• chevron_right

      10 malicious Python packages exposed in latest repository attack

      news.movim.eu / ArsTechnica · Tuesday, 9 August, 2022 - 18:01 · 1 minute

    Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common.

    Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images)

    Researchers have discovered yet another set of malicious packages in PyPi , the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.

    Check Point Research, which reported its findings Monday , wrote that it didn't know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, and its code is used in more than 390,000 projects. Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects. PePy , a site that estimates Python project downloads, suggests most of the malicious packages saw hundreds of downloads.

    Such supply-chain attacks are becoming increasingly common, especially among open source software repositories that support a wide swath of the world's software. Python's repository is a frequent target, with researchers finding malicious packages in September 2017 ; June , July , and November 2021; and June of this year. But trick packages have also been found in RubyGems in 2020 , NPM in December 2021 , and many more open source repositories.

    Read 5 remaining paragraphs | Comments

    • chevron_right

      Feds warn that SolarWinds hackers likely used other ways to breach networks

      Dan Goodin · news.movim.eu / ArsTechnica · Thursday, 17 December, 2020 - 20:56

    Stock photo of a glowing red emergency light

    Enlarge (credit: Getty Images )

    The supply chain attack used to breach federal agencies and at least one private company poses a “grave risk” to the United States, in part because the attackers likely used means other than the SolarWinds backdoor to penetrate networks of interest, federal officials said on Thursday.

    “This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks,” officials with the Cybersecurity Infrastructure and Security Agency wrote in an alert . “It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have not yet been discovered.” CISA, as the agency is abbreviated, is an arm of the Department of Homeland Security.

    Elsewhere, officials wrote: “CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”

    Read 12 remaining paragraphs | Comments

    index?i=kPz2cmrNpcI:9WZr_UMnAr4:V_sGLiPBpWUindex?i=kPz2cmrNpcI:9WZr_UMnAr4:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA