Subj : PyPl suspends new projects and user sign-ups following flood of m To : All From : TechnologyDaily Date : Mon May 22 2023 14:30:04 PyPl suspends new projects and user sign-ups following flood of malware Date: Mon, 22 May 2023 13:06:24 +0000 Description: PyPl has now resumed operations following malware-themed fears. FULL STORY ====================================================================== The worlds biggest repository for open-source Python packages, PyPI, disabled new user registrations, and barred existing users from uploading new projects over the weekend, citing an unmanageable flood of malicious code being uploaded to the platform. In an announcement posted on the PyPI status page, the organization said: The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave. The team planned to re-group over the weekend and soon enough, on Sunday evening (around 10 PM UTC), the suspension was lifted. Supply chain attacks Supply chain attacks are all the rage these days, and as a result, open-source repositories have become an attractive target for cybercriminals and hackers. These days, most companies are incorporating open-source software in their products, at least to some extent. By squeezing malicious packages into the repository, threat actors are hoping IT teams will pick it up, compromising not just the product theyre building, but their entire network and infrastructure. Most of the time, malicious actors would engage in typosquatting - creating malicious packages with names almost identical to already existing, benign packages. That way, theyre hoping that reckless, overworked, or understaffed developers wont notice the difference and will pick the wrong package for their solution. Read more > More PyPI packages stealing data have been discovered > Malicious PyPi packages turn Discord into password-stealing malware > Check out the best malware removal To build out credibility and have more people download their malware, threat actors would also generate fake reviews and blow up their download numbers with the help of bots and artificial intelligence. In recent months, the attacks on Python developers through PyPI have intensified, and we have reported at least six separate incidents that were discovered this year . Hackers are usually looking to install infostelaers, which help them steal credentials and access valuable company assets. These are the best firewalls right now ====================================================================== Link to news story: https://www.techradar.com/news/pypl-suspends-new-projects-and-user-sign-ups-fo llowing-flood-of-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .