Cyber Security Today, Dec. 21, 2022 – Malware in the PyPI registry, GitHub expands security scanning and more

Share post:

More malware found in the PyPi registry, GitHub expands security scanning and more

Welcome to Cyber Security Today. It’s Wednesday, December 21st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

More warnings are going out to software developers who download code from open-source repositories. One comes from researchers at Phylum, who recently found 16 packages with versions of the W4SP information stealer dropped into the Python language open-source repository called PyPI. This comes after the discovery of 29 versions of W4SP found last month.

Separately, researchers at ReversingLabs discovered a malicious package in the Python PyPI repository that pretends to be a software development kit from cybersecurity firm SentinelOne. The package is named SentinelOne and appears at first glance to be a fully functional client from that company. That’s because it was built on top of legitimate SentinelOne code. However, its real job is to infect a developer’s code with a backdoor, which would spread to those who install the compromised software. Developers using PyPI, NPM, RubyGems, GitHub and other public repositories for pieces of code must scan and inspect anything they download from the internet before putting it in their apps.

GitHub is extending its program for scanning open-source libraries on the platform for poorly-written code that leak developers’ credentials. It’s called the secret scanning partner program, not because it’s a secret, but because the scanning looks for things that are called secrets such as credentials and access tokens. Until now the program has been available only to users of GitHub’s Advanced Security service. But last week GitHub began a gradual beta rollout of secret scanning for all code on the platform. . GitHub developers will see an alert in the “Code security and analysis” tab of their repositories. It will show the compromised secret, its location and suggested action to be taken. This year GitHub notified enrolled partners of over 1.7 million potential secrets exposed in publicly-accessible GitHub repositories.

Epic Games, the creator of video games including Fornite, has agreed to pay US$520 million to settle allegations of violating a U.S. children’s privacy law and for tricking players into making unintentional purchases. The deal with the U.S. Federal Trade Commission relates to a complaint that Epic used privacy-invasive settings and deceptive interfaces that tricked underage Fortnite players. Personal information was collected from players under the age of 13 without parental consent allegedly in violation of a commission rule. It also alleged Epic violated a rule by enabling real-time voice and text chat communications by default for underage players.

Finally, for most of the year a Russian-based threat group dubbed Trident Ursa has been targeting organizations in Ukraine. However, a new report from Palo Alto Networks says the group is also trying to boost its intelligence collection and network access against NATO countries. That includes trying to compromise a large petroleum refining company in an unnamed country in August. Also known by researchers as Gamaredon, Primitive Bear and Shuckworm, this group has been accused by Ukraine of being part of Russia’s Federal Security Service. The report is an update of the indicators of compromise IT and security teams in governments and organizations should be looking for.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Dec. 21, 2022 – Malware in the PyPI registry, GitHub expands security scanning and more first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways