Dozens of #RedHat packages #backdoored through its official #NPM channel
Official Red Hat NPM accounts have been #compromised and used to push a malicious #worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.
#privacy #security
Widely used #DaemonTools disk app #backdoored in month long supply-chain attack
Daemon Tools, a widely used app for mounting disk images, has been backdoored in a monthlong compromise that has pushed #malicious updates from the servers of its developer, researchers said Tuesday.
#security #supplychain
Popular #LiteLLM #PyPI package #backdoored to steal #credentials , auth #tokens
The #TeamPCP #hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI & claiming to have stolen data from hundreds of thousands of devices during the attack.
LiteLLM is an open-source #Python library that serves as a gateway to multiple large language model ( #LLM ) providers via a single #API.
#privacy #security #supplychain
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack.
check out the write-up at https://rad.ctrlc.hu:443/raw/rad:z46AkAERuXAzqZcDRKvE7byRbkga1/7a27b7a350ccadadc2d1bd776747a06393fb50ab/writeup.pdf
for more weird details of the #nsa #backdoored #SBT #military #crypto #device.
some interesting details, the #nsa #backdoored #phillips device runs a 8051 mcu. there's a print subroutine, that pops the return address from the stack, and prints the litteral chars from that address onwards until it finds a byte which has the top bit set. then it returns to the address after this last char. of course this is no calling-convention that any disassembler knows, so it throws them off.
2/n
The #NSA with the help of #philips #backdoored (again!) a european military messaging #device in the 80ies, a few years ago the fine people of the #cryptomuseum published everything they knew about it - including a #firmware dump:
https://www.cryptomuseum.com/crypto/philips/ua8295/
back then i #reverseEngineered this, and last week finally cleaned it up, and publish it today:
https://rad.ctrlc.hu/nodes/rad.ctrlc.hu/rad:z46AkAERuXAzqZcDRKvE7byRbkga1
also on the bad site: https://github.com/stef/UA-8295-NSA
update: it's a thread: 1/n
#Cocaine in Private Jets and Sex Toys: What the #FBI Found on its Secretly #Backdoored #Chat App
Private jets loaded with cocaine landing at an airport in #Germany. A #trafficker stuffing a racing sail boat with drugs and entering a tournament to blend in with other racers before speeding off. Vacuum-sealed layers of #methamphetamine inside solar panels. And nearly 60 kilograms of drugs hidden inside a shipment of sex toys.
Sellers of Anom, the FBI's Secret #Backdoored Phone, Plead Guilty
The court records released as part of the plea deals also provide new insight into how some of the phone sellers discussed drug #trafficking on their #Anom devices as well.
#privacy #security #backdoor
https://www.404media.co/sellers-of-anom-the-fbis-secret-backdoored-phone-plead-guilty/
Government to Name ‘Key Witness’ Who Provided #FBI With #Backdoored #Encrypted #Chat App #Anom
#privacy #security
A lawyer has pushed to learn the identity of the person who first created Anom, which the FBI used to read tens of millions of messages sent by organized criminals. The confidential human source may testify in court, too.
PrivacyDigest
stf