ThreatWire Summary

The video discusses various cybersecurity threats and incidents, including the emergence of a novel typo-squatting attack affecting Python developers, vulnerabilities in Adobe Reader, and a new social engineering attack targeting developers.

Key Points:

• A new type of typo-squatting attack, called Revival hijack, exploits deleted packages in Python’s package index (PII).
• Over 120,000 packages are vulnerable to Revival hijacks; 22,000 of these have significant downloads and are not malicious.
• JFrog created a user account to hold names of deleted popular packages to prevent typo-squatting; this has resulted in over 200,000 downloads of safe packages.
• Adobe Reader’s CVE 2024 4186 was patched after being reported as a high-severity vulnerability taking advantage of a use-after-free issue.
• A social engineering attack has been identified where attackers pose as recruiters and lure developers with fake job opportunities, leading to the installation of malware.
• The malware, embedded in legitimate-looking Python packages, sends data to a command and control server.
• Foret, a cybersecurity company, experienced a data breach where 440 GB of data was leaked, including limited customer data but no encryption ransomware involved.

Youtube Channel: Hak5
Video Published: 2024-09-18T16:00:16+00:00

Video Description:
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️

@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev

Want to work with Ali? endingwithalicollabs@gmail.com

[❗, ] Join the Patreon→ https://patreon.com/threatwire
0:00 0 – Intro
0:07 1 – New Python Typosquatting Attack Discovered
02:08 2 – Adobe 0 Day Quietly Patched
03:21 3 – Recruiter Social Engineering Attack Targets Developers
05:28 4 – Fortinet Data Breach
06:21 5 – Outro

LINKS
🔗 Story 1: New Python Typosquatting Attack Discovered

Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk

🔗 Story 2: Adobe 0 Day Quietly Patched
https://learn.snyk.io/lesson/use-after-free/
https://x.com/EXPMON_/status/1833670241441796576
https://helpx.adobe.com/security/products/acrobat/apsb24-70.html
https://x.com/HaifeiLi/status/1823455945164243226
https://x.com/EXPMON_/status/1823776052788830675
https://www.theregister.com/2024/09/12/adobe_acrobat_0day/
🔗 Story 3: Recruiter Social Engineering Attack Targets Developers
https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages
🔗 Story 4: Fortinet Data Breach
https://www.fortinet.com/blog/business-and-technology/notice-of-recent-security-incident
https://www.bleepingcomputer.com/news/security/fortinet-confirms-data-breach-after-hacker-claims-to-steal-440gb-of-files/
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
____________________________________________

Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.