floofloof@lemmy.ca to Cybersecurity@sh.itjust.worksEnglish · 3 months agoNotepad++ updater installed malwarewww.heise.deexternal-linkmessage-square2linkfedilinkarrow-up118arrow-down15
arrow-up113arrow-down1external-linkNotepad++ updater installed malwarewww.heise.defloofloof@lemmy.ca to Cybersecurity@sh.itjust.worksEnglish · 3 months agomessage-square2linkfedilink
minus-squarelurch (he/him)@sh.itjust.workslinkfedilinkEnglisharrow-up12·3 months agoHeadline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.
minus-squaresmeg@infosec.publinkfedilinkEnglisharrow-up8·3 months agoWhich requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit
Headline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.
Which requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit