Attackers leverage PyPI to sideload malicious DLLs

Attackers leverage PyPI to sideload malicious DLLs

| | Threat Research
ReversingLabs researchers have observed a clear trend in which open-source platforms and code have become the stage for a growing and diverse range of malicious activity and campaigns. This trend includes hosting ...
Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware

Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware

As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used ...
The Art of Bot Detection: How DataDome Uses Picasso for Device Class Fingerprinting

The Art of Bot Detection: How DataDome Uses Picasso for Device Class Fingerprinting

Learn how DataDome uses Picasso for device class fingerprinting, which can aid in detecting sophisticated bots lying about their environments ...
Malicious PDFs, deepfakes, and romance scams were just some of the 10 billion cyber attacks we saw last year

Malicious PDFs, deepfakes, and romance scams were just some of the 10 billion cyber attacks we saw last year

| | Threat Research
If you've been hoping that cyber attacks were on the decline, brace yourself for a reality check: 2023 was an unprecedented year in cyber threats. We witnessed more than 10 billion attacks ...
GitGot: GitHub leveraged by cybercriminals to store stolen data

GitGot: GitHub leveraged by cybercriminals to store stolen data

| | Threat Research
ReversingLabs researchers have discovered two malicious packages on the npm open source package manager that leverages GitHub to store stolen Base64-encrypted SSH keys lifted from developer systems that installed the malicious npm ...
Python’s Poisoned Package: Another ‘Blank Grabber’ Malware in PyPI

Python’s Poisoned Package: Another ‘Blank Grabber’ Malware in PyPI

Python Package Index (PyPI) is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform’s repository aimed ...

How to Defend Against a Pass the Ticket Attack: AD Security 101

Any organization that relies on Kerberos authentication—the primary authentication method in Active Directory environments—is potentially vulnerable to a Pass the Ticket attack. Organizations that do not regularly patch their systems,... The post ...

CVE-2023-50164: A Critical Vulnerability in Apache Struts

On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected.  ...
Malware leveraging public infrastructure like GitHub on the rise

Malware leveraging public infrastructure like GitHub on the rise

| | Threat Research
The use of public services as command-and-control (C2) infrastructure isn’t a revolutionary technique for malicious actors. ReversingLabs has observed such behavior in several malware campaigns throughout the last few years. Malware authors ...
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS

CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS

TL;DR This blog unveils a remote code execution vulnerability, identified as CVE-2023-22524, in Atlassian Companion for macOS, which has recently been patched. This critical vulnerability stemmed from an ability to bypass both ...