Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. […]
Related Posts
New NGate Android malware uses NFC chip to steal credit card data
New NGate Android malware uses NFC chip to steal credit card data
A new Android malware named NGate can steal money from payment cards by relaying to an attacker’s device the data read by the near-field communication (NFC) chip. […] Read More
Beware Of Malicious Typosquat Package That Steals Your Secret Keys
Beware Of Malicious Typosquat Package That Steals Your Secret Keys
Hackers often target the Solana Python API ecosystem to exploit vulnerabilities in decentralized applications, access private keys, or manipulate transactions on the Solana blockchain.
Recently the Solana Python API ecosystem was targeted by a typosquatting attack (tagged as sonatype-2024-3214).
The official Solana Python API project, known as “solana-py” on GitHub but listed as “solana” on PyPI (Python Package Index) has been typosquatted.
A deceptive package “solana-py” was published by a threat actor who exploited the naming difference.
Cybersecurity researchers at Sonatype affirmed that this fake package mixes legitimate project code with hidden features meant to steal sensitive data in a clever way.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
The attack uses confusion that might be present among developers about the name of the project to set up an unsafe downloading environment for people who unknowingly install the wrong software of the genuine Solana API.
Malicious Typosquat Package
The PyPI published a misleading “solana-py” package which exploited inconsistencies in the nomenclature being used between the project’s legitimate GitHub account (“solana-py”) and its PyPI identity (“solana”).
This scam package tries to look real by employing several tactics like, it uses a higher version number (0.34.5 vs. the legitimate 0.34.3), capitalizes on references to “solana-py” in other libraries’ documentation, and modifies the “init.py” file to include malicious code.
The main danger of this attack is that it exploits that “solana-py” is widely employed in GitHub documentation making developers possibly download the harmful package.
Researchers highlighted several important distinctions such as the false maintainer name being “treefinder” while the actual one being “michaelhly,” demonstrating how it is necessary to check every package added to Python ecosystem for authenticity.
The package “exceptions.py” is a sophisticated attack that hides a malicious ‘solana-py’ and then makes silent calls to Hugging Face’s hosted API in order for the data to be exfiltrated.
Version 0.34.3 of this package __init__.py file modifies a particular function from the solders library which is essential since it helps hackers steal Solana blockchain wallet keys. This way, attackers are able to typosquat ‘solana-py’ and trick developers using legitimate ‘solders’ package.
Subsequently, the compromised application may expose sensitive information about cryptocurrencies belonging to both developers and their users.
This case shows how threat actors in the open-source ecosystem are changing their tactics with respect to projects dealing with cryptocurrency.
It highlights an immediate need for stronger supply chain security mechanisms such as better analysis of third-party dependencies, improved documentation practices, and greater attention to typosquatting risks.
The complete scenario emphasizes how important it is for any software development project, especially those handling critical financial data to maintain a security-first approach throughout its lifecycle.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces
The post Beware Of Malicious Typosquat Package That Steals Your Secret Keys appeared first on Cyber Security News.
Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code
Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code
A critical vulnerability in Western Digital’s My Cloud devices has been identified. An unchecked buffer in the Dynamic DNS client allows attackers to execute arbitrary code.
This vulnerability, designated as CVE-2024-22170, carries a CVSS score of 9.2, indicating a high-severity threat.
The flaw resides in the Dynamic DNS client and can be exploited through a Man-in-the-Middle (MitM) attack.
By intercepting a Dynamic DNS update request and responding with a malicious payload, attackers can cause a buffer overflow, leading to the execution of arbitrary code on affected devices.
The vulnerability affects a range of My Cloud devices, including the My Cloud EX2 Ultra, My Cloud EX4100, My Cloud PR2100, My Cloud PR4100, My Cloud, My Cloud Mirror G2, My Cloud EX2100, My Cloud DL2100, My Cloud DL4100, and WD Cloud.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try It for Free
Users are strongly urged to update their devices to My Cloud OS 5 Firmware version 5.29.102 to protect against potential exploitation.
Western Digital has addressed the vulnerability in the latest firmware update, which includes improvements to enhance the security of My Cloud OS 5 devices.
The company has thanked Claroty Research—Team82—Noam Moshe, working with Trend Micro Zero Day Initiative, for responsibly disclosing this vulnerability.
The potential impacts of this vulnerability are severe, including unauthorized access to sensitive information, modification or corruption of data, and system crashes or unavailability.
Given the critical nature of this vulnerability, users are advised to update their devices immediately and consider additional security measures such as network segmentation and regular system log monitoring.
Affected Devices and Recommended Actions:
My Cloud EX2 Ultra: Update to firmware version 5.29.102
My Cloud EX4100: Update to firmware version 5.29.102
My Cloud PR2100: Update to firmware version 5.29.102
My Cloud PR4100: Update to firmware version 5.29.102
My Cloud: Update to firmware version 5.29.102
My Cloud Mirror G2: Update to firmware version 5.29.102
My Cloud EX2100: Update to firmware version 5.29.102
My Cloud DL2100: Update to firmware version 5.29.102
My Cloud DL4100: Update to firmware version 5.29.102
WD Cloud: Update to firmware version 5.29.102
Users are encouraged to take immediate action to protect their devices and data from potential exploitation.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar
The post Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.