Richi Jennings Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.
Richi Jennings
Sourcegraph’s Shocking Screwup: Private Secrets in Public Repo
Richi Jennings | | AI, authentication token, compromised credentials, credential replay attacks, large language models, Large Language Models (LLM), Large language models (LLMs), LLM, pii, PII Leakage, Run-time Secrets Protection, SB Blogwatch, secret, secret key, secret keys, secret management, secrets scanning, Sourcegraph
Credentials create crisis: AI source code navigation LLM leaks PII after DevOps SNAFU ... Read More
Security Boulevard
BadBazaar: Chinese Spyware Shams Signal, Telegram Apps
Richi Jennings | | android, android spyware, APT15, BadBazaar, Flygram, google, Google Play Incompetence, Google Play Store, GREF, Lukas Stefanko, Nickel, Samsung, SB Blogwatch, signal, Signal Plus Messenger, spyware, Telegram, Vixen Panda
After sneaking into Google and Samsung app stores, “GREF” APT targets Uyghurs and other PRC minorities ... Read More
Security Boulevard
Qakbot Cracked: FBI and Friends Hack the Hackers
Richi Jennings | | aresloader, Black Basta Ransomware, botnet, botnets, Department of Justice, Department of Justice (DOJ), DOJ, Duck Hunt, FBI, Federal Bureau of Investigation, justice department, loaders, Pinkslipbot, Qakbot, qakbot malware, Qbot, SB Blogwatch, takedown, takedowns, U.S. Department of Justice, U.S. Justice Department, United States Department of Justice, US Department of Justice, US FBI
Operation Duck Hunt shoots to kill big botnet ... Read More
Security Boulevard
Did Russia Hack Poland’s Trains? MSM Says Yes, but … Well, You Decide
Richi Jennings | | Poland, RADIO-STOP, Rail Cybersecurity, railroad, Railway Security, Russia, SB Blogwatch, trains
Train Phreaking: It depends what you mean by “hack” (and by “Russia”) ... Read More
Security Boulevard
Gmail Adds Extra Checks, Thwarting Sneaky Hackers
Richi Jennings | | 2-factor authentication, 2fa, 2FA/MFA, FIDO, FIDO2, Gmail, google, Google Workspace, MFA, Multi-Factor Authentication (MFA), Passkeys, SB Blogwatch, TOTP, WebAuthn
Sensitive actions such as forwarding to be protected by extra 2FA step ... Read More
Security Boulevard
Lapsus$ Jury Says Teen Duo Did Do Crimes
Richi Jennings | | Arion Kurtaj, Grand Theft Auto, Lapsus$, Ransomware, Rockstar Games, SB Blogwatch, Strawberry Tempest
Arion Kurtaj and anon minor: Part of group that hacked Uber, Nvidia, Microsoft, Rockstar Games and many more ... Read More
Security Boulevard
LOL WinRAR: Serious One-Click Bug (Patch NOW)
Even if You Are not a Pirate: Fix for CVE-2023-40477 now available ... Read More
Security Boulevard
Ransomware Robs Realtors — Rapattoni MLS-aaS Down: Day 8 and Counting
Richi Jennings | | legacy, Legacy Application, legacy applications, legacy apps, legacy IT, legacy Software, legacy system security risk, legacy systems, MLS, Ransomware, Rapattoni, real estate, real estate agents, realtors, SaaS, SB Blogwatch
MLS FAIL: Home listings SaaS dead in the water as real estate agents lose leads ... Read More
Security Boulevard
‘Sabotage the Factory’ — 16 Big Bugs in Codesys ICS/OT/SCADA Software
Richi Jennings | | CoDe16, Codesys, ICS, ICS/SCADA, ICS/SCADA Security, operational technologies, operational technology, operational technology security, OT, SB Blogwatch, SCADA, Vladimir Eliezer Tokarev, Vladimir Tokarev
CoDe16 FAIL: Researchers unveil high-severity vulns in Codesys Control, used in millions of devices ... Read More
Security Boulevard
Teenage Hackers Must be Stopped: US DHS’s CSRB Report
Richi Jennings | | 2 factor auth, 2-factor authentication, 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA policies, 2FA/MFA, cellphone fraud, CSRB, Cyber Safety Review Board, Department of Homeland Security, DHS, DUAL FACTOR AUTHENTICATION, factor auth, homeland security, Homeland Security Presidential Directive, homelandsecurity, Lapsus$, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, two factor authentication, U.S. Department of Homeland Security, United States Department of Homeland Security, US Homeland Security
2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.) ... Read More
Security Boulevard