Search This Blog

Showing posts with label python. Show all posts

Python Package Index Removed 3,653 Noxious Packages after a Vulnerability

 

The Python Package Index, otherwise called PyPI, has eliminated 3,653 noxious packages uploaded days after a security vulnerability in the utilization of private and public registries was highlighted. The Python Package Index is the official third-party software repository for Python. It is analogous to CPAN, the repository for Perl. Some package managers, including pip, use PyPI as the default source for packages and their dependencies. More than 235,000 Python packages can be accessed through PyPI. 

Python developers use PyPI to add software libraries composed by different developers in their own ventures. Other programming languages implement similar package management systems, all of which request some degree of trust. Developers are frequently encouraged to audit any code they import from an external library however that advice isn't constantly followed. Package management systems like npm, PyPI, and RubyGems have all had to eliminate sabotaged packages as of recent years. Malware creators have discovered that in the event that they can get their code included in well-known libraries or applications, they get free dissemination and trust they haven't acquired. 

A month ago, security researcher Alex Birsan showed that it is so easy to exploit these systems through a type of typosquatting that misused the interplay between public and private package registries. The downpour of vindictive Python packages over the previous week included unauthorized versions of projects like CuPy, an implementation of NumPy-compatible multi-dimensional array on CUDA, Nvidia's parallel computing platform. 

In a GitHub issued post, Kenichi Maehashi, a project maintainer, relates how cupy-cuda112 (CuPy worked for CUDA 11.2) was uploaded on February 25, 2021, then detected and eliminated a day later. Python has a policy for managing such a thing. On Monday, Ee W. Durbin III, director of infrastructure at the Python Foundation, said the large number of culpable packages had been taken out but expressed hesitance to boycott the account responsible because the account holder could simply register for another account. 

The name utilized by the malware writer, "RemindSupplyChainRisks," gives off an impression of being an attempt to call attention to an aspect of software distribution that most developers already understand is fraught with potential problems.

PoetRAT Targeting Public and Private Sector in Azerbaijan

 



APT groups have been targeting the public sector and other major organizations in Azerbaijan via recent versions of PoetRAT. Notably, the threat actor has advanced from Python to Lua script and makes use of Word documents to deploy malicious software.
 
PoetRAT was first discovered by Cisco Talos, it was being distributed using URLs that falsely appeared as Azerbaijan’s government domains, giving researchers a reason to believe that the adversaries intended to target citizens of the Eurasian country, Azerbaijan. The threat actors also attacked private organizations in the SCADA sector such as ‘wind turbine systems’. However, the recent campaigns that unfolded in the months of September and October were targeted towards the public sector and VIPs. In later updated versions, the operators worked out a new exfiltration protocol to cover their activities and avoid being caught. 
 
Written in Python and split into various parts, the malware provides full control of the infected system to the operation. It gathers documents, pictures from the webcam, and even passwords, employing other tools. In an attempt to improve their operational security (OpSec), the attacker replaces protocol and performs reconnaissance on infected machines. 
 
Over the past months, the developers of the malware have continuously evolved their strategies to penetrate into more sophisticated targets. The campaign demonstrates how the attackers manually pushed additional tools like keyloggers when required onto the infected machines. To name a few more, camera control applications, generic password stealers, and browser- focused password stealers. Besides malware campaigns, the operators also employed the same infrastructure to perform a phishing campaign wherein the phishing website impersonates the webmail of Azerbaijan’s Government.
 
Other instances when Azerbaijan grappled with cyberattacks include a data breach faced by the Azeri Navy sailors. The hacked data belonged to 18,872 sailors of the Azerbaijan Navy which included their full names, DOB, passport numbers, and expiry dates. In another attack, a U.K based live flight tracking service underwent DDoS attacks that temporarily halted its services, the attack is alleged to be having links with the ongoing geopolitical conflicts in Azerbaijan.

Indian Copyright Office Asks for Executable File for Website Code?


India copyright office grants a series of rights to the developer of a computer program that protects his original creation legally. Under the Copyright Act, computer programming codes can be registered as ‘literary works’. As the program is safeguarded by copyrights, each subsequent modification or addition to the code containing sufficient originality will also be protected under the law. Generally, a computer program is preserved not by just one copyright but by a set of copyrights beginning from the first source code written till the last addition by the creator.

Although, source code and object code differ from each other, the copyright office views both of the code forms as equal for registration purposes – maintaining the notion that the source code and object code are just two distinct forms of the same copyrighted program.

Copyright ownership refers to a collection of rights that gives the creator an exclusive right to use the original creation like a song, literary work, movie, or software. It means that the original authors of works and the people/company to whom they have given authorization to are the only ones having exclusive right to reproduce the creation.

Recently, a company director applied for copyrights for his PHP and python program. However, to his surprise, the Indian copyright office started asking for an executable file. It’s a well-known fact that PHP code used in websites does not have an executable file, hence there was no possible way that the director could have provided the executable file for his PHP program. The question still remains how the officials at the Indian copyright office are not aware of the fact that there is no executable file for website code, moreover, why do they even require it in the first place?

In India, the Copyright Act, 1957 grants protection to the Intellectual Property Rights (IPR) of computer software. As per the definition in the Indian Copyright Act, Computer programs are classified as ‘literary works’. Accordingly, the rights of computer software are protected under the provisions of the Act.