So one could have replace a JS file with one fetched from attacker controlled server for any site behind Akamai like LastPass or PayPal.
That JS could have exfiltrated all the secrets from these sites on the client side (post decryption) or replace account numbers with their own on behalf of the user.
> Like NVIDIA, Microsoft was able to stanch some of the bleeding, cutting off LAPSUS$’s illicit access while the group was in the process of downloading all of the available source code repositories alphabetically (the group publicized their access to Microsoft at the same time they were downloading the software giant’s source code). As a result, LAPSUS$ was only able to leak the source for Microsoft products at the beginning of the code repository, including Azure, Bing and Cortana.
> EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and Microsoft’s online advertising businesses.
> All data collected through the TCF must now be deleted by the more than 1,000 companies that pay IAB Europe to use the TCF. This includes Google’s, Amazon’s and Microsoft’s online advertising businesses.
> “Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit,” tweeted security researcher Chris Vickery. “It’s disgusting, gross, and brand-suicide.”
> ...when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations.
> An uncensored interview between the Russian OSINT and REvil operator has popped up in one of the hacking forums today. This is an unedited interview, which was originally released on October 23, 2020, by the Russian OSINT on their YouTube channel.
> Intel 11th Gen Intel Core vPro CPUs with support for the Hardware Shield and TDT features will be able to detect ransomware attacks at the hardware level, many layers below antivirus software.
This is bullshit or the CPU can now detect and potentially block software that is running on it that Intel considers malware.