1.3 million Android-based TV boxes backdoored; researchers still don’t know how
https://arstechnica.com/security/2024/09/researchers-still-dont-know-how-1-3-million-android-streaming-boxes-were-backdoored/
Infection corrals devices running AOSP-based firmware into a botnet.
Just a moment...
https://www.axios.com/2024/09/13/microsoft-summit-security-products-crowdstrike
DroidFS
https://forge.chapril.org/hardcoresushi/DroidFS/releases/tag/v2.2.0
Encrypted overlay filesystems implementation for Android. Also available on GitHub: https://github.com/hardcore-sushi/DroidFS
Secure Boot is completely broken on 200+ models from 5 big device makers
https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/
Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.
Doing language agnostic automated unit test generation with LLMs and contextually aware mutation testing to remove code vulnerabilities
GitHub - codeintegrity-ai/mutahunter: Open Source, Language Agnostic Automatic Test Generation + LLM Mutation Testing
https://github.com/codeintegrity-ai/mutahunter
Open Source, Language Agnostic Automatic Test Generation + LLM Mutation Testing - codeintegrity-ai/mutahunter
Microsoft IT outage latest: Airports, businesses and banks including Sky News experiencing issues worldwide
Microsoft IT outage latest: Airports, businesses and banks including Sky News experiencing issues worldwide
https://news.sky.com/story/outages-latest-airports-business-and-broadcasters-experiencing-issues-worldwide-13180821
Planes have been grounded as several airports are hit by a global IT outage, with Windows PCs shutting down and broadcasters and businesses also taken offline.
BusKill goes to DEF CON 32 - BusKill
https://www.buskill.in/defcon32/
Join BusKill at DEF CON 32 for our presentation titled "Open Hardware Design for BusKill Cord" in the Demo Lab
The Stark Truth Behind the Resurgence of Russia’s Fin7 – Krebs on Security
https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/
oss-sec: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
https://seclists.org/oss-sec/2024/q3/2
Cloudflare's recent blog regarding polyfill shows that Cloudflare never authorized Polyfill to use their name in their product
Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet
https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet
polyfill.io, a popular JavaScript library service, can no longer be trusted and should be removed from websites
