all InfoSec news
Python packages upload your AWS keys, env vars, secrets to the web
June 23, 2022, 2:53 p.m. | Ax Sharma
Sonatype Blog blog.sonatype.com
Last week, Sonatype discovered multiple Python packages that not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.
These packages were discovered by Sonatype's automated malware detection system, offered as a part of Nexus platform products, including Nexus Firewall. On a further review, we deemed these packages malicious and reported them to PyPI.
aws devzone featured keys malware prevention nexus firewall pypi python secrets the web vulnerabilities web
More from blog.sonatype.com / Sonatype Blog
Cyber readiness and SBOMs
1 day, 21 hours ago |
blog.sonatype.com
Open source ML/AI models: attackers' next target
5 days, 22 hours ago |
blog.sonatype.com
Streamline your SBOM management with SBOM Manager
1 week, 2 days ago |
blog.sonatype.com
How to safeguard your software supply chain
1 week, 5 days ago |
blog.sonatype.com
Comparing and converting between SBOM formats
1 week, 5 days ago |
blog.sonatype.com
What are SBOM standards and formats?
2 weeks, 5 days ago |
blog.sonatype.com
Jobs in InfoSec / Cybersecurity
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Azure Security Architect
@ First Quality | Remote US - Eastern or Central Timezone
Senior Security Engineer
@ LRQA | Birmingham, GB, B37 7ES
Product Security Intern
@ Sinch | Chicago, Illinois, United States
Cyber Support Engineer
@ Darktrace | New York