PyPl suspends new projects and user sign-ups following flood of malware

vtqhtr413

vtqhtr413

Level 27
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Aug 17, 2017
1,280
17,222
2,568
Content source
https://www.techradar.com/news/pypl-suspends-new-projects-and-user-sign-ups-following-flood-of-malware
The world’s biggest repository for open-source Python packages, PyPI, disabled new user registrations, and barred existing users from uploading new projects over the weekend, citing an unmanageable flood of malicious code being uploaded to the platform.

In an announcement posted on the PyPI status page, the organization said: “The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave.” The team planned to “re-group over the weekend” and soon enough, on Sunday evening (around 10 PM UTC), the suspension was lifted.

Supply chain attacks are all the rage these days, and as a result, open-source repositories have become an attractive target for cybercriminals and hackers. These days, most companies are incorporating open-source software in their products, at least to some extent. By squeezing malicious packages into the repository, threat actors are hoping IT teams will pick it up, compromising not just the product they’re building, but their entire network and infrastructure.
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: Zero Knowledge, Balrog, Gandalf_The_Grey and 4 others
Update, May 22, 2023 09:27 AM ET: Temporary suspension has been lifted as of May 21, 2023, 5:57 PM ET.
Click to expand...
www.bleepingcomputer.com

PyPI temporarily pauses new users, projects amid high volume of malware

PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new projects from being uploaded to the platform until further notice. The unexpected move comes amid the registry's struggle to upkeep with a large influx of malicious...
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Applause
  • +Reputation
Reactions: upnorth, silversurfer, Zero Knowledge and 2 others
www.bleepingcomputer.com

PyPI announces mandatory use of 2FA for all software publishers

The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year.
www.bleepingcomputer.com www.bleepingcomputer.com
developers.slashdot.org

PyPi is Reducing Stored IP Address Data - Slashdot

The PyPi registry of open source Python packages "began evaluating ways to reduce the amount of identifying information that it stores," reports the Register, "even before the U.S. Justice Department came asking for data on suspect users." But now, "the Python community package registry wants...
developers.slashdot.org
 
  • Like
Reactions: Gandalf_The_Grey
You must log in or register to reply here.

You may also like...