all InfoSec news
Investigating a backdoored PyPi package targeting FastAPI applications
Nov. 23, 2022, midnight |
Datadog Security Labs securitylabs.datadoghq.com
Introduction
FastAPI is a highly popular Python web framework. On November 23rd, 2022, the Datadog Security Labs team identified a third-party utility Python package on PyPI related to FastAPI, fastapi-toolkit, that has been backdoored by a malicious actor. The attacker inserted a backdoor in the package, adding a FastAPI route allowing a remote attacker to execute arbitrary python code and SQL queries in the context of the web application.
While FastAPI itself is not impacted, this is an interesting …
More from securitylabs.datadoghq.com / Datadog Security Labs
An analysis of a TeamTNT doppelgänger
2 months, 3 weeks ago |
securitylabs.datadoghq.com
Highlights from Datadog Security Labs in 2023
3 months, 3 weeks ago |
securitylabs.datadoghq.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Architect - Hardware
@ Intel | IND - Bengaluru
Elastic Consultant
@ Elastic | Spain
OT Cybersecurity Specialist
@ Emerson | Abu Dhabi, United Arab Emirates
Security Operations Program Manager
@ Kaseya | Miami, Florida, United States
Senior Security Operations Engineer
@ Revinate | Vancouver