CyberSecurity news
FlagThis - #supplychainsecurity
|
@socket.dev
//
A malicious Python package named 'discordpydebug' has been discovered on the Python Package Index (PyPI) repository, posing a significant threat to Discord developers. The package, disguised as a simple utility for debugging Discord bots, actually contains a remote access trojan (RAT). This RAT allows attackers to execute commands and exfiltrate data from infected systems via a covert command-and-control (C2) channel. The 'discordpydebug' package was uploaded on March 21, 2022, and has since been downloaded over 11,000 times, putting numerous developer systems at risk.
The 'discordpydebug' package targets developers who build or maintain Discord bots. The attackers took advantage of the fact that PyPI doesn't enforce strict security audits, misleading developers with a legitimate-sounding name and copying code from popular projects to appear trustworthy. The package establishes communication with an attacker-controlled server at "backstabprotection.jamesx123.repl[.]co", and includes features to read and write arbitrary files based on commands received from the server, along with the ability to run shell commands. The simplicity of the RAT is what makes it effective. The package avoids inbound connections, instead opting for outbound HTTP polling to bypass firewalls and security monitoring tools, especially in less controlled development environments. This discovery highlights the increasing danger of software supply chain attacks and the importance of vigilance when installing packages from open-source repositories. The Socket Research Team urges developers to be cautious and scrutinize any third-party tools or code snippets shared within the Discord developer community.
Share:
References :
Classification:
ross.kelly@futurenet.com (Ross@Latest from ITPro
//
Hertz Corporation has announced a data breach affecting customers of its Hertz, Thrifty, and Dollar car rental brands. The breach stems from the exploitation of Cleo zero-day vulnerabilities in late 2024. Customer data, including personal information and driver's licenses, was stolen. The company confirmed the breach on February 10, 2025, stating that an unauthorized third party acquired Hertz data by exploiting vulnerabilities within Cleo's platform in October and December 2024.
The stolen data varies depending on the region, but generally includes customer names, dates of birth, contact information, driver's licenses, payment card information, and workers' compensation claims. In some instances, Social Security numbers and other government-issued identification numbers were also compromised. Notices about the breach have been posted on Hertz websites for customers in Australia, Canada, the European Union, New Zealand, the United Kingdom, and several U.S. states, including California, Maine, and Texas. Hertz has disclosed that at least 3,400 customers in Maine and some 96,665 customers in Texas were affected. The company attributed the breach to vulnerabilities in Cleo's software, which was targeted by the Clop ransomware gang in 2024. This breach highlights the significant cybersecurity risks associated with third-party vendors and the potential for mass data theft. It is another example of the widespread consequences that can occur from zero-day exploits in widely used enterprise file transfer products. Those affected have been advised to take precautions to protect their personal and financial information.
Share:
References :
Classification:
|