New Revival Hijack technique leaves 22,000 PyPi projects vulnerable to attacks
Briefly

from ITPro1 month ago
Up to 22,000 PyPI packages may be at risk of being hijacked due to a new technique called 'Revival Hijack', which exploits package name re-registration.
ITProhttps://www.itpro.com/software/back-from-the-dead-new-revival-hijack-technique-leaves-22000-pypi-projects-vulnerable-to-attacks
This technique takes advantage of the immediate availability of package names after deletion, allowing attackers to upload malicious packages under those names.
ITProhttps://www.itpro.com/software/back-from-the-dead-new-revival-hijack-technique-leaves-22000-pypi-projects-vulnerable-to-attacks
Brian Moussalli from JFrog emphasized that safeguards are limited, with only a warning dialogue available to alert developers about potential consequences of package removal.
ITProhttps://www.itpro.com/software/back-from-the-dead-new-revival-hijack-technique-leaves-22000-pypi-projects-vulnerable-to-attacks
As developers have become aware of previous attacks like typosquatting, the effectiveness of such methods has decreased, highlighting the need for vigilance.
ITProhttps://www.itpro.com/software/back-from-the-dead-new-revival-hijack-technique-leaves-22000-pypi-projects-vulnerable-to-attacks
Read at ITPro
#cybersecurity #software-development #open-source #pypi #supply-chain-attack
[
]
[
|
]