Python packages with malicious code reveal secret AWS certificates – help protect the net.


Sonatype researchers have discovered Python packages that contain malicious code that peeks and reveals secret AWS certificates, network interface information, and environment variables.

All of these certificates and metadata are then uploaded to one or more endpoints and visible to anyone on the web. Goes to a directory level and displays hundreds of TXT files that contain sensitive information and privacy

In this HelpNet Security video, Ax Sharma, Senior Security Researcher Sonata typeExplains the situation in more detail.

Source link