all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Python packages upload your AWS keys, env vars, secrets to the web

Add to bookmarks
June 23, 2022, 2:53 p.m. | Ax Sharma

Security Boulevard securityboulevard.com




Last week, Sonatype discovered multiple Python packages that not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.


These packages were discovered by Sonatype's automated malware detection system, offered as a part of Nexus platform products, including Nexus Firewall. On a further review, we deemed these packages malicious and reported them to PyPI.


The post Python packages upload your AWS keys, env vars, secrets to the web appeared first on Security …

aws devzone featured keys malware prevention nexus firewall pypi python secrets the web vulnerabilities web

Visit resource

More from securityboulevard.com / Security Boulevard

Cradlepoint Adds SASE Platform for 5G Wireless Networks 2 hours ago | securityboulevard.com
5g access cloud cloud service +28
USENIX Security ’23 – Token Spammers, Rug Pulls, and Sniper Bots: An Analysis of the … 5 hours ago | securityboulevard.com
access analysis authors binance +21
USENIX Security ’23 – Token Spammers, Rug Pulls, and Sniper Bots: An Analysis of the … 5 hours ago | securityboulevard.com
access analysis authors binance +20
CoralRaider Group Delivers Three Infostealers via CDN Cache 6 hours ago | securityboulevard.com
cache campaign cdn cisco +33
Daniel Stori’s ‘New Job’ 7 hours ago | securityboulevard.com
daniel daniel stori humor job +6
DirectDefense Report Sees Shifts in Cyberattack Patterns 8 hours ago | securityboulevard.com
analytics & intelligence cloud security cyberattack cyberattacks +24
Secure-by-Design Software in DevSecOps 9 hours ago | securityboulevard.com
design devops devsecops expertise +11
USENIX Security ’23 – Snapping Snap Sync: Practical Attacks on Go Ethereum Synchronising Nodes 9 hours ago | securityboulevard.com
access attacks authors channel +17
How AI is Revolutionizing B2B SaaS: Driving Growth, Saving Time, and Boosting Your Bottom Line 9 hours ago | securityboulevard.com
ai and b2b saas growth ai. artificial intelligence ai for lead generation b2b saas ai-powered b2b sales tools +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

EY GDS Internship Program - SAP, Cyber, IT Consultant or Finance Talents with German language

@ EY | Wrocław, DS, PL, 50-086
View on infosec-jobs.com

Security Architect - 100% Remote (REF1604S)

@ Citizant | Chantilly, VA, United States
View on infosec-jobs.com

Network Security Engineer - Firewall admin (f/m/d)

@ Deutsche Börse | Prague, CZ
View on infosec-jobs.com

Junior Cyber Solutions Consultant

@ Dionach | Glasgow, Scotland, United Kingdom
View on infosec-jobs.com

Senior Software Engineer (Cryptography), Bitkey

@ Block | New York City, United States
View on infosec-jobs.com
View more jobs