Informations about SSL certificates and networks security
Auto Added by WPeMatico
Scary research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.” Powered by WPeMatico
This isn’t new, but it’s increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it … Read More “Device Code Phishing” »
Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don’t remember the story at all, or who the company was. But it sounds about right. Powered by WPeMatico
The EFF has released its Atlas of Surveillance, which documents police surveillance technology across the US. Powered by WPeMatico
The Vanderbilt University Medical Center has a pediatric care dog named “Squid.” Blog moderation policy. Powered by WPeMatico
The teaser for Squid Game Season Two dropped. Blog moderation policy. Powered by WPeMatico
This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever. Powered by WPeMatico
The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations…. … Read More “FBI Shuts Down Chinese Botnet” »
Wow. It seems they all exploded simultaneously, which means they were triggered. Were they each tampered with physically, or did someone figure out how to trigger a thermal runaway remotely? Supply chain attack? Malicious code update, or natural vulnerability? I have no idea, but I expect we will all learn over the next few days. … Read More “Remotely Exploding Pagers” »
Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, … Read More “Python Developers Targeted with Malware During Fake Job Interviews” »