Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The developers recommend all those who have installed version 0.23.3 to do the following immediately:
1. Check your installation type:
pip show elementary-data | grep Version2. If the version is 0.23.3, uninstall and replace with a secure version:
pip uninstall elementary-data
pip install elementary-data==0.23.4For your requirements and closures, write clear to start-data==0.23.4.
3. Delete your backup files to avoid old stuff.
4. Look for the malware file on any machine that the CLI may have visited: If this file is present, the payload is executed on that machine.
macOS / Linux: /tmp/.trinny-security-update
Windows: %TEMP%\\.trinny-security-update5. Update any information that was found from the areas that 0.23.3 ran – dbt records, warehouse information, cloud provider keys, API tokens, SSH keys, and the contents of any .env files. CI/CD runners are particularly exposed because they contain large amounts of information stored during the run.
6. Contact your security team to investigate unauthorized use of disclosed information. Eligible IOCs are at the bottom of this post.
Over the past decade, supply chain attacks on open source sites have become more common. In some cases, they will find a lot of interference since the malicious package leads to user violations and, from there, violations due to the disruption of the user environment.
HD Moore, a hacker with over forty years of experience and founder and CEO of runZero, said that user-generated workflows, such as GitHub commits, are notoriously problematic.
It’s a “big problem with open space projects,” he said. “It’s very difficult not to accidentally create dangerous mechanisms that can be used if an attacker wants to pull it off.”
He said this package can be used to detect such weaknesses.
