all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Python downloader highlights noise problem in open source threat detection

Add to bookmarks
June 5, 2024, noon | Karlo Zanki

Security Boulevard securityboulevard.com




ReversingLabs researchers recently discovered a malicious, open source package: xFileSyncerx on the Python Package Index (PyPI). The package, with close to 300 registered downloads, contained separate malicious “wiper” components. Is it an open source supply chain threat? Kind of. Further investigation by our team uncovered the fact that the downloader and wipers were created by a cybersecurity pro doing “red team” penetration testing of a client’s SOC. 


This incident highlights a growing challenge for firms that track (and defeat) open …

components detection downloader downloads fact index investigation kind malicious noise open source open source supply chain package problem pypi python python package python package index researchers reversinglabs supply supply chain team threat threat detection threat research uncovered wiper

Visit resource

More from securityboulevard.com / Security Boulevard

WordPress Plugin Supply Chain Attack Gets Worse an hour ago | securityboulevard.com
analytics & intelligence api security appsec attack +63
A WIN for Cloud Security with Adaptive Shield and Wiz an hour ago | securityboulevard.com
adaptive shield applications assets cloud +28
Malicious npm package targets AWS users 2 hours ago | securityboulevard.com
aws easy malicious malicious actors +19
New Portal Helps Devs Spot Malicious Open Source Packages 2 hours ago | securityboulevard.com
best of blog commercial developers +23
GAO Urges Action to Address Critical Cybersecurity Challenges Facing U.S. 2 hours ago | securityboulevard.com
accountability action address analytics & intelligence +24
Misconfigured MFA Increasingly Targeted by Cybercriminals 2 hours ago | securityboulevard.com
2fa authentication cisco cisco talos +27
The Check Point Challenge: Safeguarding Against the Latest CVE 4 hours ago | securityboulevard.com
blog challenge check check point +7
Prioritizing Exposures vs. Prioritizing Actions 4 hours ago | securityboulevard.com
actions blog critical critical vulnerabilities +8
6 Tips for Preventing DDoS Attacks Using Rate Limits 6 hours ago | securityboulevard.com
apis attackers attacks blocking +22

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel
View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN
View on infosec-jobs.com