The sale of credentials is a very active illicit market place. Now the cyber criminals are hoping that employees have shared organisational secrets with ChatGPT as compromised ChatGPT credentials are found for sale on the Dark Web. Trove of ChatGPT creds found on dark web • The Register Do you …
PyPi software repository takes the most basic of security steps…
Having temporarily closed its doors last week to new business, PyPi – a python code repository – is now enforcing the most basic of cyber security precautions – 2FA! PyPI announces mandatory use of 2FA for all software publishers (bleepingcomputer.com) Your takeaway from this is that any essential business service …
Continue reading “PyPi software repository takes the most basic of security steps…”
PyPi. I wrote about code supply chain compromise last week…
…and I am writing about code supply chain compromise again this week. PyPi. PyPi is a well-respected repository of python code – I used it myself whilst at uni – but to try and get to grips with the influx of malicious code it has closed its doors to new …
Continue reading “PyPi. I wrote about code supply chain compromise last week…”
Code Supply Chain Compromise
It is a while since I have written about the issue of compromising code in software repositories being an attack vestor for threat actor bit it has not gone away. Malicious Microsoft VSCode extensions steal passwords, open remote shells (bleepingcomputer.com) Software and web developers everywhere will access code from these …
Be careful what you give to ChatGPT – a new type of intellectual property leak.
The artificial intelligence (AI) system ChatGPT has been in the recently – a lot – for producing essays, academic papers, poetry (I am sure someone used it for Valentine’s Day), homework, hacking etc. But here is a new cyber security risk and data leak, that I am sure no one …
Continue reading “Be careful what you give to ChatGPT – a new type of intellectual property leak.”