Solana Web3.js library backdoored to steal secret, private keys

December 4, 2024 at 12:33PM The Solana JavaScript SDK was compromised in a supply chain attack, enabling the theft of cryptocurrency private keys through malicious code in versions 1.95.6 and 1.95.7 of the library. Developers are urged to update to version 1.95.8 and rotate keys to safeguard their assets. Stolen assets are valued at approximately … Read more

The Future of Serverless Security in 2025: From Logs to Runtime Protection

November 28, 2024 at 06:51AM Serverless environments, like AWS Lambda, face significant security challenges under traditional log-based and static analysis methods. Sweet Security’s innovative sensor provides real-time monitoring of internal operations, detecting and blocking threats such as code injections and misuse of vulnerable libraries, enabling organizations to secure serverless computing effectively. ### Meeting Takeaways: Cloud … Read more

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot

November 25, 2024 at 10:00AM The Python Package Index (PyPI) has quarantined the malicious “aiocpa” package, which was updated to exfiltrate private keys via Telegram. Originally released in September 2024 and downloaded 12,100 times, the malicious code was hidden in an obfuscated script. This incident underscores the need for thorough source code scanning. **Meeting Takeaways: … Read more

LottieFiles Issues Warning About Compromised “lottie-player” npm Package

October 31, 2024 at 10:39AM LottieFiles announced that its npm package “lottie-player” was compromised in a supply chain attack, leading to unauthorized, malicious versions that prompted users to connect cryptocurrency wallets. Users of versions 2.0.5, 2.0.6, and 2.0.7 should update to 2.0.8. The company is investigating with an external team. ### Meeting Takeaways – October … Read more

Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI

October 2, 2024 at 08:39AM Python packages linking to dependencies with cryptocurrency-stealing code were uploaded to PyPI, targeting cryptocurrency wallets. This poses a security threat to users. (45 words) Based on the meeting notes, it appears that there are concerns about Python packages on PyPI containing cryptocurrency-stealing code. These packages pose a potential threat, particularly … Read more

GenAI Writes Malicious Code to Spread AsyncRAT

September 26, 2024 at 08:25AM Threat actors have leveraged generative artificial intelligence (GenAI) to create and spread malicious code, using it to write VBScript and JavaScript for the distribution of the AsyncRAT. The attackers’ use of GenAI was identified by researchers from HP Wolf Security, signifying a concerning advancement in attackers’ methods. This technological development … Read more

Hackers deploy AI-written malware in targeted attacks

September 24, 2024 at 01:06PM Researchers discovered malicious code targeting French users created with the help of generative AI to distribute the AsyncRAT malware. Despite safeguards, AI-generated malware has been found in real attacks. Cybercriminals are increasingly using generative AI to produce malware, employing tactics like HTML smuggling to deliver password-protected files. This trend is … Read more

Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town

September 23, 2024 at 02:51AM Attackers are using a new post-exploitation tool called Splinter to infiltrate and disrupt victims’ IT environments. The malicious tool can execute Windows commands, steal files, collect cloud service account info, and download additional malware. Unlike Cobalt Strike, Splinter poses a potential threat to organizations and remains undetected on victims’ networks. … Read more

Attacks on Bytecode Interpreters Conceal Malicious Injection Activity

August 1, 2024 at 06:05PM Japanese researchers will demonstrate at Black Hat USA how attackers can insert malicious commands into the machine code of software interpreters, like VBScript and Python, to execute malicious code undetected. By exploiting the lack of bytecode scanning in security software, attackers can hide their activity, posing a significant supply chain … Read more

Targeted PyPi Package Steals Google Cloud Credentials from macOS Devs

July 26, 2024 at 04:55PM Researchers discovered a Python package called “lr-utils-lib” on PyPi, designed to target specific macOS machines and steal Google Cloud Platform credentials. The package conceals malicious code in its setup, posing as a legitimate package, and uses social engineering tactics. The campaign is unique due to its highly targeted nature, posing … Read more