Cybersecurity Starts in the Boardroom
Having temporarily closed its doors last week to new business, PyPi – a python code repository – is now enforcing the most basic of cyber security precautions – 2FA! PyPI announces mandatory use of 2FA for all software publishers (bleepingcomputer.com) Your takeaway from this is that any essential business service …
Continue reading “PyPi software repository takes the most basic of security steps…”
…and I am writing about code supply chain compromise again this week. PyPi. PyPi is a well-respected repository of python code – I used it myself whilst at uni – but to try and get to grips with the influx of malicious code it has closed its doors to new …
Continue reading “PyPi. I wrote about code supply chain compromise last week…”
The first is that threat actors have compromised a media company and are using its infrastructure to distribute malware: Hundreds of U.S. news sites push malware in supply-chain attack (bleepingcomputer.com) The company has not yet been named but the attack has impacted to many hundreds of news sites. The second …
Continue reading “A couple of stories about supply chain compromise”
If you, as a threat actor, could embed your malware into a software module, that is then used by many innocent and unaware software developers in their packages, they release to the general public, wouldn’t you? That looks like a lot of infected machines for a small amount of work. …
Continue reading “Software repositories are a target for threat actors”
Software depositories are a prime target for threat actors, especially those offering modules that other developers include in their software. Here is an attack aimed at a Python repository: Malicious PyPi packages aim DDoS attacks at Counter-Strike servers (bleepingcomputer.com) How secure is open source software? Do you use open source …
