all InfoSec news
Malicious Python Packages and Code Execution via pip download
Sept. 9, 2022, 11:30 p.m. |
Embrace The Red embracethered.com
I assumed that running pip install means anything could happen, but pip download seems a bit surprising.
Both seem useful for red teaming though.
Background This post from Yehuda Gelb named Automatic Execution of Code Upon Package Download on Python Package Manager which the Security Now! podcast pointed me towards.
The post highlights that just running pip download can compromise your …
More from embracethered.com / Embrace The Red
Bobby Tables but with LLM Apps - Google NotebookML Data Exfiltration
1 week, 3 days ago |
embracethered.com
HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch
1 week, 4 days ago |
embracethered.com
ASCII Smuggler - Improvements
1 month, 3 weeks ago |
embracethered.com
ChatGPT: Lack of Isolation between Code Interpreter sessions of GPTs
2 months, 1 week ago |
embracethered.com
Video: ASCII Smuggling and Hidden Prompt Instructions
2 months, 1 week ago |
embracethered.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Engineer, Infrastructure Protection
@ Google | Hyderabad, Telangana, India
Senior Security Software Engineer
@ Microsoft | London, London, United Kingdom
Consultor Ciberseguridad (Cadiz)
@ Capgemini | Cádiz, M, ES
Cyber MS MDR - Sr Associate
@ KPMG India | Bengaluru, Karnataka, India
Privacy Engineer, Google Cloud Privacy
@ Google | Pittsburgh, PA, USA; Raleigh, NC, USA