close
  • Ar chevron_right

    10 malicious Python packages exposed in latest repository attack

    news.movim.eu / ArsTechnica · Tuesday, 9 August - 18:01 · 1 minute

Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common.

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images)

Researchers have discovered yet another set of malicious packages in PyPi , the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.

Check Point Research, which reported its findings Monday , wrote that it didn't know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, and its code is used in more than 390,000 projects. Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects. PePy , a site that estimates Python project downloads, suggests most of the malicious packages saw hundreds of downloads.

Such supply-chain attacks are becoming increasingly common, especially among open source software repositories that support a wide swath of the world's software. Python's repository is a frequent target, with researchers finding malicious packages in September 2017 ; June , July , and November 2021; and June of this year. But trick packages have also been found in RubyGems in 2020 , NPM in December 2021 , and many more open source repositories.

Read 5 remaining paragraphs | Comments

  • Ar chevron_right

    Microsoft says SolarWinds hackers stole source code for 3 products

    news.movim.eu / ArsTechnica · Friday, 19 February, 2021 - 02:20

Shadowy figures stand beneath a Microsoft logo on a faux wood wall.

Enlarge (credit: Drew Angerer | Getty Images )

The hackers behind one of the worst breaches in US history read and downloaded some Microsoft source code, but there’s no evidence they were able to access production servers or customer data, Microsoft said on Thursday. The software maker also said it found no evidence the hackers used the Microsoft compromise to attack customers.

Microsoft released those findings after completing an investigation begun in December, after learning its network had been compromised. The breach was part of a wide-ranging hack that compromised the distribution system for the widely used Orion network-management software from SolarWinds and pushed out malicious updates to Microsoft and roughly 18,000 other customers.

The hackers then used the updates to compromise nine federal agencies and about 100 private-sector companies, the White House said on Wednesday . The federal government has said that the hackers were likely backed by the Kremlin.

Read 7 remaining paragraphs | Comments

index?i=OjpR2G2Rapk:F6CWf-DmhSg:V_sGLiPBpWUindex?i=OjpR2G2Rapk:F6CWf-DmhSg:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Feds say that Russia was “likely” behind months-long hack of US agencies

    news.movim.eu / ArsTechnica · Wednesday, 6 January, 2021 - 04:06

An Orthodox cathedral, complete with onion domes, looks magnificent on a sunny day.

Enlarge / Side view of colorful St. Basil's Cathedral in Moscow on Red Square in front of the Kremlin, Russia. (credit: Getty Images )

Hackers working for the Russian government were “likely” behind the software supply chain attack that planted a backdoor in the networks of 180,000 private companies and governmental bodies, officials from the US National Security Agency and three other agencies said on Tuesday.

The assessment—made in a joint statement that also came from the FBI, the Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence—went on to say that the hacking campaign was a “serious compromise that will require a sustained and dedicated effort to remediate.”

Russia, Russia, Russia

The statement is at odds with tweets from US President Donald Trump disputing the Russian government’s involvement and downplaying the severity of the attack, which compromised the software distribution system of Austin, Texas-based SolarWinds and used it to push a malicious update to almost 200,000 of its customers.

Read 10 remaining paragraphs | Comments

index?i=TnIgmw09oHc:oj2tzziBPto:V_sGLiPBpWUindex?i=TnIgmw09oHc:oj2tzziBPto:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA