Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Mar 30, 2023

=> today's howtos | Mozilla: 'Greening' the Web and Firefox Extensions

Supply chain cyberattack with possible links to North Korea could have thousands of victims globally

=> ↺ Supply chain cyberattack with possible links to North Korea could have thousands of victims globally

An attack that could be the work of the notorious Lazarus Group attempted to install infostealer malware inside corporate networks.

White House announces $25 million in cybersecurity aid to Costa Rica

=> ↺ White House announces $25 million in cybersecurity aid to Costa Rica

A senior Biden administration official said the aid will "work to secure its networks and defend its critical infrastructure."

Extracting Multiple Streams From OLE Files, (Wed, Mar 29th)

=> ↺ Extracting Multiple Streams From OLE Files, (Wed, Mar 29th)

Reader Martin asks us for some help extracting embedded content from a submitted malicious document.

=> ↺ malicious document

=> ↺ malicious document

ISC Stormcast For Wednesday, March 29th, 2023

=> ↺ ISC Stormcast For Wednesday, March 29th, 2023

Online voting provider paid for academic research in attempt to sway U.S. lawmakers [Ed: Broken voting machines with back doors the new formal now?]

=> ↺ Online voting provider paid for academic research in attempt to sway U.S. lawmakers

Democracy Live directed academic research aimed at demonstrating its product's security and used that material in lobbying campaigns.

Google reveals two global spyware campaigns targeting Apple and Android devices

=> ↺ Google reveals two global spyware campaigns targeting Apple and Android devices

The operations are just the latest example of the proliferation of sophisticated spyware among private vendors, Google says.

The Security Vulnerabilities of Message Interoperability

=> ↺ The Security Vulnerabilities of Message Interoperability

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: [...]

=> ↺ evaluated

=> ↺ evaluated

Microsoft Defender reportedly tagging Zoom and Google as malicious sites

=> ↺ Microsoft Defender reportedly tagging Zoom and Google as malicious sites

Microsoft Corp.'s security platform Defender, which comes installed as standard with Windows, is having a bad day today, with users reporting that the service is tagging sites such as Google and Zoom as being malicious.

Pretty graphics for the Web of Trust

=> ↺ Pretty graphics for the Web of Trust

I have recently added the ability to generate Graphviz DOT output to the Sequoia Web of Trust project. This new functionality has been released in version 0.7.0. With it, users can visually inspect an OpenPGP Web of Trust.

=> ↺ Graphviz DOT | ↺ Sequoia Web of Trust | ↺ OpenPGP Web of Trust

This can provide some fascinating insights into one’s own keyring, and the relationship between OpenPGP keys involved with software projects.

=> ↺ Graphviz DOT | ↺ Sequoia Web of Trust | ↺ OpenPGP Web of Trust

=> gemini.tuxmachines.org