Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

June 3, 2024 at 10:25AM Cybersecurity researchers found a suspicious package in the npm registry called glup-debugger-log, disguising as a toolkit logger. It has been downloaded 175 times and contains obfuscated files deploying a remote access trojan. The package uses a series of checks before launching a JavaScript file for persistence and executing arbitrary commands. … Read more

Cybercriminals Abuse StackOverflow to Promote Malicious Python Package

May 29, 2024 at 01:51PM Cybersecurity researchers have discovered a malicious Python package, “pytoileur,” in the Python Package Index repository, aiming to enable cryptocurrency theft. The package’s code executes a Base64-encoded payload to retrieve a Windows binary from an external server, establishing persistence and dropping spyware and data-stealing malware. This method signifies an unprecedented abuse … Read more

Why CVEs Are an Incentives Problem

May 29, 2024 at 10:03AM The book “Freakonomics” applies economic principles to social phenomena, emphasizing the impact of incentives on decision-making. The rising number of reported software vulnerabilities (CVEs) raises concerns about the cybersecurity ecosystem and the incentive structure influencing vulnerability reporting. Issues include gaming the system for recognition, lack of accountability in submissions, and … Read more

Five Core Tenets Of Highly Effective DevSecOps Practices

May 21, 2024 at 08:06AM The text discusses the challenge of making modern applications more secure without disrupting the high-velocity DevOps processes. It emphasizes the critical importance of building and running a DevSecOps practice, highlighting five guiding principles: establishing a security-minded culture, shifting security left, maintaining governance and guardrails, securing the software supply chain, and … Read more

OpenSSF sings a Siren song to steer developers away from buggy FOSS

May 20, 2024 at 07:14PM The Open Source Security Foundation (OpenSSF) launches OpenSSF Siren, aiming to share threat intelligence and fill the gap between open-source and enterprise communities. It seeks to provide real-time security warnings, community-driven knowledge base, and encourage sign-ups from FOSS developers and security teams. The initiative focuses on sharing attack tactics and … Read more

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024 at 08:12AM Developers often rely on open-source components, which account for the majority of modern software. However, vulnerabilities often stem from these components. GitGuardian’s Software Composition Analysis (SCA) enables developers to scan for CVEs before committing code, ensuring early detection and prevention of known vulnerabilities. GitGuardian SCA is available for a 2-week … Read more

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

May 13, 2024 at 03:09AM Cybersecurity researchers discovered a malicious Python package, requests-darwin-lite, concealing a Golang version of the Sliver command-and-control framework within a PNG image of the project’s logo. The package, downloaded 417 times before being removed, aimed to gather system identifiers and raise concerns about open-source malware distribution. (Words: 50) From the meeting … Read more

Tech Companies Promise Secure by Design Products

May 9, 2024 at 10:37AM Over 60 vendors have pledged to develop secure products as part of the “Secure by Design” initiative led by CISA. The focus is on addressing security as a core business requirement, with the onus on manufacturers rather than individual users. Signatories are asked to consider and demonstrate progress towards seven … Read more

CISA says ‘no more’ to decades-old directory traversal bugs

May 6, 2024 at 09:44AM CISA urges the software industry to eliminate directory traversal vulnerabilities, which allow users to access and manipulate data. Exploits can lead to data theft and system compromise, posing a heightened threat to critical organizations including healthcare and cloud services. CISA recommends specific mitigations such as using ransom identifiers for files … Read more

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

May 3, 2024 at 01:21AM HPE Aruba Networking has released critical security updates for ArubaOS to address 10 security flaws, including four rated as severe threats. These vulnerabilities allow remote code execution and affect various software versions, impacting devices managed by Aruba Central. Security researcher Chancen discovered seven of the issues. Users are urged to … Read more