Security News

VMware ESXi Servers Encrypted by Lightning-Fast Python Script
2021-10-06 20:34

Researchers have discovered a new Python ransomware from an unnamed gang that's striking ESXi servers and virtual machines with what they called "Sniper-like" speed. While the choice of Python for the ransomware is fairly distinctive, going after ESXi servers is anything but.

Ransomware gang encrypts VMware ESXi servers with Python script
2021-10-05 13:00

Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers. While the Python programming language is not commonly used in ransomware development, it is a logical choice for ESXi systems, seeing that such Linux-based servers come with Python installed by default.

Credit-card-stealing, backdoored packages found in Python's PyPI library hub
2021-08-02 18:58

Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository for Python. A package dubbed noblesse, and five variants, would, we're told, look on Windows systems for Discord authentication tokens, and browser-stored credit card numbers, and siphon them off to remote systems.

PyPI Python Package Repository Patches Critical Supply Chain Flaw
2021-08-02 03:50

The maintainers of Python Package Index last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanese security researcher RyotaK, who in the past has disclosed critical vulnerabilities in the Homebrew Cask repository and Cloudflare's CDNJS library.

Several Malicious Typosquatted Python Libraries Found On PyPI Repository
2021-07-30 01:18

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. PyPI, short for Python Package Index, is the official third-party software repository for Python, with package manager utilities like pip relying on it as the default source for packages and their dependencies.

Cryptominers Slither into Python Projects in Supply-Chain Campaign
2021-06-22 19:27

A group of cryptominers was found to have infiltrated the Python Package Index, which is a repository of software code created in the Python programming language. It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects.

Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities
2021-06-03 10:01

New upgrades have been made to a Python-based "Self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code," researchers from Cisco Talos said in a deep-dive published today.

Python also impacted by critical IP address validation vulnerability
2021-05-01 13:16

The Python standard library ipaddress also suffers from the critical IP address validation vulnerability identical to the flaw that was reported in the "Netmask" library earlier this year. The researchers who had discovered the critical flaw in netmask, also discovered the same flaw in this Python module and have procured a vulnerability identifier: CVE-2021-29921.

Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules
2021-03-07 23:43

If you suddenly realise you want to use Python module called asteroid, for example, you can just do pip install asteroid, after which your own Python programs can say import asteroid, and start making use of the package. A third sort of supply chain attack - one that is rather less sophisticated and has no guarantee of success, yet is extremely easy to pull off - is to create a fake package with a misleading name that users in a hurry might download and install by mistake.

Happy birthday, Python, you're 30 years old this week: Easy to learn, and the right tool at the right time
2021-02-20 13:10

"I do believe that Python just doesn't have the right priorities these days," said Armin Ronacher, director of engineering at software monitoring biz Sentry and creator of Flask, the popular Python web app framework, in an email interview with The Register. The shortcomings of Python's software packaging tools - the software used to set up Python environments and to download, install, and manage libraries - have been an issue for years.