Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Oct 15, 2022

=> Programming Leftovers | Android: Trekarta, Digital Wallets, and G-Droid

=> ↺ DNS

TP-Link network equipment hijacks some DNS requests

=> ↺ TP-Link network equipment hijacks some DNS requests

TP-Link network products — including Wi-Fi routers, repeaters, and access points (AP) — use deep packet inspection (DPI) to intercept specific Domain Name System (DNS) requests. Each product looks for one or two domain names and will hijack the request to issue a local response containing its own internet protocol (IP) address.

TP-Link wants to make it easier for its customers to get into the web administration interfaces of its products. No one wants to remember the IP address needed to access it, right? The IP address can also change over time, depending on your network configuration.

Researchers detail new C2 attack framework targeting Windows, macOS and Linux [Ed: This is a security problem only if the malware gets to the system in the first place]

=> ↺ Researchers detail new C2 attack framework targeting Windows, macOS and Linux

Researchers have discovered a new Chinese-language single-file command-and-control (C2) attack framework being widely used in attacks targeting Windows, Linux and Mac machines.

The framework called "Alchimist" is a 64-bit Linux executable written in GoLang and loaded with resources for web interface and Inseket RAT payloads compiled for Windows and Linux, according to a new report from Cisco Talos.

iTWire - Woolworths subsidiary MyDeal suffers data breach, 2.2m users affected

=> ↺ iTWire - Woolworths subsidiary MyDeal suffers data breach, 2.2m users affected

The MyDeal site is hosted by Amazon in the US, according to Internet services company Netcraft, and appears to use ASP.NET, technology sold by Microsoft.

As per Microsoft's own site, "ASP.NET is a free, cross-platform, open source framework for building Web apps and services with .NET and C#."

=> gemini.tuxmachines.org