'Revival Hijack' on PyPI Disguises Malware With Legitimate File Names

Adversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game. [TechWeb]( Follow Dark Reading: [RSS]( September 05, 2024 LATEST SECURITY NEWS & COMMENTARY ['Revival Hijack' on PyPI Disguises Malware With Legitimate File Names]( Adversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game. [FBI: North Korean Actors Readying Aggressive Cyberattack Wave]( Sophisticated social engineering is expected to accompany threat campaigns that are highly targeted and aimed at stealing crypto and deploying malware. [CEO's Arrest Will Likely Not Dampen Cybercriminal Interest in Telegram]( In recent years, the platform has become a go-to tool for executing almost all conceivable cybercriminal activity. [How CISOs Can Effectively Communicate Cyber-Risk]( A proximity resilience graph offers a more accurate representation of risk than heat maps and risk registers, and allows CISOs to tell a complex story in a single visualization. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [North Korea's 'Citrine Sleet' APT Exploits Zero-Day Chromium Bug]( Microsoft warned that the DPRK's latest innovative tack chains together previously unknown browser issues, then adds a rootkit to the mix to gain deep system access and steal crypto. [Improved Software Supply Chain Resilience Equals Increased Security]( Understanding through visibility, managing through governance, and anticipating through continuous deployment will better prepare organizations for the next supply chain attack. [Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant]( The malware, first discovered two years ago, has returned in campaigns using SEO poisoning. [Why Identity Teams Need to Start Reporting to the CISO]( Identity management sits with IT for good reason, but now that identity is the common denominator in every attack, it's time identity security was owned by a leader with a security background, like the CISO. [MORE]( PRODUCTS & RELEASES [AuthenticID Unveils Enhanced Smart ReAuth™ for Instant Biometric Reauthentication]( [SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024]( [77% of Educational Institutions Spotted a Cyberattack Within the Last 12 Months]( [Pluralsight Releases Courses to Help Cyber Pros Defend Against Volt Typhoon Hacker Group]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [BlackCat Spin-off 'Cicada3301' Uses Stolen Creds on the Fly, Skirts EDR]( Malware authors have iterated on one of the premier encryptors on the market, building something even bigger and better. LATEST FROM THE EDGE [White House Unveils Road Map to Fix BGP]( The White House Office of the National Cyber Director released a plan outlining steps network operators and service providers need to take to secure BGP from abuse and configuration errors. LATEST FROM DR TECHNOLOGY [Open Source Tool Allows Voters to Verify Election Results]( The ElectionGuard project allows anyone — voters, campaign staffers, and election officials — to cryptographically verify ballots, a promise which may bolster faith in election integrity. LATEST FROM DR GLOBAL [Indian Army Propaganda Spread by 1.4K AI-Powered Social Media Accounts]( For three years now, more than a thousand social media accounts have been reposting the same pro-India, anti-Pakistan content on Facebook and X. WEBINARS - [DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations]( - [How to Evaluate Hybrid-Cloud Network Policies and Enhance Security]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Evolve Your Ransomware Defense]( - [A CISO's Guide to Geopolitics and CyberSecurity]( - [Generative AI Gifts]( - [Ten Elements of Insider Risk in Highly Regulated Industries]( - [Boston Beer Company Transforms OT Security & Reduces Costs]( - [OT Cybersecurity Glossary & Quick Start Guide]( - [The Future of Audit, Risk, and Compliance: Exploring AI's Transformative Impact, Use Cases, and Risks]( [View More White Papers >>]( FEATURED REPORTS - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125521&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.05.24&sp_cid=54955&utm_content=DR_NL_Dark%20Reading%20Daily_09.05.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ec If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)