Sign up to save your podcasts
Or
Share Cyber Bites - 7th February 2025
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyber Bites - 7th February 2025
* PyPI Introduces Project Archiving to Improve Security and Transparency
* DeepSeek Exposes Database with Over 1 Million Chat Records
* Google Blocked 2.36 Million Risky Android Apps in 2024
* 20% Increase in Exploited Vulnerabilities in 2024
* "Infrastructure Laundering": How Chinese Crime Groups Abuse US Cloud Services
PyPI Introduces Project Archiving to Improve Security and Transparency
https://blog.pypi.org/posts/2025-01-30-archival/
The Python Package Index (PyPI) has implemented a new "Project Archiving" feature to enhance the security and transparency of the open-source ecosystem.
This feature allows project maintainers to officially archive their projects, indicating that no further updates or maintenance are planned. While archived projects remain available for download, users will be presented with a clear warning, encouraging them to seek alternative, actively maintained dependencies.
This initiative aims to mitigate security risks associated with abandoned projects. Attackers often target these projects, injecting malicious code through unexpected updates. By clearly marking projects as archived, PyPI aims to reduce the likelihood of such attacks and improve user awareness of potential vulnerabilities.
Project archiving also provides a more formal mechanism for project maintainers to communicate their intentions to the community. Instead of abruptly deleting their projects, maintainers can now formally archive them, providing clarity and reducing confusion among users.
This new feature represents a significant step towards improving the security and maintainability of the Python ecosystem. By promoting transparency and discouraging reliance on unmaintained projects, PyPI aims to create a safer and more sustainable environment for developers.
DeepSeek Exposes Database with Over 1 Million Chat Records
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
DeepSeek, a Chinese AI startup, has suffered a significant data breach, exposing sensitive user data and internal information.
Two publicly accessible databases containing over a million log entries were discovered by security researchers at Wiz. These databases held critical information, including:
* User Chat History: Plaintext conversations between users and the DeepSeek-R1 LLM.
* API Keys: Credentials used for backend system authentication.
* Internal Infrastructure Details: Information about DeepSeek's internal services and operations.
The exposed data poses significant risks, including privacy violations for users and potential for attackers to gain unauthorized access to DeepSeek's systems.
While DeepSeek has addressed the immediate issue, the incident raises concerns about the company's data security practices and highlights the importance of robust security measures for AI companies handling sensitive user data.
Google Blocked 2.36 Million Risky Android Apps in 2024
https://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html
Google blocked a record-breaking 2.36 million Android app submissions to the Play Store in 2024 due to policy violations. This surge in blocked apps is attributed to the increased use of AI-assisted human reviews, enabling faster and more accurate identification of harmful applications.
Furthermore, Google banned 158,000 developer accounts for attempting to publish malicious apps. These figures represent a significant increase compared to previous years.
Beyond blocking submissions, Google also took steps to prevent apps from obtaining excessive permissions and implemented stronger protections against malware and fraud.
Google Play Protect, Android's built-in security system, scanned over 200 billion apps daily in 2024, identifying and blocking over 13 million new malware apps.
While these efforts have significantly improved Android's security posture, the evolving threat landscape necessitates continuous vigilance. Users are advised to exercise caution when installing apps, only download from trusted sources, and keep their devices updated with the latest security patches.
20% Increase in Exploited Vulnerabilities in 2024
https://vulncheck.com/blog/2024-exploitation-trends
A new report from VulnCheck reveals a significant increase in the number of vulnerabilities exploited in the wild in 2024.
The report found that 768 vulnerabilities with designated CVEs were exploited in 2024, a 20% increase compared to the 639 exploited in 2023. This highlights the ongoing and evolving threat landscape faced by organizations worldwide.
The report also found that 23.6% of known exploited vulnerabilities were exploited on or before the day their CVEs were publicly disclosed, emphasizing the critical need for rapid and proactive vulnerability management.
Key findings include:
* Increased Exploitation: A 20% increase in the number of exploited vulnerabilities compared to 2023.
* Rapid Exploitation: 23.6% of exploited vulnerabilities were exploited before their public disclosure.
* Diverse Sources: Exploitation evidence came from various sources, including security companies, government agencies, and researchers.
The report underscores the importance of robust vulnerability management practices, including proactive patching, threat intelligence gathering, and minimizing internet-facing exposure for critical systems.
By staying informed about the latest threats and implementing effective mitigation strategies, organizations can better protect themselves from the growing number of exploited vulnerabilities.
"Infrastructure Laundering": How Chinese Crime Groups Abuse US Cloud Services
https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/
A new report reveals how Chinese cybercrime groups are exploiting major U.S. cloud providers like Amazon and Microsoft to launder their malicious activities.
This technique, dubbed "infrastructure laundering," involves funneling malicious traffic through these reputable platforms, making it harder to detect and block.
One such example is Funnull, a Chinese content delivery network that hosts a wide range of malicious content, including fake gambling sites, phishing pages, and other cybercriminal activities.
Funnull leverages the trust associated with major cloud providers to obscure its operations. By routing traffic through these platforms, they can evade detection and make it more difficult to trace their activities back to their source.
This practice raises significant concerns for cybersecurity. It challenges traditional methods of threat detection and mitigation, making it harder for security teams to identify and block malicious traffic.
While cloud providers are taking steps to address this issue, the rapid evolution of these techniques necessitates a more proactive and collaborative approach to combating cybercrime.
