Security News
Malicious actors have published more than 451 unique Python packages on the official Python Package Index repository in an attempt to infect developer systems with clipper malware. Targeted web browsers include Google Chrome, Microsoft Edge, Brave, and Opera, with the malware modifying browser shortcuts to load the add-on automatically upon launch using the "-load-extension" command line switch.
Malware developers and penetration testers are in high demand across dark web job posting sites, with a few astonishing - but mostly average - wages. The report found that many ads mirror the style of legitimate IT job postings but with a couple big exceptions: all the work is remote by default, and - for obvious reasons - there are no formal employment contracts for these illegal gigs.
An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security for over 60% of organizations that adopted it. "Awareness is a primer for knowledge, but to truly shift the paradigm and solve the AppSec dilemma, the focus must change from 'awareness' of AppSec to 'in-depth knowledge' and training developers on secure coding practices is the next step in security awareness programs. Vulnerabilities detected earlier in development are easier to resolve and far less costly. And this requires a programmatic and continuous approach to application security education and specifically secure coding training for developers," Baker continued.
The packages - named colorslib, httpslib, and libhttps - by the author between January 7, 2023, and January 12, 2023. The modules come with identical setup scripts that are designed to invoke PowerShell and run a malicious binary hosted on Dropbox, Fortinet disclosed in a report published last week.
A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. VS Code extensions, curated via a marketplace made available by Microsoft, allow developers to add programming languages, debuggers, and tools to the VS Code source-code editor to augment their workflows.
Threat actors have published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client for the trusted American cybersecurity firm but, in reality, steals data from developers. The attack was discovered by ReversingLabs, which confirmed the malicious functionality and reported the package to SentinelOne and PyPi, leading to the removal of the package.
An active malware campaign is targeting the Python Package Index and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. According to Phylum, the rogue packages embed source code that retrieves Golang-based ransomware binary from a remote server depending on the victim's operating system and microarchitecture.
It's becoming apparent that while cybersecurity platforms and defenses are critical components in defense against modern attacks, what is truly needed is secure code that can be deployed free from vulnerabilities. Many developers say they are willing to champion security and commit to higher standards of code quality and secure output, but they can't do it alone.
It's becoming apparent that while cybersecurity platforms and defenses are critical components in defense against modern attacks, what is truly needed is secure code that can be deployed free from vulnerabilities. Many developers say they are willing to champion security and commit to higher standards of code quality and secure output, but they can't do it alone.
An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technical write-up, calling the adversary WASP. "The attack seems related to cybercrime as the attacker claims that these tools are undetectable to increase sales."