Security Leftovers

posted by Roy Schestowitz on Feb 06, 2025

• Security Week ☛ Developers Targeted With Malware Disguised as DeepSeek Package

  Python developers looking to integrate DeepSeek into their projects were targeted with malicious packages delivered through PyPI.

• Security Week ☛ AMD Patches CPU Vulnerability That Could Break Confidential Computing Protections

  AMD has released patches for a microprocessor vulnerability found by Surveillance Giant Google that could allow an attacker to load malicious microcode.

• Windows TCO / Windows Bot Nets

  • The Record ☛ Ransomware payments drop for first time in years following law enforcement disruptions

    The surprising and significant drop — down approximately 35% from $1.25 billion to $812.55 million — took place almost entirely in the second half of the year, with the first six months initially indicating 2024 would actually be “the worst year on record,” as the company said at the time.

  • Wired ☛ Despite Catastrophic [Breaches], Ransomware Payments Dropped Dramatically Last Year

    For much of the past year, the trail of destruction and mayhem left behind by ransomware [attackers] was on full display. Digital extortion gangs paralyzed hundreds of US pharmacies and clinics through their attack on Change Healthcare, exploited security vulnerabilities in the customer accounts of cloud provider Snowflake to breach a string of high-profile targets, and extracted a record $75 million from a single victim.

• Confidentiality

  • Osservatorio Nessuno ☛ Updating Exit Policy and Contact Info for our (exit) relays

    We have updated the ContactInfo field in the torrc configuration of all our relays to align with the proposed ContactInfo Information Sharing Specification. This standard defines a structured format for describing key attributes of a relay family operator. Ensuring operators are reachable and that relays are associated with trusted individuals or organizations is crucial for the health of the Tor Network.

  • APNIC ☛ Let's Encrypt scales rate limits to prepare for a billion active certificates

    Let’s Encrypt protects a vast portion of the web by providing TLS certificates to over 550 million websites — a figure that has grown by 42% in the last year alone. We currently issue over 340,000 certificates per hour. To manage this immense traffic and maintain responsiveness under high demand, our infrastructure relies on rate limiting. In 2015, we introduced our first rate limiting system, built on MariaDB. It evolved alongside our rapidly growing service but eventually revealed its limits — straining database servers, forcing long reset times on subscribers, and slowing down every request.

    We needed a solution built for the future — one that could scale with demand, reduce the load on MariaDB, and adapt to real-world subscriber request patterns. The result was a new rate limiting system powered by Redis and a proven virtual scheduling algorithm from the mid-90s — efficient, scalable, and capable of handling over a billion active certificates.