Cyber Security Today, August 10, 2022 – Bad apps are found in the PyPI repository, six backdoors are used in a gang’s cyber attacks, a new botnet found and more

Share post:

Bad apps are found in the PyPI repository, six backdoors are used in a gang’s cyber attacks, a new botnet is found, and more Welcome to Cyber Security Today. It’s Wednesday, August 10th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.  
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
  Ten malicious software packages have been found in the PyPI repository of applications used by Python language application developers. The discovery was made by researchers at Check Point Software. Open source code repositories like PyPI and NPM are increasingly being targeted by threat actors who want to push their malware into the software supply chain to multiply its impact. Usually the goal of infected code is to steal developers’ data and login credentials, which can be leveraged against the organizations that install the finished software. One problem is that PyPi users often automate the downloading of updates of packages they use without scanning them for malware. Many of the malicious packages found by Check Point spoofed the names of legitimate packages. The discovery is another reminder that developers can’t simply trust code on repositories. And it’s a reminder to those managing open source code repositories to stiffen security so real packages can’t be compromised and phony ones can’t be uploaded. Recently GitHub’s NPM began new user login and publishing controls to enhance security. A China-based threat group is believed to be tailoring phishing messages to install six different backdoors in government agencies and companies in Russia, Ukraine, Belarus and Afghanistan. Researchers at Kaspersky made the discovery. While the attackers haven’t hit Canada or the U.S., defenders here may be interested in their tactics. The goal seems to be espionage. The attackers appear to have carefully researched target organizations before sending employees emails with infected Microsoft Word attachments. The initial malware gathers general information on the infected computer which leads to the downloading of backdoors. From there the attackers spread malware to other systems, eventually taking control of an organization’s domain controller. That allows them to search for and exfiltrate documents. A new family of internet-of-things malware and a related botnet have been discovered. Researchers at Fortinet say the malware has the ability to expose login credentials with brute-force attacks on servers using the secure shell protocol. Victim organizations are believed to be in the U.S., Taiwan, South Korea and other countries. The researchers dub this malware family RapperBot. It heavily re-uses parts of the Mirai botnet source code, but with some differences. So far those behind this effort seem interested only in collecting more compromised servers. Since its primary way of spreading is brute forcing SSH credentials, this threat can be mitigated by setting strong passwords for devices or disabling password authentication for SSH where possible. Last month I reported the FBI warned firms not to fall for realistic deepfake video calls. Threat actors are appearing on online job interviews with faked images of talking people generated by real-time artificial intelligence software. The threat actor answers questions, with the software changing the face of the online image to make it seem like the image is talking. How can you discover a fake? By asking the person to turn sideways. That’s according to an article by researchers at Metaphysic, a software company that sells a platform to create AI-generated content. They say the current generation of facial alignment software can’t accurately create a person’s profile from a straight-on image. That may change with a new generation of applications. But for now, when in doubt ask a person you’re chatting with on a video call to turn completely sideways. The artifacts may give away that the image is fake. Finally, yesterday was the monthly Patch Tuesday, when Microsoft, Adobe and some other major software companies released application updates. Individuals should have Windows updates installed automatically, but it doesn’t hurt to check your computer. IT departments should prioritize updates based on their environments. The latest Windows updates fix some critical vulnerabilities. That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, August 10, 2022 – Bad apps are found in the PyPI repository, six backdoors are used in a gang’s cyber attacks, a new botnet found and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Pushing back against rising cloud costs: Hashtag Trending for Wednesday, April 24, 2024

Pushing back against rising cloud costs – one CEO make big savings, Microsoft makes it clear that it...

Digital humans make inroads into customer service: Hashtag Trending for Tuesday, April 23, 2024

Before we get to our stories, coincidentally leading with one on digital humans used in customer service, we...

Cyber Security Today, April 22, 2024 -Vulnerability in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more

This episode reports on a new campaign to steal credentials from LastPass users, a warning to admits of Ivanti Avalanche mobile device management software

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways