Unsecured cloud database leaked personal information of over 100m US citizens
The 34GB database contained unencrypted personal and work-related information of millions of individuals.
Read More
Blog
- Home /
- Blog
Some official Python repos were infected with malware
Cybersecurity researchers recently discovered half a dozen typosquatting packages in the official PyPI repository of the Python programming languages that contained cryptomining malware.
The discovery was made by software supply chain automation and security provider Sonatype, which found six malicious packages that used slight variations in the names of popular Python packages to capitalize on users’ spelling mistakes.
In all, the six counterfeit packages garnered over 5000 downloads, once again highlighting the threat to software supply chains.
- These are the best endpoint protection tools
- Here's our choice of the best malware removal software on the market
- Check our list of the best firewall apps and services
“Our analysis tools are consistently catching and blocking counterfeit and malicious software components before they strike modern software supply chains,” writes Sonatype security researcher, Ax Sharma.
Supply chain attacks
Sharma’s analysis shows the fake packages were all submitted by the same author, some dating as far back as April 2021.
This isn’t the first time malicious users have managed to infuse dubious packages inside PyPI, and Sonatype argues it won’t be the last, however unfortunate that might sound.
Reporting on the development, Ars Technica notes the previous attacks on PyPI, adding that malicious code has been found lurking in other public repositories as well, such as RubyGems for the Ruby programming language and npm for the JavaScript language.
While they shouldn’t be taken lightly, the revelations can quickly turn ugly when viewed in context of the recent Veracode finding that suggests a majority of developers never update third-party open source libraries after including them in a codebase.
- Protect your devices with these best antivirus software
Date
24 Jun 2021Sources
Other Blog
-
-
Huge iPad deal: Apple's iPad Pro hits lowest sale price ever at Amazon
The 2020 Apple iPad Pro is on sale and down to a record-low price of $897 in a fantastic deal we've spotted at Amazon.
Read More -
E-book: HR software buying guide
How choosing the right HR software can bring a myriad of benefits to business strategy
Read More -
Microsoft says recent Xbox Live outage was caused by DNS DDoS attack
An “anomalous surge” in DNS queries that came from all over the world forced more than a dozen cloud-based apps offline, including Teams.
Read More
Find Out More About Us
Want to hire best people for your project? Look no further you came to the right place!