all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

This Week in Malware—Malicious 'Distutil' and Spring4Shell active exploitation

Add to bookmarks
April 22, 2022, 1:30 p.m. | Ax Sharma

Sonatype Blog blog.sonatype.com




This week in malware we have a lot to go over. A mysterious 'Distutil' Python library found on the PyPI repository, active Spring4Shell exploitation by threat actors deploying crypto-miners, ProxyShell exploits targeting Microsoft Exchange servers, an open source utility claiming to add Google Play store to PCs but containing obfuscated malware, ongoing dependency confusion attempts, and last but not the least, the GitHub OAuth tokens compromise, that impacted a dozen organizations including npm.

dependency confusion devzone exploitation github malicious malware nexus firewall spring4shell this week in malware vulnerabilities

Visit resource

More from blog.sonatype.com / Sonatype Blog

DevOps pioneers navigate organizational transformation 1 day ago | blog.sonatype.com
depth devops devops transformation download +13
Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens' 3 days, 3 hours ago | blog.sonatype.com
cases dependency dependency confusion flood +19
The essential duo of SCA and SBOM management 1 week ago | blog.sonatype.com
application application security attacks duo +16
Automating and maintaining SBOMs 2 weeks ago | blog.sonatype.com
artifact automation bill components +11
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma 2 weeks, 4 days ago | blog.sonatype.com
attack attacks backdoor bank +26
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma 2 weeks, 4 days ago | blog.sonatype.com
attack attacks backdoor bank +26
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern 3 weeks ago | blog.sonatype.com
apache cyclonedx devzone experience +14
Cyber readiness and SBOMs 3 weeks, 3 days ago | blog.sonatype.com
academic academic research advanced bills +22
Open source ML/AI models: attackers' next target 4 weeks ago | blog.sonatype.com
ai models apps art attackers +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

SOC Cyber Threat Intelligence Expert

@ Amexio | Luxembourg, Luxembourg, Luxembourg
View on infosec-jobs.com

Systems Engineer - SecOps

@ Fortinet | Dubai, Dubai, United Arab Emirates
View on infosec-jobs.com

Ingénieur Cybersécurité Gouvernance des projets AMR H/F

@ ASSYSTEM | Lyon, France
View on infosec-jobs.com

Senior DevSecOps Consultant

@ Computacenter | Birmingham, GB, B37 7YS
View on infosec-jobs.com
View more jobs