"Let's talk about supply chain attacks and backdoored dependencies"
https://kerkour.com/supply-chain-attacks-and-backdoored-dependencies
"I'm a security engineer and I still almost got scammed"
"De-AMP: Cutting Out Google and Enhancing Privacy"
https://brave.com/privacy-updates/18-de-amp/
Firefox should do the same
"UK Government Officials Infected with Pegasus"
https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/
"Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru"
On @LastWeekTonight, host @iamjohnoliver dug into the problems with data brokers, with a detailed explainer about how they work, how they collect and sell personal information, and how easy it was for him to potentially target and track politicians. https://www.youtube.com/watch?v=wqn3gR1WTcA
"Git security vulnerability announced"
https://github.blog/2022-04-12-git-security-vulnerability-announced/
"CVE-2022-25165:
Privilege Escalation to SYSTEM in AWS VPN Client"
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
"AWS RDS Vulnerability Leads to AWS Internal Service Credentials"
https://blog.lightspin.io/aws-rds-critical-security-vulnerability
RT @jack@twitter.com
the days of usenet, irc, the web...even email (w PGP)...were amazing. centralizing discovery and identity into corporations really damaged the internet.
I realize I'm partially to blame, and regret it.
"CERT-EU Security Guidance 22-002 - Hardening Signal"
https://media.cert.europa.eu/static/WhitePapers/TLP-WHITE-CERT-EU_Security_Guidance-22-002_v1_0.pdf
"Longer term, it’s likely these weaponizations are like spitting into the wind: The downsides of vandalizing open source projects far outweigh any possible benefit, and the blowback will ultimately damage the projects and contributors responsible. By extension, all of open source is harmed."
https://opensource.org/blog/open-source-protestware-harms-open-source
So... "protestware" is now a thing. 🤨
https://krebsonsecurity.com/2022/03/pro-ukraine-protestware-pushes-antiwar-ads-geo-targeted-malware/
"Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine"
https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]