Search cyberveille.decio.ch

Found 46 bookmarks

Custom sorting

The evolutionary tale of a persistent Python threat 

Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft.

#checkmarx #EN #2023 #Supply-chain-attack #malicious #packages #Python

·checkmarx.com·Oct 5, 2023

The evolutionary tale of a persistent Python threat 

Trojanized Free Download Manager found to contain a Linux backdoor

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

#securelist #EN #2023 #Backdoor #Linux #Malware #Supply-chain-attack #Download-Manager

·securelist.com·Sep 14, 2023

Trojanized Free Download Manager found to contain a Linux backdoor

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

#securityweek #EN #2023 #macos #phylum #PyPI #NPM #Ruby #Supply-Chain-Attack

·securityweek.com·Sep 6, 2023

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

#phylum #EN #2023 #Supply-Chain-Attack #npm #PyPI #RubyGems #macOS

·blog.phylum.io·Sep 6, 2023

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard

In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases.

#securityboulevard #EN #2023 #Supply-Chain-Attack #VMConnect #PyPI

·securityboulevard.com·Sep 1, 2023

VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard

Six Malicious Python Packages in the PyPI Targeting Windows Users

Malicious packages on PyPI copy W4SP attacks to steal users’ credentials and crypto wallet data. This incident illustrates issues in open-source ecosystems.

#unit42 #EN #2023 #PyPI #W4SP #attacks #packages #Supply-Chain-Attack

·unit42.paloaltonetworks.com·Jul 11, 2023

Six Malicious Python Packages in the PyPI Targeting Windows Users

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.

#reversinglabs #EN #NPM #Malicious #packages #supplychain #Supply-Chain-Attack

·reversinglabs.com·Jul 7, 2023

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.

#sonatype #EN #2023 #PyPI #malware #Supply-Chain-Attack

·blog.sonatype.com·Jun 23, 2023

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

Hijacking S3 Buckets: New Attack Technique

Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones

#checkmarx #EN #2023 #Hijacking #S3 #Buckets #NPM #Supply-Chain-Attack

·checkmarx.com·Jun 18, 2023

Hijacking S3 Buckets: New Attack Technique

Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild

Follow security researchers as they uncover malicious packages on open-source registries, trace bad actors to Discord, and unveil AI-assisted code.

#hackernoon #EN #2023 #python #PyPI #Supply-Chain-Attack #ChatGPT

·hackernoon.com·May 3, 2023

Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack

Hackers first compromised a different software maker and embedded malware in one of its programs. 3CX got compromised when a worker downloaded that program. It's not known why worker downloaded it.

#zetter #EN #2023 #3CX #Supply-Chain-Attack

·zetter.substack.com·Apr 22, 2023

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack

X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe

North Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector.

#symantec #EN #2023 #North #North-Korea #3CX #X_Trader #Supply-Chain-Attack

·symantec-enterprise-blogs.security.com·Apr 21, 2023

X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts…

#krebsonsecurity #EN #2023 #3CX #Double #Supply-Chain-Attack #North #North-Korea

·krebsonsecurity.com·Apr 21, 2023

3CX Breach Was a Double Supply Chain Compromise

3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible

A software supply chain attack led to another software supply chain attack.

#mandiant #EN #2023 #3CX #analysis #Supply-Chain-Attack

·mandiant.com·Apr 20, 2023

3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible

Hackers compromise 3CX desktop app in a supply chain attack

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.

#bleepingcomputer #EN #2023 #3CX #PBX #Supply-Chain #Supply-Chain-Attack #Voice-over-IP #VoIP

·bleepingcomputer.com·Mar 30, 2023

Hackers compromise 3CX desktop app in a supply chain attack

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.

#bleepingcomputer #EN #2023 #3CX #PBX #Supply-Chain #Supply-Chain-Attack #Voice-over-IP #VoIP

·bleepingcomputer.com·Mar 30, 2023

Hackers compromise 3CX desktop app in a supply chain attack