Python packages caught using DLL sideloading to bypass security

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools.

On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by malicious actors to execute code discreetly and evade detection from security tools.

This...

Gemini Pro: Google empowers developers with advanced AI capabilities

Google has announced the availability of its AI model Gemini Pro for developers and enterprises to craft solutions for their specific needs. This move is accompanied by a commitment to ongoing refinement based on user feedback.

Gemini comes in three distinctive sizes: Ultra, Pro, and Nano. The Nano version has already been integrated into Android – starting with the Pixel 8 Pro – while a specially tuned iteration of Gemini Pro is embedded in Bard.

Empowering...

Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in, successfully garnered thousands of downloads. The malicious payload, embedded within the...

Lightning AI becomes a PyTorch Foundation premier member

The PyTorch Foundation, a neutral hub facilitating collaboration within the deep learning community, has announced that Lightning AI has become a premier member.

Lightning AI is the driving force behind PyTorch Lightning, an open-source framework and platform empowering companies to construct and deploy cutting-edge AI products employing the latest generative AI models.

Luca Antiga, CTO of Lightning AI, expressed the importance of this collaboration:

“By...

Python Developers Survey: Python 2 clings on for certain use cases

A new survey from the Python Software Foundation has found that while Python 3 remains dominant both for work and play, usage of Python 2 crept up from the previous year.

The study, in association with JetBrains which polled more than 23,000 Python developers, found 93% of respondents had already implemented Python 3, based on responses from the end of 2022. Yet this was down on the 95% cited from the previous year.

To find a reason why, there are a few small clues based...

Graphcore joins PyTorch Foundation as a general member

The PyTorch Foundation, a home for the deep learning community to collaborate on the open-source PyTorch framework and ecosystem, has announced that Graphcore is joining its ranks.

Graphcore – a Bristol, UK-based company specialising in designing and manufacturing AI accelerators, hardware, and software tailored for AI and machine learning workloads – has joined as a general member of the foundation.

PyTorch has long been a go-to framework for developers in the field...

Intel joins PyTorch Foundation as a ‘Premier’ member

Intel has become a ‘Premier’ member of the PyTorch Foundation in a move aimed at propelling the advancement of AI.

PyTorch is a popular open-source framework that accelerates AI application development and facilitates experimentation that can lead to creative breakthroughs in the field. The framework was originally developed by Meta AI and is now part of the Linux Foundation.

Intel's involvement with PyTorch dates back to 2018, with a clear vision to democratise AI...

Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign

In a recent analysis conducted by Sonatype, a malicious Python Package Index (PyPI) package named 'VMConnect' was discovered masquerading as the legitimate VMware vSphere connector module 'vConnector'.

The counterfeit package was found to contain sinister code designed to compromise users' systems. Further investigation revealed an ongoing campaign involving additional packages like "ethter" and "quantiumbase," all sharing the same structure and payload.

The 'VMConnect'...

Sonatype uncovers further malicious PyPI and npm packages

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries.

Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm "colors" library.

The malicious packages, including names such as "broke-rcl," "brokescolors," and "trexcolors," exclusively targeted the Windows operating system. Once installed, these packages would initiate the...

PyPI suspends new projects and users due to malicious activity

The PyPI (Python Package Index) team has temporarily suspended new projects and users on their platform due to malicious activity.

This surge in malicious activity aligns with a larger trend observed across several open-source registries in recent months. Notably, incidents such as the flood of malicious packages on the NPM JavaScript package manager and a similar attack on the Nuget package manager last year, involving over 140,000 malicious packages, have highlighted the...