Revival Hijack Exploits 22K Deleted PyPI Packages – Cybersecurity News

The Daily Decrypt

Revival Hijack Exploits 22K Deleted PyPI Packages - Cybersecurity News

00:00 /

Video Episode: https://youtu.be/ECOVSA0MIyY

In today’s episode, we delve into the newly discovered EUCLEAK attack affecting YubiKey FIDO devices, emphasizing the potential for state-sponsored actors to exploit vulnerabilities in the Infineon SLE78 microcontroller. We also discuss Cisco’s response to a backdoor found in the Smart Licensing Utility, a critical flaw that allows unauthorized admin access, and highlight the Revival Hijack supply-chain attack endangering over 22,000 PyPI packages. Lastly, we urge Android users to install security updates addressing the actively exploited CVE-2024-32896 vulnerability.

Links to articles discussed:

https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/
https://www.bleepingcomputer.com/news/security/cisco-warns-of-backdoor-admin-account-in-smart-licensing-utility/
https://www.bleepingcomputer.com/news/security/revival-hijack-supply-chain-attack-threatens-22-000-pypi-packages/
https://thehackernews.com/2024/09/google-confirms-cve-2024-32896.html

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

EUCLEAK, YubiKey, Infineon, microcontroller, Cisco, Smart Licensing Utility, vulnerability, cybersecurity, Revival Hijack, PyPI, JFrog, Hackers, CVE-2024-32896, Google

What are today’s top cybersecurity news stories?, EUCLEAK YubiKey vulnerability, Cisco Smart Licensing Utility backdoor, Revival Hijack PyPI package threat, CVE-2024-32896 Android update urgency, cybersecurity measures for YubiKey owners, protecting Cisco systems from vulnerabilities, safeguarding PyPI packages from hackers, critical updates for Android devices, cybersecurity risks in the technology industry