Security News

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
2023-09-11 14:22

A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "Swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' accounts. "Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a multi-stage process full of simple yet effective obfuscation methods," Guardio Labs researcher Oleg Zaytsev said in an analysis published over the weekend.

New Python Variant of Chaes Malware Targets Banking and Logistics Industries
2023-09-05 12:19

Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. A subsequent analysis from Avast in early 2022 found that the threat actors behind the operation, who call themselves Lucifer, had breached more than 800 WordPress websites to deliver Chaes to users of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago.

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository
2023-08-31 12:46

Three additional rogue Python packages have been discovered in the Package Index repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. First disclosed at the start of the month by the company and Sonatype, VMConnect refers to a collection of Python packages that mimic popular open-source Python tools to download an unknown second-stage malware.

Microsoft Excel to let you run Python scripts as formulas
2023-08-22 14:51

Even if you join the Microsoft 365 Insiders Beta channel to test the new feature, there is no guarantee that Python in Excel will be available, as Microsoft is rolling it out slowly to test the feature. The new Python in Excel feature brings a new 'PY' function that allows users to embed Python code directly in a cell to be executed like any macro or regular Excel function.

New Python URL Parsing Flaw Could Enable Command Execution Attacks
2023-08-12 06:03

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution. "Urlparse has a parsing problem when the entire URL starts with blank characters," the CERT Coordination Center said in a Friday advisory.

Socket moves beyond JavaScript and Python and gets into Go
2023-08-02 01:58

CEO, fresh with funds, lays out the dependency dilemma Interview Open source security biz Socket is extending its source code dependency checker, which previously addressed only JavaScript and...

Sneaky Python package security fixes help no one – except miscreants
2023-07-26 07:28

Python security fixes often happen through "Silent" code commits, without an associated Common Vulnerabilities and Exposures identifier, according to a group of computer security researchers. In a preprint paper titled, "Exploring Security Commits in Python," Shiyu Sun, Shu Wang, Xinda Wang, Yunlong Xing, Kun Sun from George Mason University, and Elisa Zhang from Dougherty Valley High School, all in the United States, propose a remedy: a database of security commits called PySecDB to make Python code repairs more visible to the community.

Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining
2023-07-12 07:39

A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. "The attack consists of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique," security researchers Avigayil Mechtinger, Oren Ofer, and Itamar Gilad said.

New Python tool checks NPM packages for manifest confusion issues
2023-07-04 11:01

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry. The problem is with the inconsistent information between a package's manifest data as displayed in the NPM registry and the data present in the 'package.

Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
2023-06-01 12:16

Researchers have discovered a novel attack on the Python Package Index repository that employs compiled Python code to sidestep detection by application security tools. PYC files are compiled bytecode files that are generated by the Python interpreter when a Python program is executed.