1) Обнаружены несколько вредоносных Go‑модулей, которые загружали malware DiskRanger. 2) Модули маскировались под HTTP и logging библиотеки. 3) Malware активировался через init‑функции и хуки компиляции. 4) Цель — supply chain атака на разработчиков и CI/CD.
⚠️Рекомендации: ● аудит зависимостей ● избегать auto update неизвестных пакетов ● следить за CVE и делетом модулей
📍Судя по всему, supply chain‑атаки становятся всё чаще, даже опытные Go‑разработчики попадаются на них.
1) Обнаружены несколько вредоносных Go‑модулей, которые загружали malware DiskRanger. 2) Модули маскировались под HTTP и logging библиотеки. 3) Malware активировался через init‑функции и хуки компиляции. 4) Цель — supply chain атака на разработчиков и CI/CD.
⚠️Рекомендации: ● аудит зависимостей ● избегать auto update неизвестных пакетов ● следить за CVE и делетом модулей
📍Судя по всему, supply chain‑атаки становятся всё чаще, даже опытные Go‑разработчики попадаются на них.
In the “Bear Market Screaming Therapy Group” on Telegram, members are only allowed to post voice notes of themselves screaming. Anything else will result in an instant ban from the group, which currently has about 75 members. Just as the Bitcoin turmoil continues, crypto traders have taken to Telegram to voice their feelings. Crypto investors can reduce their anxiety about losses by joining the “Bear Market Screaming Therapy Group” on Telegram. Judge Hui described Ng as inciting others to “commit a massacre” with three posts teaching people to make “toxic chlorine gas bombs,” target police stations, police quarters and the city’s metro stations. This offence was “rather serious,” the court said. In 2018, Telegram’s audience reached 200 million people, with 500,000 new users joining the messenger every day. It was launched for iOS on 14 August 2013 and Android on 20 October 2013. Joined by Telegram's representative in Brazil, Alan Campos, Perekopsky noted the platform was unable to cater to some of the TSE requests due to the company's operational setup. But Perekopsky added that these requests could be studied for future implementation.
from us
