Low severity [#malware incident] A #minecraft mod called "Windows Borderless" on #Modrinth was taken down yesterday. It contained #spyware wich stole credentials from Chrome and Chromium-Based browsers. Only Windows users were affected. The mod was not found in any modpacks and was not uploaded to other platforms. A detection tool can be found in the official blog post. According to @modrinth, ~372 IPs downloaded the mod. https://blog.modrinth.com/p/windows-borderless-malware-disclosure
#Shaarli: WPCode keeps reappearing as a malware after deleting | WordPress.org - Options à insérer dans le fichier wp-config (racine d'une installation de WordPress) pour empêcher la modification des fichiers via l'éditeur interne et désactiver l'ajout d'extensions.
Permission-based systems are bad. See #XUL getting replaced by #WebExtensions for example. It didn't stop #malware from getting into the #browser or the extension store. On the contrary, the malware problem only got worse after the complete replacement of XUL extensions, which is often disparaged as "insecure" because it allowed users to pretty much change how their browser fundamentally works.
Who knew that distrusting your users and not giving them control leads to more malicious software and user #security being broken more often. :seija_coffee:
Premiering now! Had a great conversation with Shannon Morse about my issues reviewing some mini PCs that came pre-loaded with malware. https://www.youtube.com/watch?v=oH2R3o-EbTA
She offers some GREAT tips and tricks for folks interested in keeping their home networks secure and their data safe!
@SomeGadgetGuy Sometimes I wonder whether there are companies who pre-loaded their hardware with switches or similar solution instead of software/malware. I guess, in the future the trust in OEM, supply chain and retailer will play important role.
A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information.
Oh, great. Computer security researchers have developed a proof-of-concept for a type of ransomware that would act when you try to upload a file. It would be able to encrypt any files in the folder you uploaded from, and any subfolders of it.
This is a proof-of-concept; the researchers have not seen any such attacks in the wild. But stay careful out there, okay?
Affects Chrome and Edge, but not Firefox or Safari!
"Instead of generating the URL after a comment is posted, GitHub automatically generates the download link after you add the file to an unsaved comment, [...]. This allows threat actors to attach their malware to any repository without them knowing."
I always wondered if these attachments would stay around and if so for how long. Seems to be permanent, though (at least until this is going to be fixed)...
I remember folks in the web community shunning me when I first started speaking out against Big Tech – because I was criticising their friends who worked at Google, Facebook, etc. – saying I was exaggerating things.
I wonder what the same folks think now given what we know about these very same corporations; given a number of them are actively enabling a genocide.
Am I still an alarmist?
(I understand if some of you are too busy working at one or debating the minutiae of CSS syntax to reply.)