The CEO at Redwood Research, Buck Shlegeris, a nonprofit company exploring AI's risks, recently learned an amusing but hard lesson in automation when he asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine. "I expected the model would scan the network and find the desktop computer, then stop," Shlegeris explained. "I was surprised that after it found the computer, it decided to continue taking actions, first examining the system and then deciding to do
python (7)
The Checkmarx Research team recently discovered an attack campaign targeting the software supply chain, with evidence of successful exploitation of multiple victims. These include the Top.gg GitHub organization (a community of over 170k users) and several individual developers. The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom Python mirror, and publishing malicious
The cloud hack tool scene is highly intertwined, with many tools relying on one another’s code. This is particularly true for malware families like AlienFox, Greenbot, Legion, and Predator, which share code from a credential scraping module called Androxgh0st. Analysts identified a tool that is related but distinct from these families. FBot is a Python-based attack tool with features to target web servers and cloud services as well as Software-as-a-Service (SaaS) technologies, including:
- Ama
Partial encryption is a growing trend in the world of ransomware, but with it comes the potential for data recovery on affected files. We’ll give an overview here on what the term “partial encryption” means. It is perhaps more accurate to say, “intermittent encryption,” but even so, it will be important to understand this recent trend in how many ransomware infections operate. From there, we’ll introduce White Phoenix, the freely available tool developed by CyberArk which can be used on part
By monitoring an open-source ecosystem, the FortiGuard Labs team recently discovered over 60 zero-day attacks embedded in PyPI packages (Python Package Index) between early February and mid-March of 2023. In this report[1], analysts cover all the packages found, grouping them into similar attacks or behaviors.
The packages in this set were found to be similar:
- py-hydraurlstudy (version 2.37)
- tptoolpywgui (version 10.56)
- libgetrandram (version 7.78)
- esqultraultrapong (version 7.37)
- esqhacke
Security researchers have identified more than 20 malicious PyPI packages designed to steal passwords and other sensitive information from the victims’ machines. Investigators are warning of two such packages ‘ultrarequests’ and ‘pyquest’ that were masquerading as ‘requests’, a highly popular open source package. The malicious repositories copied the description from the legitimate package and contained fake statistics. PyPI as an index which allows users to search for packages by keywords o
An adversary known for targeting the Financial Cyber Sector, at least since 2018, has switched up its tactics to include a new Python-based remote access Trojan (RAT).[1] This RAT can steal passwords, documents, browser cookies, email credentials, software licenses, and credentials for trading software/platforms, customer credit card information, and proof of address/identity documents, and other sensitive information. The group is suspected of offering APT style hacker-for-hire services to o