Social Engineering
Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old
Richi Jennings | | access-token-manipulation, authentication token, Business Associate Agreements, Chrome, chrome 0-day, chrome phishing, Chrome Security, Chromium, Chromium-Based Browsers, Federated Identity, federated sso, google, Google Account, google account security, Google Advanced Protection, infostealer, infostealers, OAuth, oauth 2.0, oauth abuse, Oauth Application Abuse, oauth refresh token, OAuth Token Vunerability, Prisma, Protecting OAuth Tokens, SB Blogwatch, securing oauth
What a Mickey Mouse operation: Infostealer scrotes having a field day with unpatched vulnerability ...
Security Boulevard
Best of 2023: Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)
Richi Jennings | | cloud storage, My Cloud, Ransomware, SB Blogwatch, storage, WD, Western Digital, Western Digital My Cloud
Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files ...
Security Boulevard
NSA iPhone Backdoor? Apple Avoids Russian Blame Game
Richi Jennings | | Apple, back door, backdoor, CVE-2023-32434, CVE-2023-32435, CVE-2023-32439, CVE-2023-38606, CVE-2023-41990, FSB, imessage, ios, iPhone, kaspersky, Kaspersky Lab, Kaspersky Security, nsa, Russia, Russian FSB, SB Blogwatch, spyware, triangulation, Zero Click Attack, Zero-Click Exploit
“No Ordinary Vulnerability” — Operation Triangulation research uncovers new details of fantastic attack chain ...
Security Boulevard
Best of 2023: Another Password Manager Leak Bug: But KeePass Denies CVE
Richi Jennings | | CVE-2023-24055, default settings, Dominik Reichl, KeePass, open source, password managers, SB Blogwatch
Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw ...
Security Boulevard
Holiday Threats Surge as Christmas-Themed Scams Explode
As the winter holidays approach, malicious spammers have ramped up their efforts with a surge of Christmas-themed scams ...
Security Boulevard
SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec
Richi Jennings | | Authentication, CBC, ChaCha20, chaves ssh, CVE-2023-48795, libSSH, Man In The Middle, man in the middle attack, man in the middle attacks, mitm, MitM Attack, mitm attack prevention, mitm attacks, openssh, OpenSSH protocol, SB Blogwatch, SSH, Terrapin
Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches ...
Security Boulevard
End of Year Scams
As 2023 comes to an end, it brings along with it a time many people look forward to: the holiday […] ...
X/Twitter Under Investigation by EU in First DSA Move
Richi Jennings | | Digital Services Act, Elon Musk, elon musk twitter, eu, European Commission, European Governments, European legislation, European Security, European Union, European Union (EU), Margrethe Vestager, SB Blogwatch, Schrems, Stupidity of Twitter, Thierry Breton, Twitter, X
DSA VLOP Sinks In. Manipulation, deception, transparency: “We will make full use of our toolbox,” promises Europe ...
Security Boulevard
Romance Scammers are Adopting Approval Phishing Tactics
Jeffrey Burt | | crypto investment scams, cryptocurrency, online romance scam, Phishing, Pig Butchering Scams
Romance scams are labor-intensive and time-consuming schemes to run. They can be lucrative, pulling in millions in stolen cryptocurrency, but they also can end up going nowhere if the targeted victim becomes ...
Security Boulevard
Sleepy — Python Tooling for Sleep
Sleepy — Python Tooling for SleepThank you to SpecterOps for supporting this research and to Sarah, Cody, and Daniel for proofreading and editing! Crossposted on the GitHub.TL;DR: You can use sleepy to automate common tasks when ...