1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • PyPl suspends new projects and user sign-ups following flood of m

    From TechnologyDaily@1337:1/100 to All on Mon May 22 14:30:04 2023
    PyPl suspends new projects and user sign-ups following flood of malware

    Date:
    Mon, 22 May 2023 13:06:24 +0000

    Description:
    PyPl has now resumed operations following malware-themed fears.

    FULL STORY ======================================================================

    The worlds biggest repository for open-source Python packages, PyPI, disabled new user registrations, and barred existing users from uploading new projects over the weekend, citing an unmanageable flood of malicious code being uploaded to the platform.

    In an announcement posted on the PyPI status page, the organization said: The volume of malicious users and malicious projects being created on the index
    in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave.

    The team planned to re-group over the weekend and soon enough, on Sunday evening (around 10 PM UTC), the suspension was lifted. Supply chain attacks

    Supply chain attacks are all the rage these days, and as a result,
    open-source repositories have become an attractive target for cybercriminals and hackers. These days, most companies are incorporating open-source
    software in their products, at least to some extent. By squeezing malicious packages into the repository, threat actors are hoping IT teams will pick it up, compromising not just the product theyre building, but their entire network and infrastructure.

    Most of the time, malicious actors would engage in typosquatting - creating malicious packages with names almost identical to already existing, benign packages. That way, theyre hoping that reckless, overworked, or understaffed developers wont notice the difference and will pick the wrong package for their solution. Read more

    More PyPI packages stealing data have been discovered


    Malicious PyPi packages turn Discord into password-stealing malware


    Check out the best malware removal

    To build out credibility and have more people download their malware, threat actors would also generate fake reviews and blow up their download numbers with the help of bots and artificial intelligence.

    In recent months, the attacks on Python developers through PyPI have intensified, and we have reported at least six separate incidents that were discovered this year .

    Hackers are usually looking to install infostelaers, which help them steal credentials and access valuable company assets. These are the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/pypl-suspends-new-projects-and-user-sign-ups-fo llowing-flood-of-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)