Cybersecurity

Cybersecurity Today, March 29, 2024 – PyPI repository shut down to prevent malicious uploads, developers urged to stop creating apps with SQL vulnerabilities.

To prevent malicious uploads, the PyPI repository will be closed and we will appeal to developers to stop creating apps with SQL vulnerabilities.

Welcome to Cybersecurity Today. It’s Friday, March 29, 2024. I’m Howard Solomon. In the US, he is a reporter who writes about cybersecurity for ITWorldCanada.com and TechNewsday.com.

I reported it before Threat actors are increasingly uploading malicious code to open source repositories such as GitHub and NPM. Well, things got so bad yesterday that the Python Package Index, known as PyPI, had to temporarily stop creating new projects and mitigating new users. According to Checkmarx researchers, the administrator likely had to do this because someone automated the upload of the malware-laden Python code. A common tactic is to give malicious code a filename that resembles a legitimate package that developers regularly look for. When a developer unknowingly embeds malicious code in an application, it can be exploited by a threat actor to steal data from the software’s users or the developer. As mentioned previously, anyone downloading code from open source libraries should take precautions. Make sure you are not downloading anything infected.

The United States offers There is a reward of up to US$10 million for information regarding individuals associated with the AlphV/BlackCat ransomware gang. This comes after the gang claimed responsibility for US medical billing service provider Change Healthcare in February. According to some reports, the company paid the gang US$22 million to regain access to the scrambled data. Since then, there have been numerous reports of the gang disbanding.

New Linux version The XDealer remote access Trojan has been discovered. Also called DinodasRAT by some researchers. Kaspersky said the new variant of the backdoor primarily targets servers running Red Hat and Ubuntu Linux. The report does not provide details on how servers become infected. So far, servers have been compromised in China, Taiwan, Turkey, and Uzbekistan.

U.S. cyber officials are pleading Application developers should stop writing software with SQL injection vulnerabilities. The method has been around for 20 years. However, software companies are still releasing products that may compromise SQL. Example 1: Progress Software’s MOVEit file transfer application. Last year, the Cl0p ransomware group used this to steal the personal data of 94 million people from his more than 2,700 organizations around the world. Here is a link to advice on safely writing applications:

Operating company Companies in the U.S. critical infrastructure sector have just under two months to comment on proposed regulations regarding cyber incidents and ransom payments to be reported to the Cybersecurity and Infrastructure Security Agency. Simply put, the proposed rules would require approximately 316,000 organizations to report certain incidents within 72 hours of discovery and 24 hours after ransom payment. Hospitals with fewer than 100 beds are exempt.

Also this week, authorities warned that threat actors are actively exploiting code injection vulnerabilities in Microsoft SharePoint Server. This vulnerability was disclosed 12 months ago. There’s no reason why your IT department hasn’t installed the patch by now.

New features have been added to the Vulture malware that steals banking login information from Android devices. According to researchers at NCC Group/Fox-IT, the malware specifically disables his Keyguard, allowing it to bypass the lock screen security of infected devices. Victims are often fooled into downloading malware after being tricked into texting them asking them to call if they have not authorized a large financial transaction or purchase.

finally, This week, many companies issued security patches for their products.

Splunk has issued upgrades for Splunk Enterprise, Cloud Platform, and Universal Forwarder. Cisco Systems has applied patches to IOS and IOS XE software and access point software that fix multiple vulnerabilities. Nvidia has released a software update for its artificial intelligence chatbot ChatRTX for Windows to fill two holes. Additionally, the Cybersecurity and Infrastructure Security Agency issued four recommendations regarding industrial control systems. Three are for Rockwell Automation products, including PowerFlex 527, Arena Simulation, and FactoryTalk ViewME products. The other is for Automation-Direct’s C-MORE display system.

The Week in Review podcast will be available later today. Guest David Shipley from Beauceron Security discusses the company’s latest State of Security Awareness Report, what World Backup Day means to IT professionals, and meeting mandatory minimum cybersecurity standards for the U.S. healthcare sector. We will discuss what people are asking for.

Follow Cyber ​​Security Today on Apple Podcasts or add us to Flash Briefing on your smart speaker.


Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button