The Hacker News Daily Updates

Researchers find PyPI package hiding malicious code.

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 10 November 2022, 1556 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/?ogbl#inbox/FMfcgzGqRZZXfqNHWGfRcmKJDlhMTbbd

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

How Enterprises Are Attacking the Cybersecurity Problem Report Cloud, supply chain, and endpoint security emerge as major focus areas Download Now Sponsored

LATEST NEWS Nov 10, 2022

Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File A malicious package discovered on the Python Package Index (PyPI) has been found employing a steganographic trick to conceal malicious code within image files. The package in question, named "apicolor," was uploaded to the Python third-party repository on October 31, 2022, and described as a "Core ... Read More

Is Cybersecurity Awareness Month Anything More Than PR? Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways:  The public, by taking action to stay safe online. Professionals, by joining the cyber ... Read More

Top 10 Vulns Impacting Open Source in 2022 You might know all about the incredibly useful and insightful OWASP Top 10 list from 2021, but what about the exact CVEs that could be lurking in your applications? Check out Snyk Top 10 Open Source Vulnerability report to get up to date on 2022's most common ... Read More

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized ... Read More

High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ... Read More

Re-Focusing Cyber Insurance with Security Validation The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump ... Read More

New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. ... Read More

APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming following a successful phishing attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as ... Read More

How Enterprises Are Attacking the Cybersecurity Problem Report Cloud, supply chain, and endpoint security emerge as major focus areas Download Now Sponsored