Security News
Yesterday, developers took notice of two hugely popular Python and PHP libraries, respectively, 'ctx' and 'PHPass' that had been hijacked, as first reported in the news by BleepingComputer. According to the hacker, rather "Security researcher," this was a bug bounty exercise and no malicious activity was intended.
The threat actor even replaced the older, safe versions of 'ctx' with code that exfiltrates the developer's environment variables, to collect secrets like Amazon AWS keys and credentials. Versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets in a similar fashion.
The new PyScript project lets you embed Python programs directly in HTML pages and execute them within the browser without any server-based requirements. "PyScript is a framework that allows users to create rich Python applications in the browser using a mix of Python with standard HTML." explains Anaconda in a recent blog post.
Yesterday, following a DMCA complaint from HackerRank, GitHub took down a repository that hosts the official SymPy project documentation website. It turns out the DMCA complaint was filed by HackerRank's outsourced contractor, WorthIT Solutions, who regularly handles such takedown requests for HackerRank.
Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser. "The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack," Assaf Morag, a data analyst at Aqua Security, said in a report.
For anyone with interest in cybersecurity, learning Python is a must. The language is used extensively in white hat hacking, and professionals use Python scripts to automate tests.
GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposedGoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. Malicious Python packages employ advanced detection evasion techniquesJFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over 41,000 times.
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over 41,000 times. This is not the first time that malicious packages have been successfully introduced into online package repositories and will surely not be the last.
Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible disclosure by DevOps firm JFrog -.
A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305, involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution.