typosquatting

  • Authors/Presenters: *Shradha Neupane, Grant Holmes, Elizabeth Wyss, Drew Davidson, Lorenzo De Carli Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

    Read More

  • Lessons from the PyPI Breach for Open-Source and AI/ML Security This is the first of a two-part blog series addressing key lessons learned from the PyPI security incidents. This first blog post explains the nature of the “typosquatting” adversary technique used to target the Python Package Index (PyPI) and its significant impact on AI/ML development.…

    Read More

  • Highlights: PiPI is one of the largest Indexes, with more than 800,000 users Check Point CloudGuard identified a typosquatting campaign on PyPI, comprising over 500 malicious packages. Installation of these packages exposed users to potential theft of their personally identifiable information (PII) and the installation of malware on their systems. Upon detection, we promptly notified…

    Read More

  • “A 20-year-old Trojan resurfaced recently,” reports Dark Reading, “with new variants that target Linux and impersonate a trusted hosted domain to evade detection.” Researchers from Palo Alto Networks spotted a new Linux variant of the Bifrost (aka Bifrose) malware that uses a deceptive practice known as typosquatting to mimic a legitimate VMware domain, which allows…

    Read More

  • ReversingLabs points out that these type of malicious supply chain attacks are now available to low-skill threat actors and script kiddies.

    Read More

  • ReversingLabs researchers have identified a new, malicious supply chain attack affecting the npm platform. The “typosquatting” campaign first appeared in August and pushed a malicious package, node-hide-console-windows, which downloaded a Discord bot that facilitated the planting of an open source rootkit, r77.

    Read More