Search cyberveille.decio.ch

Python packages upload your AWS keys, env vars, secrets to the web

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

#sonatype #EN #20022 #supplychain #Python #stealer #AWS #keys #packages #loglib-modules #pyg-modules #pygrata #pygrata-utils #hkg-sol-utils

·blog.sonatype.com·Jun 27, 2022

Python packages upload your AWS keys, env vars, secrets to the web

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Python packages upload your AWS keys, env vars, secrets to the web

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

#sonatype #EN #20022 #supplychain #Python #stealer #AWS #keys #packages #loglib-modules #pyg-modules #pygrata #pygrata-utils #hkg-sol-utils

·blog.sonatype.com·Jun 27, 2022

Python packages upload your AWS keys, env vars, secrets to the web

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Python packages upload your AWS keys, env vars, secrets to the web

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

#sonatype #EN #20022 #supplychain #Python #stealer #AWS #keys #packages #loglib-modules #pyg-modules #pygrata #pygrata-utils #hkg-sol-utils

·blog.sonatype.com·Jun 27, 2022

Python packages upload your AWS keys, env vars, secrets to the web

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Python packages upload your AWS keys, env vars, secrets to the web

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

#sonatype #EN #20022 #supplychain #Python #stealer #AWS #keys #packages #loglib-modules #pyg-modules #pygrata #pygrata-utils #hkg-sol-utils

·blog.sonatype.com·Jun 27, 2022

Python packages upload your AWS keys, env vars, secrets to the web

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Python packages upload your AWS keys, env vars, secrets to the web

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

#sonatype #EN #20022 #supplychain #Python #stealer #AWS #keys #packages #loglib-modules #pyg-modules #pygrata #pygrata-utils #hkg-sol-utils

·blog.sonatype.com·Jun 27, 2022

Python packages upload your AWS keys, env vars, secrets to the web

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Python packages upload your AWS keys, env vars, secrets to the web

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

#sonatype #EN #20022 #supplychain #Python #stealer #AWS #keys #packages #loglib-modules #pyg-modules #pygrata #pygrata-utils #hkg-sol-utils

·blog.sonatype.com·Jun 27, 2022

Python packages upload your AWS keys, env vars, secrets to the web

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.

#reversinglabs #EN #NPM #Malicious #packages #supplychain #Supply-Chain-Attack

·reversinglabs.com·Jul 7, 2023

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

Python packages upload your AWS keys, env vars, secrets to the web

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

#sonatype #EN #20022 #supplychain #Python #stealer #AWS #keys #packages #loglib-modules #pyg-modules #pygrata #pygrata-utils #hkg-sol-utils

·blog.sonatype.com·Jun 27, 2022

Python packages upload your AWS keys, env vars, secrets to the web

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?

Binarly is the world's most advanced automated firmware supply chain security platform. Using cutting-edge machine-learning techniques, Binary identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.

#binarly #EN #2023 #MSI #BootGuard #Leaked #Intel #supplychain

·binarly.io·May 10, 2023

Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?

3CX VoIP Software Compromise & Supply Chain Threats

The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.

#huntress #EN #2023 #3CX #VoIP #Software #Compromise #supplychain #analysis

·huntress.com·Mar 30, 2023

3CX VoIP Software Compromise & Supply Chain Threats

Ironing out (the macOS details) of a Smooth Operator

The 3CX supply chain attack, gives us an opportunity to analyze a trojanized macOS application

#objective-see #EN #2023 #3CX #supplychain #macOS #trojanized

·objective-see.org·Mar 30, 2023

Ironing out (the macOS details) of a Smooth Operator

PyPi Packages Deliver Python Remote Access Tools

While researching initial attack vectors, the Kroll Cyber Threat Intelligence team identified a fully featured information stealer and remote access tool in the python package index that could lead to an intensified threat landscape. Read more.

#kroll #EN #2023 #pypi-packages #pypi-malware #python-remote-access-tool #supplychain

·kroll.com·Mar 3, 2023

PyPi Packages Deliver Python Remote Access Tools

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.

#unit42 #EN #2023 #CVE-2021-35394 #IoT #devices #supplychain #attacks #Realtek

·unit42.paloaltonetworks.com·Jan 24, 2023

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

#Phylum #EN #2022 #supplychain #PyPI #W4SP #Stealer #Attack

·blog.phylum.io·Nov 2, 2022

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

Software Delivery Shield protects the software supply chain

Software Delivery Shield, a software supply chain security solution, can enhance the security posture along the supply chain from dev to production.

#google #EN #blog #cloud #supplychain #supply-chain #solution #dev #shield #announcement

·cloud.google.com·Oct 14, 2022

Software Delivery Shield protects the software supply chain

Threat Alert: Private npm Packages Disclosed via Timing Attacks

Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages

#aquasec #EN #2022 #npm #supplychain #supply-chain #attack #timing-attack

·blog.aquasec.com·Oct 14, 2022

Threat Alert: Private npm Packages Disclosed via Timing Attacks

PHP Supply Chain Attack on Composer

We recently discovered a vulnerability in Composer, the main package manager for PHP, and were able to use it to take over the central repository, packagist.org.

#sonarsource #EN #2022 #php #supplychain #supply-chain #packagist.org

·blog.sonarsource.com·Oct 5, 2022

PHP Supply Chain Attack on Composer

Python packages upload your AWS keys, env vars, secrets to the web

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

#sonatype #EN #20022 #supplychain #Python #stealer #AWS #keys #packages #loglib-modules #pyg-modules #pygrata #pygrata-utils #hkg-sol-utils

·blog.sonatype.com·Jun 27, 2022

Python packages upload your AWS keys, env vars, secrets to the web

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

npm Supply Chain Attack Targeting Germany-Based Companies

The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations

#jfrog #2022 #EN #Supply #Chain #supplychain #industrial #npm #attack #research

·jfrog.com·May 11, 2022

npm Supply Chain Attack Targeting Germany-Based Companies

Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.

#thehackernews #EN #2022 #node-ipc #developer #cyberwar #NPM #supplychain #sabotage #CVE-2022-23812

·thehackernews.com·Mar 19, 2022

3CX VoIP Software Compromise & Supply Chain Threats

The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.

#huntress #EN #2023 #3CX #VoIP #Software #Compromise #supplychain #analysis

·huntress.com·Mar 30, 2023

3CX VoIP Software Compromise & Supply Chain Threats

Ironing out (the macOS details) of a Smooth Operator

The 3CX supply chain attack, gives us an opportunity to analyze a trojanized macOS application

#objective-see #EN #2023 #3CX #supplychain #macOS #trojanized

·objective-see.org·Mar 30, 2023

Ironing out (the macOS details) of a Smooth Operator