floofloof@lemmy.ca to Cybersecurity@sh.itjust.worksEnglish · 3 days agoNotepad++ updater installed malwarewww.heise.deexternal-linkmessage-square2fedilinkarrow-up123arrow-down17cross-posted to: technology@lemmy.world
arrow-up116arrow-down1external-linkNotepad++ updater installed malwarewww.heise.defloofloof@lemmy.ca to Cybersecurity@sh.itjust.worksEnglish · 3 days agomessage-square2fedilinkcross-posted to: technology@lemmy.world
minus-squarelurch (he/him)@sh.itjust.workslinkfedilinkEnglisharrow-up18·3 days agoHeadline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.
minus-squaresmeg@infosec.publinkfedilinkEnglisharrow-up12·3 days agoWhich requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit
Headline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.
Which requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit