#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Python Programming | Breaking Cybersecurity News | The Hacker News

Category — Python Programming
Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

Nov 08, 2023 Supply Chain / Software Security
A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware called  BlazeStealer , Checkmarx said in a report shared with The Hacker News. "[BlazeStealer] retrieves an additional malicious script from an external source, enabling a Discord bot that gives attackers complete control over the victim's computer," security researcher Yehuda Gelb said. The campaign, which commenced in January 2023, entails a total of eight packages named Pyobftoexe, Pyobfusfile, Pyobfexecute, Pyobfpremium, Pyobflite, Pyobfadvance, Pyobfuse, and pyobfgood, the last of which was published in October.  These modules come with setup.py and init.py files that are designed to retrieve a Python script hosted on transfer[.]sh, which gets executed immediately upon
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

Sep 15, 2023 Online Security / Malware
An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based  NodeStealer  and potentially take over their accounts for follow-on malicious activities.  "The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology sectors," Netskope Threat Labs researcher Jan Michael Alcantara  said  in an analysis published Thursday. First documented by Meta in May 2023, NodeStealer  originated  as a JavaScript malware capable of pilfering cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts. Palo Alto Networks Unit 42, last month,  revealed  a separate attack wave that took place in December 2022 using a Python version of the malware, with select iterations also designed to conduct cryptocurrency theft. The latest findings from Netskope suggest the Vietnamese threat
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
An Easier Way to Keep Old Python Code Healthy and Secure

An Easier Way to Keep Old Python Code Healthy and Secure

Jul 22, 2022
Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of problems. Whenever Python is updated, it means a big refactoring workload, which often gets dealt with poorly – or not at all. That leads to poor performance and security vulnerabilities. But maybe there is a better way: a tool to keep your Python tasks running smoothly and securely day in, day out. Let's take a look. It's slow, but it does the job Python isn't the fastest language around, but despite its comparative disadvantages, you'll often see it used for intensive data crunching operations. Think machine learning, computer vision, or even pure math in high-perform
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Expert Insights / Articles Videos
Cybersecurity Resources