VMConnect supply chain attack continues, evidence points to North Korea | allinfosecnews.com

Aug. 31, 2023, 12:10 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases.

The research team has continued monitoring PyPI …

attack august campaign korea malicious north north korea package packages points popular pypi python python package python package index python tools repository research reversinglabs supply supply chain supply chain attack team tools vmconnect vmware vmware vsphere vsphere wrapper

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Deepfakes and AI-Driven Disinformation Threaten Polls 35 minutes ago | malware.news

access article campaigns deepfakes +13

Malware development trick 38: Hunting RWX - part 2. Target process investigation tricks. Simple C/C++ … 40 minutes ago | malware.news

cybersecurity development hackers hello +16

Beyond the Evidence: Leveraging Decision Intelligence to Drive Better Outcomes in Digital Forensics an hour ago | malware.news

beyond communications crime decision +18

Graph: Growing number of threats leveraging Microsoft API an hour ago | malware.news

api article blogs cloud +12

The Future of Passwordless Authentication in Cybersecurity an hour ago | malware.news

actions authentication biometric clicking +15

Vulnerability in CraftBeerPi 4 software 2 hours ago | malware.news

article cert cert polska cve +9

Operation PANDORA shuts down 12 phone fraud call centres 3 hours ago | malware.news

bank call cash customer +16

Security Awareness Service Release on April 29, 2024 4 hours ago | malware.news

april article awareness delivery +12

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps 4 hours ago | malware.news

android android apps application applications +24

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC

@ SAP | Dublin 24, IE, D24WA02

View on infosec-jobs.com

Product Security Response Engineer

@ Intel | CRI - Belen, Heredia

View on infosec-jobs.com

Application Security Architect

@ Uni Systems | Brussels, Brussels, Belgium

View on infosec-jobs.com

Sr Product Security Engineer

@ ServiceNow | Hyderabad, India

View on infosec-jobs.com

Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)

@ FiscalNote | United Kingdom (UK)

View on infosec-jobs.com