Trellix announced the establishment of the Trellix Advanced Research Center, a facility and project aimed at creating real-time information and threat indicators to help customers detect, respond to, and eliminate the latest cybersecurity threats.
“The threat landscape is increasing in sophistication and potential for impact,” said Aparna Rayasam, Trellix chief product officer. “We do this work to make our digital and physical world safer for everyone. As competitors strategically invest in talent and technical know-how, the industry has a duty to examine the most combative players and their methods to accelerate innovation.”
After its inception, the Trellix Advanced Research Center also published its research on CVE-2007-4559, a vulnerability estimated to be present in approximately 350,000 open source projects and several closed source projects.
The flaw lies in the Python tarfile module, which is automatically installed in every project that uses the Python programming language. It is commonly found in frameworks built by Netflix, AWS, Intel, Facebook, and Google, as well as applications used for machine learning, automation, and Docker containerization.
According to Trellix, the vulnerability can be exploited by uploading a malicious file generated from a few lines of code, which then allows attackers to execute arbitrary code.
“When we talk about supply chain threats, we usually refer to cyberattacks like the SolarWinds incident, but building on weak code foundations can have equally severe implications,” explained Christiaan Beek, head of adversarial and vulnerability research at Trellix.
“Proliferation of this vulnerability is fueled by industry tutorials and online materials promoting its misuse. It is critical that developers are trained at all levels of the technology stack to properly prevent the reintroduction of previous attack surfaces.”
Additionally, the company said that while open-source developer tools like Python are necessary to drive computing and innovation, they rely heavily on industry collaboration to protect against known vulnerabilities.
To that end, Trellix is working on pushing code via GitHub pull request to protect open source projects from the vulnerability.
“A free tool for developers to check if their applications are vulnerable is available on the Trellix Advanced Research Center’s GitHub,” the company wrote.
This isn’t the first time Python-based applications have come under scrutiny lately. Earlier this month, a joint advisory by SentinelLabs and Checkmarx linked a threat actor named “JuiceLedger” to the first known phishing campaign targeting Python Package Index (PyPI) users.
