Episode #2022-02

Posted on
aws code-review fingerprinting mining npm safari superglue

Norton 360 preinstalled a cryptocurrency miner software. 1

NPM supply chain security issues is again shown by how fast the corrupted changes in colors and fakers breaks many things 2

Matthew Green poked around the flawed random number generation logic in a cryptocurrency wallet 3

Orca discussed how to chain weaknesses in IAM setup in AWS Glue to compromise your cloud workload. 4

Fingerprinting goes to next level. 5

1. (15) Maxius on Twitter: "Norton is installing a Cryptocurrency miner called Norton Crypto (NCrypt.exe) on end user systems with out so much as a dialogue during the install of its security product." (twitter.com/mAxius)

See also:

2. Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps (www.bleepingcomputer.com)

See also:

3. An extremely casual code review of MetaMask’s crypto – A Few Thoughts on Cryptographic Engineering (blog.cryptographyengineering.com)
4. Superglue: Orca Security Research Team Discovers AWS Glue Vulnerability (orca.security)

See also:

5. Exploiting IndexedDB API information leaks in Safari 15 (fingerprintjs.com)

See also: