RF Wave’s Post

🎯In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures secure publication workflow for the Ultralytics package." The project maintainer, Glenn Jocher, confirmed on GitHub that the two versions were infected by malicious code injection in the PyPI deployment workflow after reports emerged that installing the library led to a drastic spike in CPU usage, a telltale sign of cryptocurrency mining. 🔔 Stay connected for industry’s latest content – Follow Dr. Anil Lamba, CISSP #linkedin #teamamex #JPMorganChase #cybersecurity #technologycontrols #infosec #informationsecurity #GenAi #linkedintopvoices #cybersecurityawareness #innovation #techindustry #cyber #birminghamtech #cybersecurity #fintech #careerintech #handsworth #communitysupport #womenintech #technology #security #cloud #infosec #riskassessment #informationsecurity #auditmanagement #informationprotection #securityaudit #cyberrisks #cybersecurity #security #cloudsecurity #trends #grc #leadership #socialmedia #digitization #cyberrisk #education #Hacking #privacy #datasecurity #passwordmanagement #identitytheft #phishingemails #holidayseason #bankfraud #personalinformation #creditfraud

In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures secure publication workflow for the Ultralytics package." The project maintainer, Glenn Jocher, confirmed on GitHub that the two versions were infected by malicious code injection in the PyPI deployment workflow after reports emerged that installing the library led to a drastic spike in CPU usage, a telltale sign of cryptocurrency mining. The most notable aspect of the attack is that bad actors managed to compromise the build environment related to the project to insert unauthorized modifications after the completion of the code review step, thus leading to a discrepancy in the source code published to PyPI and the GitHub repository itself. Stay connected to Aashay Gupta, CISM, GCP for content related to Cybersecurity.    #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #CEH #ethicalhacker #hacking #cloudsecurity #productmanagement #cybersecurity #appsec #devsecops

In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures secure publication workflow for the Ultralytics package." The project maintainer, Glenn Jocher, confirmed on GitHub that the two versions were infected by malicious code injection in the PyPI deployment workflow after reports emerged that installing the library led to a drastic spike in CPU usage, a telltale sign of cryptocurrency mining. Please follow Hardial Singh  for such content. #linkedIn #Cybersecurity #informationsecurity #cloudsecurity #datasecurity #cybersecurityawareness #Data #Bigdata #Hadoop #Enterprisedata #Hybridcloud #Cloud #Cloudgovernance #Devops #Devsecops #Secops #cyber #infosec #riskassessment #informationsecurity #auditmanagement #informationprotection #securityaudit #cyberrisks #cybersecurity #security #cloudsecurity #trends #AWS #EC2 #AWSStorage #Cloudstorage

Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures secure publication workflow for the Ultralytics package." The project maintainer, Glenn Jocher, confirmed on GitHub that the two versions were infected by malicious code injection in the PyPI deployment workflow after reports emerged that installing the library led to a drastic spike in CPU usage, a telltale sign of cryptocurrency mining. The most notable aspect of the attack is that bad actors managed to compromise the build environment related to the project to insert unauthorized modifications after the completion of the code review step, thus leading to a discrepancy in the source code published to PyPI and the GitHub repository itself. Stay Connected to Nishan Singh, CISA, MBA for latest cyber security information. #EXL #Exlservice #linkedin #cybersecurity #technologycontrols #infosec #informationsecurity #GenAi #linkedintopvoices #cybersecurityawareness #innovation #techindustry #VulnerabilityAssessment #ApplicationSecurity #SecureCoding #cyber #communitysupport #womenintech #technology #security #cloud #infosec #riskassessment #informationsecurity #auditmanagement #informationprotection #securityaudit #cyberrisks #cloudsecurity #trends #grc #leadership #socialmedia #digitization #education #Hacking #privacy #datasecurity #passwordmanagement #identitytheft #phishingemails #holidayseason #bankfraud #personalinformation #creditfraud

