MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
pypi
Recherche

Supply-chain attack analysis: Ultralytics (PyPI Blog)

jeudi 12 décembre 2024, 17:26 , par LWN.net
The Python Package Index (PyPI) Blog has an analysis
of the compromise of
the ultralytics
project, and what PyPI has learned from this event:

PyPI staff and volunteers do their best to remove malware, but
because the service is open to anyone looking to publish software
there is an unfortunately high amount of abuse. Thankfully most of
this abuse does not have the same widespread impact as a targeted
attack on an already widely-used project.

Mike Fiedler, the PyPI Safety and Security Engineer is working on
new systems for reducing the time that malware is available to be
installed on PyPI, through APIs
that security researchers can automatically send reports to and
new 'quarantine'
release status to prevent harm while a human investigates the
situation. Expect more in this space in 2025!
Lire la suite sur LWN.net
https://lwn.net/Articles/1001909/

Voir aussi

pypi Billionaire founder of fashion chain falls and dies while hiking in Spain BoingBoing17 Dec
blog Stripper goes berserk, stabs DJ at Portland club in brutal attack (video) BoingBoing17 Dec
attack 2025 is set to bring changes in technology adoption and the evolving attack surface BetaNews15 Dec
ultralytics Yearlong Supply-Chain Attack Targeting Security Pros Steals 390,000 Credentials Slashdot14 Dec
analysis The US Military is Now Talking Openly About Going On the Attack in Space Slashdot13 Dec
abuse California DMV sorry for issuing vanity plate mocking October 7 attack on Israel BoingBoing13 Dec
security Google Gemini 2.0 Flash comes out with real-time conversation, image analysis TheRegister11 Dec
project Lady feeds bovine and gets a surprise tongue attack BoingBoing11 Dec
supply-chain 3 takeaways from the Ultralytics AI Python library hack InfoWorld11 Dec
malware US names Chinese national it alleges was behind 2020 attack on Sophos firewalls TheRegister11 Dec
pypi Fully patched Cleo products under renewed 'zero-day-ish' mass attack TheRegister10 Dec
blog Containers are a weak link in supply chain security BetaNews10 Dec
attack Mysterious outbreak with high fatality rate in the DRC could imperil tech supply chains TheRegister 9 Dec
ultralytics Supply chain compromise of Ultralytics AI library results in trojanized versions InfoWorld 9 Dec
analysis OpenWrt orders router firmware updates after supply chain attack scare TheRegister 9 Dec
abuse In-depth analysis of Grand Theft Auto V's power infrastructure BoingBoing 9 Dec
security Abusing Git branch names to compromise a PyPI package LWN.net 6 Dec
project ‘Tis the Season for COSMIC Alpha 4! (System76 Blog) LWN.net 5 Dec
supply-chain This sneaky phishing attack is a new take on a dirty old trick PC World 5 Dec
malware Attack on Titan VR : Unbreakable tranchera des nuques le 17 décembre GameKult 5 Dec
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
mer. 18 déc. - 19:05 CET