Security News > 2023 > May

The Python Package Index announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication by the end of the year. "Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage," PyPI administrator Donald Stufft said.

Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers' safety.

Survey findings highlighted that, while M&E organizations are still relatively new to cloud storage, public cloud storage use is on the rise, with 89% of respondents looking to increase or maintain their cloud services. "The media and entertainment industry is a key vertical for cloud storage services, driven by the need for accessibility to large media files among multiple organizations and geographically distributed teams," said Andrew Smith, senior manager of strategy and market intelligence at Wasabi Technologies, and a former IDC analyst.

65% of organizations in the enterprise sector suffered a cyberattack within the last 12 months, which is similar to the results among companies of all sizes, according to Netwrix. Larger organizations are a more frequent target for cyberattacks.

Over the past year, 4 in 5 financial companies had experienced an increase in the number of verification cases involving foreign documents, according to Regula. It appears that Financial Services companies are grappling with a surge in foreign document verification cases, with 80% of them reporting an increase, particularly in countries like France, Turkey, and the USA-the country most visited by digital nomads as of March 2023.

A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files. D0x has developed a clever phishing toolkit that lets you create fake in-browser WinRar instances and File Explorer Windows that are displayed on ZIP domains to trick users into thinking they are opened.

PyPI is a software repository for packages created in the Python programming language. The PyPI team says the decision to make 2FA mandatory on all accounts is part of their long-term commitment to enhancing security on the platform, complementing previous measures taken in that direction, like blocking compromised credentials and supporting API tokens.

Wireless Broadband Alliance CEO on key drivers for Wi-Fi adoption in enterprise networksThis Help Net Security interview with Tiago Rodrigues, CEO at Wireless Broadband Alliance, delves into the future of enterprise networking, exploring the significant role of Wi-Fi 6E and Private 5G. Navigating the quantum leap in cybersecurityIn this Help Net Security interview, we sit down with Dr. Atsushi Yamada, the newly appointed CEO of ISARA, a security solutions company specializing in creating quantum-safe cryptography. Barracuda email security appliances hacked via zero-day vulnerabilityA vulnerability in Barracuda Networks' Email Security Gateway appliances has been exploited by attackers, the company has warned.

CISA warned of a recently patched zero-day vulnerability exploited last week to hack into Barracuda Email Security Gateway appliances. Federal Civilian Executive Branch Agencies agencies must patch or mitigate the vulnerability as ordered by the BOD 22-01 binding operational directive.

The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software. Windows applications will prioritize DLLs in the same folder as the executable, loading them before all others.