python
-
Sep 23, 2024Ravie LakshmananSoftware Security / Supply Chain
-
Learn how to craft fake IP addresses to test network security. Utilize Scapy and Faker in a hands-on tutorial to send spoofed ICMP packets, complete with practical examples and step-by-step instructions. Published in · 6 min read · Just now In this tutorial, we will learn how to spoof our IP addresses in Python. Spoofing…
-
Executive Summary Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. We’ve named these infected software packages PondRAT. We’ve also found Linux variants of POOLRAT, a known macOS remote administration tool (RAT) previously attributed to Gleaming Pisces (aka Citrine…
-
Unit 42 researchers have uncovered a new cyberattack campaign by the North Korean-affiliated APT group, Gleaming Pisces, targeting Linux and macOS systems via poisoned Python packages. The campaign involves the distribution of malicious software packages through the PyPI repository, delivering a backdoor known as PondRAT. This backdoor is a lighter version of POOLRAT, a remote…
-
========================================================================== Ubuntu Security Notice USN-7015-2 September 19, 2024 python2.7, python3.5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 22.04 LTS – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS – Ubuntu 16.04 LTS Summary: Several security issues were fixed in Python. Software Description: – python2.7: An interactive high-level object-oriented…
-
Releases Packages python2.7 – An interactive high-level object-oriented language python3.5 – An interactive high-level object-oriented language Details USN-7015-1 fixed several vulnerabilities in Python. This update providesone of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second forpython3.5 for Ubuntu 16.04 LTS.
-
MalBot September 18, 2024, 9:05am 1 A few months ago, I wrote a diary[1] about a Python script that replaced the Exodus[2] Wallet app with a rogue one on macOS. Infostealers are everywhere these days. They target mainly browsers (cookies, credentials) and classic applications that may handle sensitive information. Cryptocurrency wallets are another category of applications…
-
Learn how to uncover hidden Wi-Fi networks using Python and Scapy. This tutorial debunks the security myth of hidden SSIDs and guides you through setting up your adapter in monitor mode to detect and log hidden networks, emphasizing practical network analysis and security assessment. Published in · 7 min read · 2 days ago In…
-
========================================================================== Ubuntu Security Notice USN-7015-1 September 16, 2024 python3.10, python3.12, python3.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 24.04 LTS – Ubuntu 22.04 LTS – Ubuntu 20.04 LTS Summary: Several security issues were fixed in Python. Software Description: – python3.12: An interactive high-level object-oriented language – python3.10:…
-
Releases Packages python3.10 – An interactive high-level object-oriented language python3.12 – An interactive high-level object-oriented language python3.8 – An interactive high-level object-oriented language Details It was discovered that the Python email module incorrectly parsed emailaddresses that contain special characters. A remote attacker could possiblyuse this issue to bypass certain protection mechanisms. (CVE-2023-27043)
-
A recent report from Xavier Mertens, a Senior ISC Handler and Freelance Cyber Security Consultant, sheds light on a concerning trend in the cyber threat landscape. Cybercriminals are increasingly utilizing legitimate Python libraries in malicious scripts, leveraging their capabilities to execute harmful activities without raising suspicion. The report highlights several Python libraries frequently abused by…
-
JavaScript, Python and Java Among Tops in Language Rankings – The New Stack
-
“New malicious software packages tied to the North Korean Lazarus Group were observed posing as a Python coding skills test for developers seeking a new job at Capital One, but were tracked to GitHub projects with embedded malware,” reports SC magazine: Researchers at ReversingLabs explained in a September 10 blog post that the scheme was…
-
How To Use Python pip (and Why You Need To) – The New Stack
-
In today’s digital world, it’s easy for just about anyone to create a mobile app or write software, thanks to Java, JavaScript, Python, and other programming languages.
-
A recent report from Xavier Mertens, a Senior ISC Handler and Freelance Cyber Security Consultant, sheds light on a concerning trend in the cyber threat landscape. Cybercriminals are increasingly utilizing legitimate Python libraries in malicious scripts, leveraging their capabilities to execute harmful activities without raising suspicion. The report highlights several Python libraries frequently abused by…
-
For blockchain developers who prefer working with Python, BSV blockchain now has an SDK especially for you. Released this week, the Python SDK makes it much easier to use Simplified Payment Verification (SPV) to build peer-to-peer applications that make the most of BSV’s main advantages: speed, efficiency, privacy, and scalability.
-
A new report from ReversingLabs has uncovered a sophisticated cyber campaign targeting developers, using fake recruiter tactics to deliver malicious Python packages. Linked to North Korea’s Lazarus Group, this campaign builds on previous attacks first identified in 2023, known as VMConnect.
-
In an ongoing campaign suspected to be linked to North Korea’s Lazarus Group, malicious actors are using fake job interviews and coding tests to trick developers into downloading and executing malware. The campaign, dubbed VMConnect, has been observed since August 2023 and has now been linked to several targeted attacks on Python developers.
-
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.