This month is Black History month, but everyday is an opportunity to learn and appreciate how much Black lives matter.
There was an increased targeting of the gaming industry over the past year, including major ransomware attacks. Not surprising to see supply chain attacks now. Expect to see more supply chain attacks going forward and use this to prepare. NoxPlayer is an Android emulator used by gamers globally. ESET researchers found a supply chain compromise targeting the updating mechanism but only infecting a select few gamers in the Asia Pacific region. So far three malware strains were identified including PoisonIvy RAT and Ghost RAT.
When bug-hunter extraordinaire Tavis Ormandy says he found something, you listen. Especially if it can lead to remote code execution. The bug is in the “libgcrypt” open source library and used for encryption. And a gentle reminder: encryption is not bad/wrong/evil – it makes things safer. GnuPG is used for security in a lot of Linux distributions. Per Tavis, simply decrypting some data could lead to a heap buffer overflow that could be easily exploited. No verification or signature validation. Yes, go patch!