!security
@programming.devhttps://arstechnica.com/security/2024/09/researchers-still-dont-know-how-1-3-million-android-streaming-boxes-were-backdoored/
Infection corrals devices running AOSP-based firmware into a botnet.
https://www.axios.com/2024/09/13/microsoft-summit-security-products-crowdstrike
https://forge.chapril.org/hardcoresushi/DroidFS/releases/tag/v2.2.0
Encrypted overlay filesystems implementation for Android. Also available on GitHub: https://github.com/hardcore-sushi/DroidFS
https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/
Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.
https://github.com/codeintegrity-ai/mutahunter
Open Source, Language Agnostic Automatic Test Generation + LLM Mutation Testing - codeintegrity-ai/mutahunter
https://news.sky.com/story/outages-latest-airports-business-and-broadcasters-experiencing-issues-worldwide-13180821
Planes have been grounded as several airports are hit by a global IT outage, with Windows PCs shutting down and broadcasters and businesses also taken offline.
https://www.buskill.in/defcon32/
Join BusKill at DEF CON 32 for our presentation titled "Open Hardware Design for BusKill Cord" in the Demo Lab
https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/
https://seclists.org/oss-sec/2024/q3/2
https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet
polyfill.io, a popular JavaScript library service, can no longer be trusted and should be removed from websites