"Researchers have discovered an unpatched vulnerability in the Anyscale Ray AI platform, allowing threat actors to exploit computing power for cryptocurrency mining. Ongoing since September 2023, the campaign, codenamed ShadowRay, affects various sectors including education, cryptocurrency, and biopharma. This marks the first instance of AI workloads being targeted due to underlying infrastructure flaws. Ray is an open-source compute framework used for building, training, and scaling AI and Python workloads." #vulnerability #hacking #cyberattack #cybersecurity

🚨 BREAKING: Another day, another software supply chain attack! 🤯 This time, it's the popular Python AI library ultralytics that fell victim to cyber crooks. Versions 8.3.41 and 8.3.42 were playing host to a sneaky cryptocurrency miner! 😱⛏️ But fear not, tech warriors! The heroes at PyPI have swooped in like digital Avengers and purged the compromised versions from their repository! 🦸♂️💻 And just like Iron Man's suit upgrades, a patched version has been released to keep our AI adventures safe and sound. Phew! 🛡️🔒 💡 What's the big lesson here, you ask? Stay vigilant, my friends! Trust no package, verify everything. The cyber realm is a wild west, and we must be the sheriffs of our code! 🤠🌵 🔮 Prediction time! I foresee a rise in supply chain attacks as cyber villains get bolder and craftier. But fret not, for with each challenge comes innovation! Let's band together, share knowledge, and fortify our digital fortresses! 💪🏰 Let's discuss! How are you fortifying your defenses in this ever-evolving tech landscape? Share your thoughts! 👨💻🔐 #ainews #automatorsolutions #CyberSecurity #PythonAI #SupplyChainAttacks #CyberSecurityAINews ----- Original Publish Date: 2024-12-07 04:15

Cybercriminals Abuse StackOverflow to Promote Malicious Python Package: Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index (PyPI) repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing. Interestingly, the package author, who goes by the name PhilipsPY, has uploaded a new version of the https://lnkd.in/gStahpNq

Excited to announce the launch of SCsVolLyzer, a Python-based analytical tool designed for Ethereum smart contracts coded in Solidity. Created with the guidance of my esteemed supervisor, Prof. Arash Habibi Lashkari. This tool is both modular and adaptable. It offers an in-depth overview of a smart contract's framework and functionality, aiding developers and auditors in refining and fortifying Ethereum blockchain applications. #Cybersecurity #Blockchain #SmartContracts #YorkU

Developers, double-check your dependencies! Researchers have uncovered a malicious Python package, “solana-py,” on PyPI, designed to steal Solana #blockchain wallet keys. This deceptive package mimics the legitimate “solana” API and has already been downloaded over 1,100 times, posing a serious threat to developers and end users. The package injects malicious code into the "init .py" script, exfiltrating sensitive information to an external domain. Read: https://lnkd.in/gjkkY5qE #Cybersecurity #Infosec

#Day81 of 100 days of #Cybersecuritychallenge Today's Topic: Solana py Here are the key takeaways: New malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets. The legitimate Solana Python API project is known as 'solana-py' on GitHub, but simply 'solana' on the Python software registry, PyPI. The most striking aspect of the library is that it carried the version numbers 0.34.3, 0.34.4, and 0.34.5. The latest version of the legitimate "solana" package is 0.34.3. This clearly indicates an attempt on the part of the threat actor to trick users looking for "solana" into inadvertently downloading "solana-py" instead. What's more, the rogue package borrows the real code from its counterpart, but injects additional code in the "__init__.py" script that's responsible for harvesting Solana blockchain wallet keys from the system. This information is then exfiltrated to a Hugging Face Spaces domain operated by the threat actor ("treeprime-gen.hf[.]space"), once again underscoring how threat actors are abusing legitimate services for malicious purposes. The attack campaign poses a supply chain risk in that Sonatype's investigation found that legitimate libraries like "solders" make references to "solana-py" in their PyPI documentation, leading to a scenario where developers could have mistakenly downloaded "solana-py" from PyPI and broadened the attack surface. In other words, if a developer using the legitimate 'solders' PyPI package in their application is mislead (by solders' documentation) to fall for the typosquatted 'solana-py' project, they'd inadvertently introduce a crypto stealer into their application. #CyberSecurity #Python #Solana #CryptoSecurity #OpenSource #Infosec #Developers