Cybersecurity researchers at ReversingLabs found that hackers used malicious code to combine the Ultralytics AI library to mine cryptocurrency.
Read More about HackRead: Ultralytics AI library with 60M downloads compromised for cryptomining
In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.
Read More about The Hacker News: Supply chain compromise of Ultralytics AI library results in trojanized versions
Reversing Labs researchers identified and reported the threat, leading to its removal from the PyPI.
Read More about Infosecurity Magazine: Malicious PyPI package exposes crypto wallets to infostealer code
Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step of using a mature software supply chain security solution to ensure they're not blindly trusting a provider's software.
Read More about Dark Reading: Going Beyond Secure by Demand
This episode of Safe Mode explores the critical issue of software supply chain security with Saša Zdjelar, ReversingLabs’ chief trust officer.
Read More about Safe Mode: ReversingLabs’ Saša Zdjelar on the ‘black box’ of commercial software
Threats to software supply chains are eroding the existing enterprise software procurement model, so it’s time for a change.
Read More about SecurityInfoWatch: The procurement challenge breaks open the black box that is commercial software-1400x732.webp&w=3840&q=75)
Saša Zdjelar of ReversingLabs, explains why SBOM are a good first start, but aren’t enough to deliver secure software.
Read More about SC Media: Why SBOMs are not enough to manage modern software risks
According to ReversingLabs, the hackers behind the effort are luring developers with fake job offers and instructing them to download PyPI packages with obfuscated malware from GitHub repositories as part of coding tests.
Read More about IT Brew: Suspected North Korean group appears to still be hoaxing devs into downloading malware
New research from Reversing Labs shows that the Lazarus Group is continuing its campaign of tempting targeting developers with malicious software packages on open-source repositories by posing as employees of the financial services firm Capital One.
Read More about CISO Series: Cybersecurity News: Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA
North Korean attackers pose as recruiters for financial firms to lure developers into executing trojanized Python projects on their machines as part of fake job interviews.
Read More about CSO: Fake recruitment campaign targets developers using trojanized Python packages
Lazarus Group has been observed continuing its VMConnect campaign by targeting developers with new malicious software packages on open source repositories, according to ReversingLabs.
Read More about Infosecurity: Lazarus Group targets developers in fresh VMConnect campaign
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments.
Read More about Hacker News: Lazarus Group uses fake coding tests to spread malware
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.
Read More about Bleeping Computer: Fake password manager coding test used to hack Python developers
Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance.
Read More about Dark Reading: Evolving npm package campaign targets Roblox devs, for years
Your organization runs on commercial software far more than it does open source.
Read More about Cyber Ranch: What Is In Your Commercial Software? with Sasa Zdjelar