Security News
The malware's emergence dovetails with a change in the chain of infection and an expansion of infrastructure for the APT. According to researchers at Cybereason, PyVil RAT enables the attackers to exfiltrate data, perform keylogging and take screenshots, and can roll out secondary credential-harvesting tools such as LaZagne. The latest series of campaigns observed by Cybereason that use PyVil RAT are widespread yet targeted, taking aim at FinTech companies across the U.K. and E.U. The attack vector is spear-phishing emails, which use the Know Your Customer regulations as a lure.
Facebook has announced the availability of Pysa, an open-source tool designed for the static analysis of Python code. The security-focused tool relies on Pyre, Facebook's type checker for Python, and allows for the analysis of how data flows through code.
Need a tool to check your Python-based applications for security issues? Facebook has open-sourced Pysa, a tool that looks at how data flows through the code and helps developers prevent data flowing into places it shouldn't. "Pysa tracks flows of data through a program. The user defines sources as well as sinks," Facebook security engineer Graham Bleaney and software engineer Sinan Cepel explained.
Windows users under attack via two new RCE zero-daysAttackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems. Widely available ICS attack tools lower the barrier for attackersThe general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology networks and industrial control systems.
Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region. Python backdoor scripts are easy to find - a simple GitHub search turns up more than 200.
Tech education firm O'Reilly has released its annual study of how students used its platform in the past year, and its findings deserve attention from tech decision makers. The report, which combines both usage and search data from O'Reilly's online learning platform, paints an excellent picture of what's trending in the tech world.
This week we discuss the IT exec who scammed his employer out of $6m with fake invoices and the death of Python. Peter also shares two of his latest investigations from the ransomware swamp.
Given that Python 2 has been replaced by Python 3 without any interruption, and given that nothing bad happened when Python 1 switched over to Python 2 around the turn of the millennium, why is the "Death" of Python 2 such a big deal now? When Python 2 came along, it was a natural progresion from Python 1, and software written in Python 1 was, essentially, already valid Python 2.
Python developers have once again fallen victim to malicious software libraries lurking in their favourite package manager.
Saturn Cloud, a provider of data science tools, announced it has launched the first-ever commercial offering of Dask, a Python-native parallel computing framework for scalable data science. This...