Found 21 bookmarks
Custom sorting
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to
#phylum#EN#2023#npm#Reverse#Shell#Supply-chain-attack
·blog.phylum.io·
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
Python obfuscation traps
Python obfuscation traps
In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example involves developers being targeted by seemingly legitimate Python obfuscation packages that harbor malicious code.
#checkmarx#EN#2023#Python#obfuscation#Supply-chain-attack
·checkmarx.com·
Python obfuscation traps
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
During the month of September, an attacker operating under the pseudonym "kohlersbtuh15", attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and the code contained within them, it appears that this attacker targeted developers that use Aliyun services (Alibaba Cloud), telegram, and AWS.
#checkmarx#EN#2023#PyPi#Supply-chain-attack#kohlersbtuh15
·checkmarx.com·
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
The evolutionary tale of a persistent Python threat 
The evolutionary tale of a persistent Python threat 
Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft. 
#checkmarx#EN#2023#Supply-chain-attack#malicious#packages#Python
·checkmarx.com·
The evolutionary tale of a persistent Python threat 
VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard
VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard
In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases.
#securityboulevard#EN#2023#Supply-Chain-Attack#VMConnect#PyPI
·securityboulevard.com·
VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard