RATs found hiding in the npm attic
ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an open source infostealer that lurked on npm for two months before being detected.
Threat Research
RATs found hiding in the npm attic
Detecting Debugger Evasion: Exception Flooding
Quantum, once a popular ransomware gang, is no longer an active threat. However, ReversingLabs researchers created detection rules for a debugger evasion recently added to the Malware Behavior Catalog as Exception Flooding.
Red teamers take on AI at DEF CON 31
It takes a village... Researchers play capture the flag to find vulns in tools like ChatGPT — with a White House assist.
Package names repurposed to push malware on PyPI
What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
Red flags flew over software supply chain-compromised 3CX update
The VOIP software company missed signs that its client had been tampered with before it pushed the update to customers.
VS Code hack shows how supply chain attacks can extend to other software development tools
A Visual Studio Code Extensions Marketplace flaw highlights the risk potential. Here's how the VS Code IDE can proliferate to npm.
From the Labs: YARA Rule for Detecting NB65
ReversingLabs YARA detection rule for NB65 can help you find this ransomware in your environment.
PyPI repo poisoned with "Colour-Blind" RAT
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts
Developers beware: Imposter HTTP libraries lurk on PyPI
ReversingLabs researchers discovered dozens of malicious packages on Python Package Index that mimic popular libraries
Core-JS: Beware hidden dependencies from indebted Russian developers
This is not a drill: Denis Pushkarev has big debts — and his code is EVERYWHERE
From the Labs: YARA Rule for Detecting Lorenz
ReversingLabs’ YARA detection rule for Lorenz can help you find this ransomware in your environment.
Open-source repository malware sows Havoc
Aabquerys is a malicious npm package discovered typosquatting on a legitimate module that downloads malicious components
Leaky app gives researcher 'total, global control' over the Toyota supplier network
Researcher Eaton Zveare discloses massive back door in Toyota web app exploiting a JsonWebToken used for authentication
The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
From the Labs: YARA Rule for Detecting Black Basta
ReversingLabs’ YARA detection rule for Black Basta can help you find this ransomware in your environment.