Collaborate Disseminate
Help Net Security is in Israel this week for Cybertech Tel Aviv 2023, talking to the key players from the cybersecurity industry and businesses from a wide range of sectors, who gathered to exchange knowledge, to network, and learn about technological … Continue reading Video walkthrough: Cybertech Tel Aviv 2023
In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique tactic. Sonatype calls them RAT mutants because they’re a mix of remote acce… Continue reading A closer look at malicious packages targeting Python developers
Sonatype has expanded strategic partnership with CyberRes to provide organizations with a complete open source and application security solution. Building off of an eight-year partnership, the extended portfolio brings a security application through So… Continue reading Sonatype and CyberRes expand collaboration to strengthen application security
Sonatype unveiled its eighth annual State of the Software Supply Chain Report which, in addition to a massive surge in open source supply, demand, and malicious attacks, found that 96% of open source Java downloads with known-vulnerabilities could have… Continue reading Consumer behaviors are the root of open source risk
Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects. According to early data from Sonatype’s 8th annual State of the Software Supply Chain Report, an average 700% jump in cyberattacks against open so… Continue reading Open source projects under attack, with enterprises as the ultimate targets
In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, discusses newly found PyPI packages that pack ransomware, and another package that appears to be safe but silently drops fileless malware to mine cryptocurrency (Monero… Continue reading Malicious PyPI packages drop ransomware, fileless malware
Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and environment variables. All those credentials and metadata then get uploaded to one or … Continue reading Python packages with malicious code expose secret AWS credentials
Here’s a look at the most interesting products from the past month, featuring releases from: AuditBoard, BIO-key, Cohesity, Corelight, Data Theorem, Deepfence, ForgeRock, Fortinet, Hunters, Enpass, iDenfy, Kasten by Veeam, Kingston Digital, Microsoft, … Continue reading Infosec products of the month: May 2022
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send them to a Heroku app. But what at first seemed like the work of a malicious … Continue reading Hijacking of popular ctx and phpass packages reveals open source security gaps
Here’s a look at the most interesting products from the past week, featuring releases from Cohesity, ForgeRock, iDenfy, Nasuni, Orca Security, SecureAge, and Sonatype. SecureAge CatchPulse safeguards enterprises against complex security threats CatchPu… Continue reading New infosec products of the week: May 13, 2022