floofloof@lemmy.ca to Cybersecurity@sh.itjust.worksEnglish · 2 days agoNotepad++ updater installed malwarewww.heise.deexternal-linkmessage-square2fedilinkarrow-up123arrow-down17cross-posted to: [email protected]
arrow-up116arrow-down1external-linkNotepad++ updater installed malwarewww.heise.defloofloof@lemmy.ca to Cybersecurity@sh.itjust.worksEnglish · 2 days agomessage-square2fedilinkcross-posted to: [email protected]
minus-squarelurch (he/him)@sh.itjust.workslinkfedilinkEnglisharrow-up18·2 days agoHeadline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.
minus-squaresmeg@infosec.publinkfedilinkEnglisharrow-up12·2 days agoWhich requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit
Headline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.
Which requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit