all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Python packages with malicious code expose secret AWS credentials

Add to bookmarks
June 27, 2022, 7:03 a.m. | Help Net Security

Help Net Security www.helpnetsecurity.com

Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and environment variables. All those credentials and metadata then get uploaded to one or more endpoints, and anyone on the web can see this. Going up a directory level showed hundreds of TXT files containing sensitive information and secret. In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, explains the … More →


The post …

amazon web services aws code credentials cybercrime cybersecurity don't miss hot stuff malicious python research secret sonatype video

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! 15 hours ago | www.helpnetsecurity.com
coveware cybercriminals don't miss extortion +20
LastPass users targeted by vishing attackers 17 hours ago | www.helpnetsecurity.com
attackers com cryptochameleon domain +21
Protobom: Open-source software supply chain tool 23 hours ago | www.helpnetsecurity.com
administrators amp bill born +28
The key pillars of domain security 23 hours ago | www.helpnetsecurity.com
assets auditing campaigns ciso +34
51% of enterprises experienced a breach despite large security stacks 1 day ago | www.helpnetsecurity.com
attack attack surface breach ciso +24
New infosec products of the week: April 19, 2024 1 day ago | www.helpnetsecurity.com
access april critical critical data +15
Gurucul federated search provides insights into data that is not centralized 1 day, 13 hours ago | www.helpnetsecurity.com
capabilities cloud console data +19
AuditBoard expands executive team to support the next phase of growth 1 day, 15 hours ago | www.helpnetsecurity.com
addition appointed auditboard award +25
Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) 1 day, 15 hours ago | www.helpnetsecurity.com
attacker avalanche aware critical +31

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Intermediate Security Engineer, (Incident Response, Trust & Safety)

@ GitLab | Remote, US
View on infosec-jobs.com

Journeyman Cybersecurity Triage Analyst

@ Peraton | Linthicum, MD, United States
View on infosec-jobs.com

Project Manager II - Compliance

@ Critical Path Institute | Tucson, AZ, USA
View on infosec-jobs.com

Junior System Engineer (m/w/d) Cyber Security 1

@ Deutsche Telekom | Leipzig, Deutschland
View on infosec-jobs.com
View more jobs