Search cyberveille.decio.ch

Found 49 bookmarks

Custom sorting

Cybercriminals pose as "helpful" Stack Overflow users to push malware

Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.

#bleepingcomputer #EN #2024 #Information-stealing-malware #Packages #PyPI #Python #Stack-OverFlow #pytoileur

·bleepingcomputer.com·May 30, 2024

Cybercriminals pose as "helpful" Stack Overflow users to push malware

Malicious PyPI packages targeting highly specific MacOS machines

In this post, we analyze a cluster of malicious PyPI packages targeting specific MacOS machines.

#datadoghq #EN #2024 #macos #PyPI #packages #Supply-chain-attack

·securitylabs.datadoghq.com·May 24, 2024

Malicious PyPI packages targeting highly specific MacOS machines

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

PyPI halted new users and projects while it fended off supply-chain attack

Automation is making attacks on open source code repositories harder to fight.

#arstechnica #EN #2024 #PyPI #Automation #malicious #packages #attack

·arstechnica.com·Mar 28, 2024

PyPI halted new users and projects while it fended off supply-chain attack

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Info Stealing Packages Hidden in PyPI

An info-stealing PyPI malware author was identified discreetly uploading malicious packages.

#FortiGuard-Labs-Threat-Research #fortinet #2024 #EN #PyPI #malware #Supply-chain-attack

·fortinet.com·Jan 23, 2024

Info Stealing Packages Hidden in PyPI

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs

FortiGuard Labs cover the attack phases of three new PyPI packages that bear a resemblance to the culturestreak PyPI package discovered earlier this year. Learn more.

#fortinet #EN #2023 #FortiGuard-Labs-Threat-Research #Supply-chain-attack #PyPI #Packages #CoinMiner

·fortinet.com·Jan 5, 2024

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

A pernicious potpourri of Python packages in PyPI

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.

#welivesecurity #EN #2023 #Python #packages #malicious #PyPI

·welivesecurity.com·Dec 15, 2023

A pernicious potpourri of Python packages in PyPI

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Uncovering thousands of unique secrets in PyPI packages

Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.

#gitguardian #EN #2023 #GitGuardian #PyPI #research #hardcoded #credentials #secret #packages

·blog.gitguardian.com·Nov 16, 2023

Uncovering thousands of unique secrets in PyPI packages

Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack

During the month of September, an attacker operating under the pseudonym "kohlersbtuh15", attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and the code contained within them, it appears that this attacker targeted developers that use Aliyun services (Alibaba Cloud), telegram, and AWS.

#checkmarx #EN #2023 #PyPi #Supply-chain-attack #kohlersbtuh15

·checkmarx.com·Oct 13, 2023

Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

#securityweek #EN #2023 #macos #phylum #PyPI #NPM #Ruby #Supply-Chain-Attack

·securityweek.com·Sep 6, 2023

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

#phylum #EN #2023 #Supply-Chain-Attack #npm #PyPI #RubyGems #macOS

·blog.phylum.io·Sep 6, 2023

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard

In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases.

#securityboulevard #EN #2023 #Supply-Chain-Attack #VMConnect #PyPI

·securityboulevard.com·Sep 1, 2023

VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard

Six Malicious Python Packages in the PyPI Targeting Windows Users

Malicious packages on PyPI copy W4SP attacks to steal users’ credentials and crypto wallet data. This incident illustrates issues in open-source ecosystems.

#unit42 #EN #2023 #PyPI #W4SP #attacks #packages #Supply-Chain-Attack

·unit42.paloaltonetworks.com·Jul 11, 2023

Six Malicious Python Packages in the PyPI Targeting Windows Users

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.

#sonatype #EN #2023 #PyPI #malware #Supply-Chain-Attack

·blog.sonatype.com·Jun 23, 2023

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild

Follow security researchers as they uncover malicious packages on open-source registries, trace bad actors to Discord, and unveil AI-assisted code.

#hackernoon #EN #2023 #python #PyPI #Supply-Chain-Attack #ChatGPT

·hackernoon.com·May 3, 2023

Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”

The FortiGuard Labs team discovered an attack embedded in three PyPI packages called ‘colorslib’, ‘httpslib’, and “libhttps”. Read our blog to learn more.

#fortinet #EN #2023 #threat-research #Threat-Research #security-attack #libhttps #httpslib #colorslib #python #PyPI

·fortinet.com·Jan 16, 2023

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”

I scanned every package on PyPi and found 57 live AWS keys

After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like: Amazon themselves 😅 Intel Stanford, Portland and Louisiana University The Australian Government General Atomics fusion department Terradata Delta Lake And Top Glove, the worlds largest glove manufacturer 🧤

#tomforb #EN #2022 #leak #scan #AWS #keys #PyPi

·tomforb.es·Jan 7, 2023

I scanned every package on PyPi and found 57 live AWS keys

SentinelSneak: Malicious PyPI module poses as security software development kit

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.

#reversinglabs #EN #2022 #PyPI #Supply-chain-security #Python #exfiltration #module #kit

·blog.reversinglabs.com·Dec 20, 2022

SentinelSneak: Malicious PyPI module poses as security software development kit

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.

#phylum #EN #2022 #Typosquat #Ransomware #PyPI #NPM #Supply-chain-security

·blog.phylum.io·Dec 12, 2022

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM