smart Screenshot Capability

Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer.

#sans #EN #2023 #python #backdoor #Screenshot

·isc.sans.edu·Feb 9, 2023

A Backdoor with Smart Screenshot Capability

#sans #EN #2023 #python #backdoor #Screenshot

·isc.sans.edu·Feb 9, 2023

A Backdoor with Smart Screenshot Capability

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”

The FortiGuard Labs team discovered an attack embedded in three PyPI packages called ‘colorslib’, ‘httpslib’, and “libhttps”. Read our blog to learn more.

#fortinet #EN #2023 #threat-research #Threat-Research #security-attack #libhttps #httpslib #colorslib #python #PyPI

·fortinet.com·Jan 16, 2023

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”

The FortiGuard Labs team discovered an attack embedded in three PyPI packages called ‘colorslib’, ‘httpslib’, and “libhttps”. Read our blog to learn more.

#fortinet #EN #2023 #threat-research #Threat-Research #security-attack #libhttps #httpslib #colorslib #python #PyPI

·fortinet.com·Jan 16, 2023

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”

SentinelSneak: Malicious PyPI module poses as security software development kit

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.

#reversinglabs #EN #2022 #PyPI #Supply-chain-security #Python #exfiltration #module #kit

·blog.reversinglabs.com·Dec 20, 2022

SentinelSneak: Malicious PyPI module poses as security software development kit

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.

#reversinglabs #EN #2022 #PyPI #Supply-chain-security #Python #exfiltration #module #kit

·blog.reversinglabs.com·Dec 20, 2022

SentinelSneak: Malicious PyPI module poses as security software development kit

A Custom Python Backdoor for VMWare ESXi Servers

Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.

#juniper #EN #2022 #VMware #ESXi #python

·blogs.juniper.net·Dec 14, 2022

A Custom Python Backdoor for VMWare ESXi Servers

Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.

#juniper #EN #2022 #VMware #ESXi #python

·blogs.juniper.net·Dec 14, 2022

A Custom Python Backdoor for VMWare ESXi Servers

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment.

#develop.secure.software #EN #2022 #W4SP #YARA #Python #PyPI

·develop.secure.software·Dec 5, 2022

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment. 

#develop.secure.software #EN #2022 #W4SP #YARA #Python #PyPI

·develop.secure.software·Dec 5, 2022

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Unpatched 15-year old Python bug allows code execution in 350k projects

A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution.

#bleepingcomputer #Code-Execution #Path-Traversal #Python #Vulnerability #CVE-2007-4559

·bleepingcomputer.com·Sep 25, 2022

Unpatched 15-year old Python bug allows code execution in 350k projects

#bleepingcomputer #Code-Execution #Path-Traversal #Python #Vulnerability #CVE-2007-4559

·bleepingcomputer.com·Sep 25, 2022

Unpatched 15-year old Python bug allows code execution in 350k projects

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability

Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.

#trellix #EN #2022 #CVE-2007-4559 #tarfile #Python #vulnerability

·trellix.com·Sep 25, 2022

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability