Python Archives - Help Net Security

Python

Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)

September 22, 2022

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in …

Phishing PyPI users: Attackers compromise legitimate projects to push malware

August 25, 2022

PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …

Python packages with malicious code expose secret AWS credentials

June 27, 2022

Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and …

Hijacking of popular ctx and phpass packages reveals open source security gaps

May 26, 2022

The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …

Attackers employ novel methods to backdoor French organizations

March 21, 2022

An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. How the …

Malicious Python packages employ advanced detection evasion techniques

November 22, 2021

JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …

Trojan Source bugs may lead to extensive supply-chain attacks on source code

November 2, 2021

Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …

Panther for AWS allows security teams to monitor their AWS infrastructure in real-time

October 13, 2021

Panther Labs announced Panther for AWS security, a security logging solution designed for AWS security teams. Now, AWS security teams will have a single platform for …

Infoworks 5.0 accelerates and lowers cost of cloud migration and analytics deployment

October 10, 2021

Infoworks announced Version 5.0 – the latest release of the company’s comprehensive software solution for automated cloud migration and enterprise data operations. As …

Researchers discover ransomware that encrypts virtual machines hosted on an ESXi hypervisor

October 7, 2021

Sophos has released details of a new ransomware written in Python that attackers used to compromise and encrypt virtual machines hosted on an ESXi hypervisor. The report …

Granulate gProfiler provides support to Graviton processors to improve code quality

September 4, 2021

Granulate announced the latest addition to its gProfiler, which now provides support to Graviton processors. With this new addition to gProfiler, organizations running …

Granulate adds Kubernetes filtering feature to open-source gProfiler

August 27, 2021

Granulate released new Kubernetes filters feature to the company’s gProfiler. gProfiler is an open-source production profiling solution that measures the performance of code …

Python

Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)

Phishing PyPI users: Attackers compromise legitimate projects to push malware

Python packages with malicious code expose secret AWS credentials

Hijacking of popular ctx and phpass packages reveals open source security gaps

Attackers employ novel methods to backdoor French organizations

Malicious Python packages employ advanced detection evasion techniques

Trojan Source bugs may lead to extensive supply-chain attacks on source code

Panther for AWS allows security teams to monitor their AWS infrastructure in real-time

Infoworks 5.0 accelerates and lowers cost of cloud migration and analytics deployment

Researchers discover ransomware that encrypts virtual machines hosted on an ESXi hypervisor

Granulate gProfiler provides support to Graviton processors to improve code quality

Granulate adds Kubernetes filtering feature to open-source gProfiler

Don't miss

MS SQL servers are getting hacked to deliver ransomware to orgs

The various ways ransomware impacts your organization

Making a business case for security in a world of tightening budgets

The key differences between a business continuity plan and a disaster recovery plan

Why zero trust should be the foundation of your cybersecurity ecosystem