Tag: npm

Categories
podcast

Angry Tech News #38: Iconic Faceprint

Podcast: Play in new window | Download (Duration: 22:35 — 14.7MB)

TikTok, Twitter, and Ubisoft screw their users, European government screws everyone, a way to defeat air gaps, yet another NPM supply chain attack, and a new product that will help you reach your inner cyborg!

Links:

TikTok bends over your privacy
https://www.engadget.com/fcc-commissioner-google-facebook-ban-tik-tok-064559992.html
https://www.pandasecurity.com/en/mediacenter/security/tiktok-privacy-faceprints/

Firefox starts stripping tracking tags from URLs
https://www.bleepingcomputer.com/news/security/new-firefox-privacy-feature-strips-urls-of-tracking-parameters/

Smart contact lenses
https://www.forbes.com/sites/johnkoetsier/2022/05/18/mojo-visions-smart-contact-lens-ready-for-real-world-testing/

Ubisoft shows who really owns your games
https://www.pcgamesn.com/assassins-creed-liberation-steam

Twitter has no ethics
https://therecord.media/twitter-apologizes-for-abusing-user-security-information-after-150-million-ftc-settlement/

Iconburst NPM supply chain attack
https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites

DMA, DSA pass EU parliament
https://epic.org/european-parliament-adopts-dsa-dma/

ETSC mandates black boxes
https://www.zerohedge.com/political/today-all-new-vehicles-eu-will-have-surveillance-black-boxes

Using SATA cable to defeat air gaps
https://www.bleepingcomputer.com/news/security/air-gapped-systems-leak-data-via-sata-cable-wifi-antennas/

Categories
podcast

Angry Tech News #29: Supply Chain Advisor

Podcast: Play in new window | Download (Duration: 18:05 — 11.4MB)

Malicious OSS, Netflix conjecture, A win in the right to repair fight, and yet another Chrome zero-day yawn

Links

node-ipc malicious update
https://www.wired.com/story/developer-altered-open-source-software-to-wipe-files-in-russia/
https://www.zdnet.com/article/corrupted-open-source-software-enters-the-russian-battlefield/
https://github.com/advisories/GHSA-97m3-w2cp-4xx6

Malicious Azure-targeting NPM packages
https://www.zdnet.com/article/malicious-npm-packages-target-azure-developers-to-steal-personal-data/

Netflix offers way to pay more if you share passwords
https://about.netflix.com/en/news/paying-to-share-netflix-outside-your-household

John Deere repair program
https://www.deere.com/en/news/all-news/john-deere-expands-access-to-self-repair-resources/

Yet another critical Chrome vulnerability
https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/

Categories
podcast

Angry Tech News #7: Munition Parser

Podcast: Play in new window | Download (Duration: 19:17 — 11.5MB)

Argentinian data breach, NPM supply chain attack, Apple as a bad security neighbor, Play store fees dropping, and the return of the 90s encryption ban

Links:

Argentina RENAPER DB breached
https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/
https://techstory.in/argentinas-entire-population-at-risk-hacker-steals-government-id-database/

NPM supply chain attack: UA-Parser-JS lib released with backdoor
https://www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/
https://blog.sonatype.com/npm-project-used-by-millions-hijacked-in-supply-chain-attack

Apple silently fixing reported bugs without giving credit
https://www.bleepingcomputer.com/news/apple/apple-silently-fixes-ios-zero-day-asks-bug-reporter-to-keep-quiet/

Bringing back the encryption ban – this time “hacking tools”
https://www.bleepingcomputer.com/news/security/us-govt-to-ban-export-of-hacking-tools-to-authoritarian-regimes/
https://public-inspection.federalregister.gov/2021-22774.pdf