Popular Post

Another Password Manager Leak Bug: But KeePass Denies CVE
Richi Jennings | | CVE-2023-24055, default settings, Dominik Reichl, KeePass, open source, password managers, SB Blogwatch
Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw ...
Security Boulevard

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Richi Jennings | | Bundeskriminalamt, Department of Justice, DOJ, Europol, FBI, Hive, HIVE Ransomware, Ransomware, SB Blogwatch, takedown, takedowns, website takedown, website takedowns
Law enforcement agencies from several countries got together and took down the site. They also worked to decrypt victims’ data ...
Security Boulevard

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Richi Jennings | | @_nyancrimew, CommuteAir, maia arson crimew, no-fly list, SB Blogwatch, SSSS, Tillie Kottmann, United Airlines
An unsecured Jenkins server contained secret credentials for more than 40 public-cloud storage buckets. In today’s SB Blogwatch, we say hello to our old friend maia arson crimew ...
Security Boulevard

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Richi Jennings | | 2023 T-Mobile Breach, 5G, api, API Abuse, pii, Privacy, SB Blogwatch, T-Mobile, t-mobile breach, t-mobile data breach, T-Mobile hack
The Un-carrier is In-secure, it seems. Un-believable. In-credibly in-competent. CEO Mike Sievert (pictured) might become un-CEO ...
Security Boulevard

Another Password Manager Breach: NortonLifeLock Apes LastPass
Richi Jennings | | credential reuse, credential stuffing, credential stuffing attack, Gen Digital, lastpass, Norton Password Manager, NortonLifeLock, Password, password reuse, passwords, SB Blogwatch, Symantec
NortonLifeLock is warning customers their passwords are loose. First LastPass, now this? ...
Security Boulevard

Yikes, Control Web Panel has Critical RCE — Patch NOW
Richi Jennings | | CentOS, CentOS Web Panel, Control Web Panel, CVE-2022-44877, Gais Security, Linanto, Linux, Numan Türle, SB Blogwatch
Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being exploited RIGHT NOW ...
Security Boulevard

Digital License Plates: Stupid, Pointless, Insecure
Richi Jennings | | API Attack, API Authentication, API Authorization, API security, Automotive Cyber Security, Automotive Security, California, digital license plate, digitalization, DMV, GPS, iot, Privacy, Reviver, Rplate, SB Blogwatch
Reviver’s Rplate digital license plates are insecure: Their design appears to be riddled with privacy holes (not to mention the daft nature of the product itself) ...
Security Boulevard

CES 2023 FAIL: Worst in Show for Security and Privacy
The Consumer Electronics Show wrapped up yesterday. But some vendors faced stiff criticism over their privacy and security stances ...
Security Boulevard

‘We Must Ban TikTok!’ — Senate, House, FCC Agree
Richi Jennings | | Brendan Carr, Bytedance, china, chinese government, fcc, Mike Gallagher, Privacy, SB Blogwatch, social media, TikTok
TikTok’s days are numbered in the U.S.—if the GOP has its way ...
Security Boulevard

GitHub Secret Scanning is now Free (as in Beer)
Richi Jennings | | Do you think they call this service their "Secret Scanta"?, GitHub, Microsoft, SB Blogwatch, secret key, secret keys, secret management, Secrets, Secrets detection, Secrets Management, secrets scanning, SecretScanner
Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem ...
Security Boulevard