packages

Customize your data ingestion with Elastic input packages

Oct 1, 2023 by iHash Leave a Comment

Say hello to Julia, who works as an engineer at Ascio Innovation firm. She is currently working with Oracle Weblogic server and wants to get a set of metrics for monitoring it. She goes ahead and installs Elastic Oracle Weblogic Integration, which uses Jolokia in the backend to fetch the metrics. Now, her team wants to advance in the monitoring and has the following … [Read more...] about Customize your data ingestion with Elastic input packages

Over a Dozen PHP Packages with 500 Million Compromised

May 5, 2023 by iHash Leave a Comment

May 05, 2023Ravie LakshmananProgramming / Software Security PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message … [Read more...] about Over a Dozen PHP Packages with 500 Million Compromised

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Apr 11, 2023 by iHash Leave a Comment

Apr 11, 2023Ravie LakshmananSoftware Security / Cryptocurrency Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated … [Read more...] about Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware

Mar 22, 2023 by iHash Leave a Comment

Mar 22, 2023Ravie LakshmananDevOpsSec / Malware The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages contained a PowerShell script … [Read more...] about Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Feb 23, 2023 by iHash Leave a Comment

Feb 23, 2023Ravie LakshmananSoftware Security / Supply Chain Attack Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3. The … [Read more...] about Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

Jan 17, 2023 by iHash Leave a Comment

Jan 17, 2023Ravie LakshmananSoftware Security / Supply Chain A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by … [Read more...] about Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Dec 24, 2022 by iHash Leave a Comment

Dec 24, 2022Ravie LakshmananSoftware Security / Supply Chain Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf … [Read more...] about W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

Nov 5, 2022 by iHash Leave a Comment

Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," … [Read more...] about Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

LofyLife: malicious packages in npm repository

Jul 30, 2022 by iHash Leave a Comment

Open-source code is a blessing for the IT industry — it helps programmers save time and build products faster and more efficiently by eliminating the need of writing repetitive common code. To facilitate this knowledge sharing, there are repositories — open platforms where any developer can publish their own packages with their code to speed up the development process for other … [Read more...] about LofyLife: malicious packages in npm repository

Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

Jul 5, 2022 by iHash Leave a Comment

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code … [Read more...] about Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

Prism Drive Secure Cloud Storage: Lifetime Subscription (10TB) for $89

Mashvisor: Lifetime Subscription (Professional Plan) for $199

Beducated: Lifetime Subscription for $99

Amysen Wi-Fi Smart Plug (4-Pack) for $23

Refurbished Apple iPad 4 (2012) WiFi Black / 16GB / Grade A for $76