More malware found in the PyPi registry, GitHub expands security scanning and more
Welcome to Cyber Security Today. It’s Wednesday, December 21st, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
More warnings are going out to software developers who download code from open-source repositories. One comes from researchers at Phylum, who recently found 16 packages with versions of the W4SP information stealer dropped into the Python language open-source repository called PyPI. This comes after the discovery of 29 versions of W4SP found last month.
Separately, researchers at ReversingLabs discovered a malicious package in the Python PyPI repository that pretends to be a software development kit from cybersecurity firm SentinelOne. The package is named SentinelOne and appears at first glance to be a fully functional client from that company. That’s because it was built on top of legitimate SentinelOne code. However, its real job is to infect a developer’s code with a backdoor, which would spread to those who install the compromised software. Developers using PyPI, NPM, RubyGems, GitHub and other public repositories for pieces of code must scan and inspect anything they download from the internet before putting it in their apps.
GitHub is extending its program for scanning open-source libraries on the platform for poorly-written code that leak developers’ credentials. It’s called the secret scanning partner program, not because it’s a secret, but because the scanning looks for things that are called secrets such as credentials and access tokens. Until now the program has been available only to users of GitHub’s Advanced Security service. But last week GitHub began a gradual beta rollout of secret scanning for all code on the platform. . GitHub developers will see an alert in the “Code security and analysis” tab of their repositories. It will show the compromised secret, its location and suggested action to be taken. This year GitHub notified enrolled partners of over 1.7 million potential secrets exposed in publicly-accessible GitHub repositories.
Epic Games, the creator of video games including Fornite, has agreed to pay US$520 million to settle allegations of violating a U.S. children’s privacy law and for tricking players into making unintentional purchases. The deal with the U.S. Federal Trade Commission relates to a complaint that Epic used privacy-invasive settings and deceptive interfaces that tricked underage Fortnite players. Personal information was collected from players under the age of 13 without parental consent allegedly in violation of a commission rule. It also alleged Epic violated a rule by enabling real-time voice and text chat communications by default for underage players.
Finally, for most of the year a Russian-based threat group dubbed Trident Ursa has been targeting organizations in Ukraine. However, a new report from Palo Alto Networks says the group is also trying to boost its intelligence collection and network access against NATO countries. That includes trying to compromise a large petroleum refining company in an unnamed country in August. Also known by researchers as Gamaredon, Primitive Bear and Shuckworm, this group has been accused by Ukraine of being part of Russia’s Federal Security Service. The report is an update of the indicators of compromise IT and security teams in governments and organizations should be looking for.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.