The story normally is “hackers place malicious code into legitimate projects on software repository”. This is a favourite threat actor tactic as it can infect many users, when software developers, unintentional, distribute the malicious code with their projects. Code Risk This story however is how threat actors are using these …
Supply Chain Attacks
I am always alerting you to the cyber security issues that WordPress and WordPress plugin report – many of you use WordPress and need to be alert to these breaches in your cyber security. Or at least someone in your organisation or supply chain – if you use a thrid-party …
Infected Python Packages
It is a while since I have written about the threat actors getting inside software repositories and infecting widely used software packages with malware. Subsequently these packages are then innocently used by web and software developers, infecting their work which is then passed onto the end client, potentially you. The …
PyPi software repository takes the most basic of security steps…
Having temporarily closed its doors last week to new business, PyPi – a python code repository – is now enforcing the most basic of cyber security precautions – 2FA! PyPI announces mandatory use of 2FA for all software publishers (bleepingcomputer.com) Your takeaway from this is that any essential business service …
Continue reading “PyPi software repository takes the most basic of security steps…”
PyPi. I wrote about code supply chain compromise last week…
…and I am writing about code supply chain compromise again this week. PyPi. PyPi is a well-respected repository of python code – I used it myself whilst at uni – but to try and get to grips with the influx of malicious code it has closed its doors to new …
Continue reading “PyPi. I wrote about code supply chain compromise last week…”