floofloof@lemmy.ca to Cybersecurity@sh.itjust.worksEnglish · 3 months agoNotepad++ updater installed malwarewww.heise.deexternal-linkmessage-square2linkfedilinkarrow-up122arrow-down17cross-posted to: technology@lemmy.world
arrow-up115arrow-down1external-linkNotepad++ updater installed malwarewww.heise.defloofloof@lemmy.ca to Cybersecurity@sh.itjust.worksEnglish · 3 months agomessage-square2linkfedilinkcross-posted to: technology@lemmy.world
minus-squarelurch (he/him)@sh.itjust.workslinkfedilinkEnglisharrow-up18·3 months agoHeadline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.
minus-squaresmeg@infosec.publinkfedilinkEnglisharrow-up12·3 months agoWhich requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit
Headline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.
Which requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit