Podcast: Play in new window | Download (Duration: 18:05 — 11.4MB)
Malicious OSS, Netflix conjecture, A win in the right to repair fight, and yet another Chrome zero-day yawn
Links
node-ipc malicious update
https://www.wired.com/story/developer-altered-open-source-software-to-wipe-files-in-russia/
https://www.zdnet.com/article/corrupted-open-source-software-enters-the-russian-battlefield/
https://github.com/advisories/GHSA-97m3-w2cp-4xx6
Malicious Azure-targeting NPM packages
https://www.zdnet.com/article/malicious-npm-packages-target-azure-developers-to-steal-personal-data/
Netflix offers way to pay more if you share passwords
https://about.netflix.com/en/news/paying-to-share-netflix-outside-your-household
John Deere repair program
https://www.deere.com/en/news/all-news/john-deere-expands-access-to-self-repair-resources/
Yet another critical Chrome vulnerability
https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/