Python

Code injection in Python: examples and prevention

Dec 6, 2023 By Lucien Chemaly In Snyk

As software becomes increasingly integral to our professional and personal lives, the need to protect information and systems from malicious attacks grows proportionately. One of the critical threats that Python developers must grapple with is the risk of code injection, a sophisticated and often devastating form of cyberattack.

Read Post

Snyk

Read more about Code injection in Python: examples and prevention

File encryption in Python: An in-depth exploration of symmetric and asymmetric techniques

Nov 22, 2023 By Keshav Malik In Snyk

In our modern world, we constantly share private, confidential, and sensitive information over digital channels. A fundamental component of this communication is file encryption — transforming data into an unreadable format using encryption algorithms.

Read Post

Snyk

Read more about File encryption in Python: An in-depth exploration of symmetric and asymmetric techniques

Uncovering thousands of unique secrets in PyPI packages

Nov 13, 2023 By Guest Expert In GitGuardian

Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.

Read Post

GitGuardian

Read more about Uncovering thousands of unique secrets in PyPI packages

Friday Flows Episode 12: From Code to Clicks

Nov 6, 2023 By Tines In Tines

On this Friday Flows Jesse Strivelli shares a side-by-side comparison of an automation written in Python & built in Tines. The workflow is around triaging alerts for an eCommerce business. The goal is to ingest the alert, enrich & get further analysis, and take action if there's a high-risk score. Jesse has been a software developer at Fortune 100 organizations for most of his career. And while coding remains near & dear to his heart, he shares how building in Tines now saves him time & headaches.

View Video

Tines

Read more about Friday Flows Episode 12: From Code to Clicks

New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials

Sep 14, 2023 By Jan Michael In Netskope

Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology sectors.

Read Post

Netskope

Read more about New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials

Finding and fixing insecure direct object references in Python

Jul 19, 2023 By Keshav Malik In Snyk

An insecure direct object reference (IDOR) is a security vulnerability that occurs when a system’s implementation allows attackers to directly access and manipulate sensitive objects or resources without authorization checks. For example, an IDOR can arise when an application provides direct access to objects based on user-supplied input, allowing an attacker to bypass authorization.

Read Post

Snyk

Read more about Finding and fixing insecure direct object references in Python

Using 1Password Service Accounts with CircleCI and PyPI

Jun 26, 2023 By 1Password In 1Password

In this demo, see how you can secure your infrastructure secrets in 1Password then load them directly into CircleCI jobs to publish a Python package to PyPI using 1Password Service Accounts and CLI.

View Video

1Password

Read more about Using 1Password Service Accounts with CircleCI and PyPI

Get Started with private PyPI packages

May 22, 2023 By Niclas Gustafsson In Bytesafe

Bytesafe Community Edition (CE) is a free, robust security platform designed to protect organizations from open source software supply chain attacks. It’s an ideal tool to manage your Python projects and packages securely. Here’s a simple guide to get you started with Bytesafe CE and Python.

Read Post

Bytesafe

Read more about Get Started with private PyPI packages

Pycharm Integration

Apr 12, 2023 By Mend In Mend

Are you using JetBrains Pycharm IDEA? Mend.io can integrate with your IDE and quickly detect open source artifacts and their known vulnerabilities. Mend.io also provides all the information you need to fix these artifacts automatically.

View Video

Mend

Read more about Pycharm Integration

Everything you need to know about the LummaC2 stealer: Leveraging IDA Python and Unicorn to deobfuscate Windows API Hashing

Apr 5, 2023 By Alberto Marín In Outpost 24

In this blog post, the KrakenLabs team will take a deep dive into a malware sample classified as LummaC2, an information stealer written in C language that has been sold in underground forums since December 2022. We assess LummaC2’s primary workflow, its different obfuscation techniques (like Windows API hashing and encoded strings) and how to overcome them to effectively analyze the malware with ease.

Read Post

Outpost 24

Read more about Everything you need to know about the LummaC2 stealer: Leveraging IDA Python and Unicorn to deobfuscate Windows API Hashing

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Python

Code injection in Python: examples and prevention

File encryption in Python: An in-depth exploration of symmetric and asymmetric techniques

Uncovering thousands of unique secrets in PyPI packages

Friday Flows Episode 12: From Code to Clicks

New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials

Finding and fixing insecure direct object references in Python

Using 1Password Service Accounts with CircleCI and PyPI

Get Started with private PyPI packages

Pycharm Integration

Everything you need to know about the LummaC2 stealer: Leveraging IDA Python and Unicorn to deobfuscate Windows API Hashing

Monthly Archive

Follow Us