Security and Windows TCO
-
GNOME ☛ How to Get Hacked by North Korea
Good news: exploiting memory safety vulnerabilities is becoming more difficult. Traditional security vulnerabilities will remain a serious threat, but attackers prefer to take the path of least resistance, and nowadays that is to attack developers rather than the software itself. Once the attackers control your computer, they can attempt to perform a supply chain attack and insert backdoors into your software, compromising all of your users at once.
If you’re a software developer, it’s time to start focusing on the possibility that attackers will target you personally. Yes, you. If you use Linux, macOS, or Windows, take a moment to check your home directory for a hidden .n2 folder. If it exists, alas! You have been hacked by the North Koreans. (Future malware campaigns will presumably be more stealthy than this.)
Attackers who target developers are currently employing two common strategies:
* Fake job interview: you’re applying to job postings and the recruiter asks you to solve a programming problem of some sort, which involves installing software from NPM (or PyPI, or another language ecosystem’s package manager). * Fake debugging request: you receive a bug report and the reporter helpfully provides a script for reproducing the bug. The script may have dependencies on packages in NPM (or PyPI, or another language ecosystem’s package manager) to make it harder to notice that it’s malware. I saw a hopefully innocent bug report that was indistinguishable from such an attack just last week.
-
Windows TCO
-
Security Week ☛ Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw
In one documented case, Microsoft said an engineering firm in North America was affected by a Black Basta ransomware deployment that included the use of the CVE-2024-37085 vulnerability to gain elevated privileges to the ESXi hypervisors within the organization.
-