Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
By Deeba Ahmed Dubbed PY#RATION by researchers; the new Python malware is equipped with RAT behaviour and info-stealing capabilities. This is a post from HackRead.com Read the original post: New Python Malware Targeting Windows Devices
Continue ReadingIn this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique tactic. Sonatype calls them RAT mutants because they’re a mix of remote access trojans and information stealers. The post A closer look at malicious packages targeting Python developers […]
Continue ReadingBy Deeba Ahmed These packages were uploaded between the 7th and 12th of January 2023 with the names “colorslib,” “httpslib,” and “libhttps.” This is a post from HackRead.com Read the original post: Malicious PyPI Packages Drop Malware in New Supply Chain Attack
Continue ReadingBy Waqas Threat actors are using steganography to hide malicious code in images. This is a post from HackRead.com Read the original post: GitHub Abused to Distribute Malicious Packages on PyPI in Image Files
Continue ReadingBy Waqas It has been identified that these malicious packages are downloaded over 29 million times each day. This is a post from HackRead.com Read the original post: Python Developers Beware: Malicious Packages are Swapping Out Your Crypto Addresses
Continue ReadingCybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer. “It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on […]
Continue Reading
En septembre 2022, Trellix a publié un rapport sur une vulnérabilité du module tarfile, qui fait partie de la bibliothèque standard du langage de programmation Python et que n’importe qui peut utiliser. La vulnérabilité permet l’écriture d’un fichier arbitraire dans un dossier arbitraire sur le disque dur et, dans certains cas, l’exécution d’un code malveillant. […]
Continue ReadingThe cybersecurity researchers at Trellix have recently identified a 15-year-old Python bug that has been found to potentially impact 350,000 open-source repositories. There is a possibility that this bug could lead to the execution of code. This 15-year-old Python bug was disclosed in 2007 and has been tracked as CVE-2007-4559. Despite this, no patch was […]
Continue ReadingMore than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. The issue is a Directory traversal vulnerability that resides in the ‘extract’ […]
Continue ReadingTrellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. Successful exploit The vulnerability exists in the Python tarfile module which is a default module in any project using Python and is found extensively in frameworks created by Netflix, AWS, […]
Continue Reading