Hot Topics

DevOps

Reimagined “Just a bill” of Schoolhouse Rock fame

Here Comes the US GDPR: APRA, the American Privacy Rights Act

| | American Data Privacy and Protection Act, APRA (American Privacy Rights Act), Cathy McMorris Rodgers, Consumer privacy rights, customer privacy, EU GDPR, GDPR, GDPR (General Data Protection Regulation), gdpr legislation, Maria Cantwell, Privacy, SB Blogwatch
Enter the lobbyists: A draft federal privacy act has Washington DC buzzing. But it’s just a bill—and it’s a long, long journey before it becomes a law ...
Security Boulevard
Someone scanning a QR code on their phone

Small business cyber security guide: What you should prioritize & where you should spend your budget

| | CISO Suite, Creating Active Awareness, Cyber Security Risks, Employee Awareness, guide, Home, Privacy, Security Awareness, Security Culture, Seed n soil posts, small business, tips
The post Small business cyber security guide: What you should prioritize & where you should spend your budget appeared first on Click Armor ...
Click Armor
An old-school telephone, the like of which Millenials have never seen. Also: Get off my lawn.

FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?

| | Big Telecom, carrier, Carriers, Diameter, digital telecom, fcc, FCC Failures, FCC Follies, FCC privacy rules, Federal Communications Commission, Federal Government, Location, location access risks, location data, Location data privacy, location history, location intelligence, location privacy, location sharing location tracking, location tracking, mobile carrier, mobile carrier vulnerability, Mobile carriers, Mobile Location Tracking, Mobile Tracking, Phone Carrier, RADIUS, roaming, Ron Wyden, SB Blogwatch, Sen. Ron Wyden, Smartphone Location Tracking, ss7, telco, Telecom, Telecom Cybersecurity, Telecom Industry, Telecom Industry Vulnerabilities, telecommunications, Telecommunications Security, telephone, telephones, U.S. Federal Communications Commission, wireless carrier
Fast enough for government work: The Federal Communications Commission is finally minded to do something about decades-old vulnerabilities ...
Security Boulevard
Screenshot from Smart SOAR's View Data Source tab

Smart SOAR’s Innovative Approach to Error-Handling Explained

| | D3 Smart SOAR, Error Handling, Event Playbooks, Incident Playbooks, Smart SOAR, SOAR, soar playbook
Our commitment to innovation is deeply rooted in the feedback we receive from those who use our Smart SOAR platform daily. It was through listening to feedback from our customers that we ...
D3 Security
A single, juicy raspberry on a plain, white background

Biden Review Board Gives Microsoft a Big, Fat Raspberry

| | Active Directory, Authentication, azure, Azure Active Directory, Azure AD, Azure security, cisa, CISA.gov, CSRB, Cyber Safety Review Board, Cybersecurity Infrastructure Security Administration, Entra ID, Exchange, Microsoft, Microsoft Azure, Microsoft Azure Active Directory, Microsoft Azure Security, Outlook.com, SB Blogwatch, Storm-0558
Storm-0558 forecast: Last year’s Chinese hack of federal agencies’ email is still a mystery, and “should never have occurred,” says CISA ...
Security Boulevard
David Boies, founding partner and chairman of Boies Schiller Flexner, LLP

Chrome’s Incognito Mode Isn’t as Private as You Think — but Google’s Not Sorry

| | adtech, Advertising, Advertising and AdTech, adverts, breach of privacy, browser, browser abuse, Chrome, cookie, Cookie Consent, cookieconsent, cookies, customer privacy, Data Privacy, FLEDGE, FLoC, GOOG, google, Google Ad, Google AdSense, Google advertising, Google Chrome, Google Chrome Security, Incognito, Incognito Mode, Link History, Privacy, Privacy Sandbox, SB Blogwatch, Topics, tracking cookies, web cookie
Short term gain for long term pain? Class action attorney David Boies asked for $5,000 per user, but got nothing—except some assurances Google will delete data it no longer needs ...
Security Boulevard
software supply chain malware

The Cybersecurity Industry Starts Picking Through Malicious XZ Utils Code

| | Linux, open source code, software supply chain attack
The open source community, federal agencies and cybersecurity researchers are busy trying to get their hands around the security near-miss of the backdoor found in versions of the popular XZ Utils data ...
Security Boulevard
Closeup of person going “Shhh!”

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

| | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
Multiple, unskippable notifications

Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones

| | 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA solution, 2FA/MFA, Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iCloud, Apple ID, Apple ID failure, Apple iOS, Apple iPad, Apple iPhone, bypass 2FA, MFA, MFA Bombing, mfa fatigue, MFA hacks, mfa protection, mfasecurity, Multi-Factor Authentication (MFA), OTP, OTP circumvention bot, OTP interception bot, phishing-resistant MFA, push otp, SB Blogwatch, TOTP, two-factor-authentication.2fa
Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support ...
Security Boulevard
AI vulnerability

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

| | Artificial Intelligence (AI), Best Practices, framework, Ray, vulnerability
Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, ...
Security Boulevard
Load more