Python

Malware & Threats

Issued by: Security Affairs

Bitdefender researchers discovered a set of malicious files with backdoor capabilities that are suspected to be part of a sophisticated toolkit designed to target Apple macOS systems. The investigation is still ongoing, the experts pointed out that the samples are still largely undetected. The researchers analyzed a total of four samples that were uploaded to…

News

Issued by: Dark Reading

Google has added a new certification program aimed at training a new generation of cybersecurity professionals under its existing Google Career Certificates initiative. Google estimates there are currently more than 750,000 open cybersecurity jobs in the US alone, while meanwhile the rate of cyberattacks increased 38% globally. The new Google Cybersecurity Certificate program will offer…

Software Security

Issued by: Dark Reading

An unknown attacker slipped a malicious binary into the PyTorch machine learning project by registering a malicious project with the Python Package Index (PyPI), infecting users’ machines if they downloaded a nightly build between Dec. 25 and Dec. 30. The PyTorch Foundation stated in an advisory on Dec. 31 that the effort was a dependency…

Vulnerabilities

Issued by: Security Week

The vulnerability in question is CVE-2007-4559, initially described as a directory traversal vulnerability in Python’s ‘tarfile’ module that could allow an attacker to remotely overwrite arbitrary files by convincing users to process specially crafted tar archives. The flaw was never properly patched and instead users were warned not to open archive files from untrusted sources….

Vulnerabilities

Issued by: CIO Security

Java and Python FTP attacks can punch holes through firewalls

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks. On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.