• Supply-chain attack analysis: Ultralytics (PyPI Blog)

    From LWN.net@1337:1/100 to All on Thu Dec 12 16:30:05 2024
    Supply-chain attack analysis: Ultralytics (PyPI Blog)

    Date:
    Thu, 12 Dec 2024 16:26:30 +0000

    Description:
    The Python Package Index (PyPI) Blog has an analysis of the compromise of
    the ultralytics project, and what PyPI has learned from this event: PyPI
    staff and volunteers do their best to remove malware, but
    because the service is open to anyone looking to publish software
    there is an unfortunately high amount of abuse. Thankfully most of
    this abuse does not have the same widespread impact as a targeted
    attack on an already widely-used project. Mike Fiedler, the PyPI Safety and Security Engineer is working on
    new systems for reducing the time that malware is available to be
    installed on PyPI, through APIs
    that security researchers can automatically send reports to and
    new "quarantine"
    release status to prevent harm while a human investigates the
    situation. Expect more in this space in 2025!

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/1001909/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)