…do you get it checked? It may seem a strange thing to think about, surely the programmers know how to produce secure code? But recent research has shown that even the biggest organisations have coders who continuously leave valuable credentials embedded in their public facing apps. These transgressions often arise …
ChatGPT and Cyber Security
The sale of credentials is a very active illicit market place. Now the cyber criminals are hoping that employees have shared organisational secrets with ChatGPT as compromised ChatGPT credentials are found for sale on the Dark Web. Trove of ChatGPT creds found on dark web • The Register Do you …
PyPi software repository takes the most basic of security steps…
Having temporarily closed its doors last week to new business, PyPi – a python code repository – is now enforcing the most basic of cyber security precautions – 2FA! PyPI announces mandatory use of 2FA for all software publishers (bleepingcomputer.com) Your takeaway from this is that any essential business service …
Continue reading “PyPi software repository takes the most basic of security steps…”
PyPi. I wrote about code supply chain compromise last week…
…and I am writing about code supply chain compromise again this week. PyPi. PyPi is a well-respected repository of python code – I used it myself whilst at uni – but to try and get to grips with the influx of malicious code it has closed its doors to new …
Continue reading “PyPi. I wrote about code supply chain compromise last week…”
Code Supply Chain Compromise
It is a while since I have written about the issue of compromising code in software repositories being an attack vestor for threat actor bit it has not gone away. Malicious Microsoft VSCode extensions steal passwords, open remote shells (bleepingcomputer.com) Software and web developers everywhere will access code from these …
