all InfoSec news
Python downloader highlights noise problem in open source threat detection
Security Boulevard securityboulevard.com
ReversingLabs researchers recently discovered a malicious, open source package: xFileSyncerx on the Python Package Index (PyPI). The package, with close to 300 registered downloads, contained separate malicious “wiper” components. Is it an open source supply chain threat? Kind of. Further investigation by our team uncovered the fact that the downloader and wipers were created by a cybersecurity pro doing “red team” penetration testing of a client’s SOC.
This incident highlights a growing challenge for firms that track (and defeat) open …
components detection downloader downloads fact index investigation kind malicious noise open source open source supply chain package problem pypi python python package python package index researchers reversinglabs supply supply chain team threat threat detection threat research uncovered wiper