Images weaponised in latest supply chain attack

A series of malicious packages disguised as legitimate software have been discovered in the npm registry by cybersecurity firm Phylum.

The packages – identified on 13 July 2024 – contained hidden command and control functionality embedded within image files, executed during the installation process.

Phylum researchers uncovered two packages in this campaign, with one named "img-aws-s3-object-multipart-copy" mimicking a legitimate GitHub library. The malicious version...

16 July 2024 | Hacking & Security

GitLab update addresses pipeline execution vulnerability

GitLab has released critical security updates to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to run pipeline jobs as arbitrary users.

The company strongly recommends all GitLab installations be upgraded immediately to the latest versions: 17.1.2, 17.0.4, or 16.11.6 for both Community Edition (CE) and Enterprise Edition (EE).

The most critical vulnerability (CVE-2024-6385) affects GitLab versions 15.8 to 17.1.1. With a CVSS...

11 July 2024 | Developer

Critical OpenSSH vulnerability threatens millions of Linux systems

A severe vulnerability in OpenSSH's server (sshd) has been uncovered by Qualys’ Threat Research Unit (TRU), potentially affecting over 14 million Linux systems worldwide. The flaw, designated as CVE-2024-6387, allows for remote unauthenticated code execution (RCE) with root privileges on glibc-based Linux systems.

This vulnerability, stemming from a signal handler race condition, impacts sshd in its default configuration. Qualys researchers have identified approximately 700,000...

1 July 2024 | Developer

Optus breach is a wake-up call for secure coding practices

A “coding error” in Optus Mobile's systems led to a massive data breach affecting over nine million customers, sparking a lawsuit from the Australian Communications and Media Authority (ACMA).

The case, filed under number VID429/2024 in the Federal Court of Australia, highlights the severe consequences of software vulnerabilities in large-scale systems.

The breach, which affected over nine million Optus users, was caused by a seemingly simple coding error—a stark...

21 June 2024 | Approaches

Hackers are increasingly exploiting packers to spread malware

Cybersecurity researchers from Check Point have uncovered an increasing trend of hackers exploiting commercial packing tools like BoxedApp to conceal and distribute various malware strains. Over the past year, a significant surge in the abuse of BoxedApp products has been observed, particularly in attacks targeting financial institutions and government organisations.

BoxedApp offers a range of commercial packers – including BoxedApp Packer and BxILMerge – which provide...

6 June 2024 | Developer

Sonatype exposes malicious PyPI package ‘pytoileur’

Sonatype has exposed 'pytoileur', a malicious PyPI package designed to download and install trojanised Windows binaries capable of surveillance, commandeering persistence, and stealing cryptocurrency. This discovery is part of a broader, months-long "Cool package" campaign aimed at infiltrating the coding community.

Yesterday, an automated malware detection system operated by Sonatype, known as the Sonatype Repository Firewall, flagged a newly published PyPI package called...

29 May 2024 | Hacking & Security

Phylum uncovers targeted malware disguised in Python package

Phylum’s cybersecurity experts have detected a malicious payload embedded within a popular Python package on the PyPI repository. The package, named requests-darwin-lite, is an unauthorised variant of the widely-used requests library.

The requests-darwin-lite package was cleverly designed to emulate its legitimate counterpart but included a Go binary concealed within an oversized image file pretending to be a simple logo. This file – a PNG labelled as a sidebar image –...

13 May 2024 | Hacking & Security

CISA sounds alarm on critical GitLab flaw under active exploit

The US Cybersecurity and Infrastructure Security Agency (CISA) has labelled a critical vulnerability affecting the popular Git-based repository manager GitLab as a Known Exploited Vulnerability (KEV). The move comes in response to active exploitation attempts detected in the wild, underscoring the urgency for organisations to promptly apply security updates.

Tracked as CVE-2023-7028, the severe flaw (CVSS score: 10.0) could enable adversaries to take over user accounts by sending...

2 May 2024 | Developer

Google blocked 2M malicious apps from the Play Store in 2023

Google blocked 2.28 million policy-violating apps from being published on the Play Store in 2023, thanks to improved security measures and tighter developer vetting processes. The company rejected or had developers remediate almost 200,000 app submissions to prevent abuse of sensitive permissions like location tracking and SMS access.  

The company says providing a safe and trusted Play Store experience is its top priority, underpinned by principles to "safeguard users",...

30 April 2024 | Android

GitHub’s 2FA rollout boosts supply chain security

In a push to enhance the security of the software supply chain, GitHub has successfully rolled out mandatory two-factor authentication (2FA) for code contributors on its platform.

GitHub’s 2FA rollout – announced in May 2022 – aimed to address the critical first link in the software supply chain by securing the developers responsible for designing, building, and maintaining the software we all rely on.

The results are in

After a year of meticulous preparation,...

25 April 2024 | Developer