This report highlights the growing complexity of the cyber threat landscape and the urgent need for innovative solutions to address these emerging challenges.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
View all episodes
By Edwin Kwan* PyPI Introduces Project Archiving to Improve Security and Transparency
* DeepSeek Exposes Database with Over 1 Million Chat Records
* Google Blocked 2.36 Million Risky Android Apps in 2024
* 20% Increase in Exploited Vulnerabilities in 2024
* "Infrastructure Laundering": How Chinese Crime Groups Abuse US Cloud Services
PyPI Introduces Project Archiving to Improve Security and Transparency
https://blog.pypi.org/posts/2025-01-30-archival/
The Python Package Index (PyPI) has implemented a new "Project Archiving" feature to enhance the security and transparency of the open-source ecosystem.
This feature allows project maintainers to officially archive their projects, indicating that no further updates or maintenance are planned. While archived projects remain available for download, users will be presented with a clear warning, encouraging them to seek alternative, actively maintained dependencies.
This initiative aims to mitigate security risks associated with abandoned projects. Attackers often target these projects, injecting malicious code through unexpected updates. By clearly marking projects as archived, PyPI aims to reduce the likelihood of such attacks and improve user awareness of potential vulnerabilities.
Project archiving also provides a more formal mechanism for project maintainers to communicate their intentions to the community. Instead of abruptly deleting their projects, maintainers can now formally archive them, providing clarity and reducing confusion among users.
This new feature represents a significant step towards improving the security and maintainability of the Python ecosystem. By promoting transparency and discouraging reliance on unmaintained projects, PyPI aims to create a safer and more sustainable environment for developers.
DeepSeek Exposes Database with Over 1 Million Chat Records
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
DeepSeek, a Chinese AI startup, has suffered a significant data breach, exposing sensitive user data and internal information.
Two publicly accessible databases containing over a million log entries were discovered by security researchers at Wiz. These databases held critical information, including:
* User Chat History: Plaintext conversations between users and the DeepSeek-R1 LLM.
* API Keys: Credentials used for backend system authentication.
* Internal Infrastructure Details: Information about DeepSeek's internal services and operations.
The exposed data poses significant risks, including privacy violations for users and potential for attackers to gain unauthorized access to DeepSeek's systems.
While DeepSeek has addressed the immediate issue, the incident raises concerns about the company's data security practices and highlights the importance of robust security measures for AI companies handling sensitive user data.
Google Blocked 2.36 Million Risky Android Apps in 2024
https://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html
Google blocked a record-breaking 2.36 million Android app submissions to the Play Store in 2024 due to policy violations. This surge in blocked apps is attributed to the increased use of AI-assisted human reviews, enabling faster and more accurate identification of harmful applications.
Furthermore, Google banned 158,000 developer accounts for attempting to publish malicious apps. These figures represent a significant increase compared to previous years.
Beyond blocking submissions, Google also took steps to prevent apps from obtaining excessive permissions and implemented stronger protections against malware and fraud.
Google Play Protect, Android's built-in security system, scanned over 200 billion apps daily in 2024, identifying and blocking over 13 million new malware apps.
While these efforts have significantly improved Android's security posture, the evolving threat landscape necessitates continuous vigilance. Users are advised to exercise caution when installing apps, only download from trusted sources, and keep their devices updated with the latest security patches.
20% Increase in Exploited Vulnerabilities in 2024
https://vulncheck.com/blog/2024-exploitation-trends
A new report from VulnCheck reveals a significant increase in the number of vulnerabilities exploited in the wild in 2024.
The report found that 768 vulnerabilities with designated CVEs were exploited in 2024, a 20% increase compared to the 639 exploited in 2023. This highlights the ongoing and evolving threat landscape faced by organizations worldwide.
The report also found that 23.6% of known exploited vulnerabilities were exploited on or before the day their CVEs were publicly disclosed, emphasizing the critical need for rapid and proactive vulnerability management.
Key findings include:
* Increased Exploitation: A 20% increase in the number of exploited vulnerabilities compared to 2023.
* Rapid Exploitation: 23.6% of exploited vulnerabilities were exploited before their public disclosure.
* Diverse Sources: Exploitation evidence came from various sources, including security companies, government agencies, and researchers.
The report underscores the importance of robust vulnerability management practices, including proactive patching, threat intelligence gathering, and minimizing internet-facing exposure for critical systems.
By staying informed about the latest threats and implementing effective mitigation strategies, organizations can better protect themselves from the growing number of exploited vulnerabilities.
"Infrastructure Laundering": How Chinese Crime Groups Abuse US Cloud Services
https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/
A new report reveals how Chinese cybercrime groups are exploiting major U.S. cloud providers like Amazon and Microsoft to launder their malicious activities.
This technique, dubbed "infrastructure laundering," involves funneling malicious traffic through these reputable platforms, making it harder to detect and block.
One such example is Funnull, a Chinese content delivery network that hosts a wide range of malicious content, including fake gambling sites, phishing pages, and other cybercriminal activities.
Funnull leverages the trust associated with major cloud providers to obscure its operations. By routing traffic through these platforms, they can evade detection and make it more difficult to trace their activities back to their source.
This practice raises significant concerns for cybersecurity. It challenges traditional methods of threat detection and mitigation, making it harder for security teams to identify and block malicious traffic.
While cloud providers are taking steps to address this issue, the rapid evolution of these techniques necessitates a more proactive and collaborative approach to combating cybercrime.
This report highlights the growing complexity of the cyber threat landscape and the urgent need for innovative solutions to address these emerging challenges.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com