The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.
Follow Dark Reading:
 May 24, 2022
LATEST SECURITY NEWS & COMMENTARY
Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems
The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.
Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT
Analysts have seen a massive spike in malicious activity by the XorDdos Trojan in the last six months, against Linux cloud and IoT infrastructures .
Multiple Governments Buying Android Zero-Days for Spying: Google
An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.
After the Okta Breach, Diversify Your Sources of Truth
What subsequent protections do you have in place when your first line of defense goes down?
Why the Employee Experience Is Cyber Resilience
A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.
(Sponsored Article) 2022: The Year Zero Trust Becomes Mainstream
It has never been more important for organizations of all sizes to prioritize securing their users and their infrastructure secrets with zero-trust network access.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.

Pro-Russian Information Operations Escalate in Ukraine War
In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.

MORE
EDITORS' CHOICE

Partial Patching Still Provides Strong Protection Against APTs
Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.
LATEST FROM THE EDGE

Quantum Key Distribution for a Post-Quantum World
New versions of QKD use separate wavelengths on the same fiber, improving cost and efficiency, but distance is still a challenge.
LATEST FROM DR TECHNOLOGY

QuSecure Carves Out Space in Quantum Cryptography With Its Vision of a Post-RSA World
NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Harnessing the Power of Security Automation

    With many organizations pinched for both dollars and manpower, security and IT teams are turning to a new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. How can companies truly unleash the potential ...

  • Implementing Zero Trust in Your Enterprise

    Attackers have shown time and again that perimeter security is no longer enough to keep them out. The concept of internal users and outsiders doesn't work in network defense when attackers use credential theft and lateral movement to pretend they ...
MORE WEBINARS
FEATURED REPORTS
  • Rethinking Endpoint Security in a Pandemic and Beyond

    IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ...

  • How Enterprises Are Assessing Cybersecurity Risk in Today's Environment

    Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
MORE REPORTS
CURRENT ISSUE

Incorporating a Prevention Mindset into Threat Detection and Response
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Valeo Networks Acquires Next I.T.
Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection
MORE PRODUCTS & RELEASES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |   Informa Tech  |   Privacy Statement  |   Terms & Conditions  |   Contact Us