Search cyberveille.decio.ch

Found 5 bookmarks

Custom sorting

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs

FortiGuard Labs cover the attack phases of three new PyPI packages that bear a resemblance to the culturestreak PyPI package discovered earlier this year. Learn more.

#fortinet #EN #2023 #FortiGuard-Labs-Threat-Research #Supply-chain-attack #PyPI #Packages #CoinMiner

·fortinet.com·Jan 5, 2024

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs

A pernicious potpourri of Python packages in PyPI

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.

#welivesecurity #EN #2023 #Python #packages #malicious #PyPI

·welivesecurity.com·Dec 15, 2023

A pernicious potpourri of Python packages in PyPI

Uncovering thousands of unique secrets in PyPI packages

Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.

#gitguardian #EN #2023 #GitGuardian #PyPI #research #hardcoded #credentials #secret #packages

·blog.gitguardian.com·Nov 16, 2023

Uncovering thousands of unique secrets in PyPI packages

The evolutionary tale of a persistent Python threat 

Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft.

#checkmarx #EN #2023 #Supply-chain-attack #malicious #packages #Python

·checkmarx.com·Oct 5, 2023

The evolutionary tale of a persistent Python threat 

Six Malicious Python Packages in the PyPI Targeting Windows Users

Malicious packages on PyPI copy W4SP attacks to steal users’ credentials and crypto wallet data. This incident illustrates issues in open-source ecosystems.

#unit42 #EN #2023 #PyPI #W4SP #attacks #packages #Supply-Chain-Attack

·unit42.paloaltonetworks.com·Jul 11, 2023

Six Malicious Python Packages in the PyPI Targeting Windows Users