Securing Open Source
Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date
Richi Jennings | | alphabet, bounty, bug bounty, bug bounty program, bugbounty, ethical hacker, ethical hackers, ethical hacking, google, SB Blogwatch, Vulnerability Rewards Program (VRP), white hat, white hat hacker, white hat hackers, White Hat Security, White Hats, WhiteHat, whitehat hackers, WhiteHat Security
Wanna be a VRP VIP? Last year, $GOOG paid $10 million to ethical hackers for finding vulnerabilities ...
Security Boulevard
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
CNCF Graduates Falco Project to Improve Linux Security
The Cloud Native Computing Foundation (CNCF) announced today that Falco, an open source tool for defining security rules in Linux environments, has officially graduated ...
Security Boulevard
US Will Fight Russian Disinformation — Hacks and Leaks and Deepfakes, Oh My!
Richi Jennings | | deepfake, deepfake attacks, Deepfake Detection, Deepfake security threats, Deepfake Technology, deepfake videos, deepfakes, Department of State, disinformation, election disinformation, James Rubin, online disinformation, Russia, Russia-Ukraine, russia-ukraine conflict, Russia's War on Ukraine, SB Blogwatch, Social disinformation, State Department, U.S. Department of State, Ukraine, ukraine conflict, ukraine war scams, Ukraine-Russia War, Ukraine/European Security, US department of state
Pay no attention to that man: State Dept. Global Engagement Centre chief James Rubin (pictured) follows the yellow brick road ...
Security Boulevard
PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs
Richi Jennings | | APT41, Auxun, Chengdu 404, china, china espionage, Chinese, Chinese Communists, Chinese devices, chinese government, chinese hacker, Chinese hackers, Chinese Threat Actors, Data Stolen By China, Great Firewall of China, hong kong, i-soon, Insider, insider breach, insider risk, iSoon, Peoples Republic of China, SB Blogwatch, Tibet, Uyghur
Underpaid, overworked and angry: Whistleblower in hacker contractor firm for Chinese government blows lid off tactics, techniques and procedures ...
Security Boulevard
LockBit Takedown by Brits — Time for ‘Operation Cronos’
Richi Jennings | | British, British intelligence, Infrastructure Takedown, Lockbit, LockBit ransomware, National Crime Agency, network takedown, Operation Cronos, SB Blogwatch, takedown, takedowns, U.K. National Crime Agency, uk, website takedown, website takedowns
RaaS nicked: 11-nation army led by UK eliminates ransomware-for-hire scrotes’ servers ...
Security Boulevard
‘Incompetent’ FCC Fiddles With Data Breach Rules
Richi Jennings | | breach notification, Data Breach Notification, data breach notification laws, fcc, FCC Failures, FCC Follies, FCC privacy rules, Federal Communications Commission, GDPR Breach Notification, Jessica Rosenworcel, SB Blogwatch, U.S. Federal Communications Commission
FCC FAIL: While Rome burns, Federal Communications Commission is once again behind the curve ...
Security Boulevard
Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi
Richi Jennings | | BIOS, CVE-2023-40547, Enterprise Linux and Open Source, Linux, open source, Open Source and Software Supply Chain Risks, open source code, Open Source Community, open source components, open source development, Open Source Ecosystem, SB Blogwatch, secure boot, shim, UEFI, UEFI Failing, UEFI vulnerabilities
Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault ...
Security Boulevard
‘Total Bollocks’ — No, Your Toothbrush isn’t DDoS’ing
Richi Jennings | | botnet, Botnet Attack, botnets, Consumer IoT, ddos, DDoS attack, DDoS botnet, Fortinet, Inc., Internet of things, Internet of Things (IoT), Internet of Things (IoT) Security, Internet of Things cyber security, iot, IoT botnet
PR FAIL: Were 3 million toothbrushes hacked into a botnet? Or does a Fortinet spokeschild have egg on his face? ...
Security Boulevard
Microsoft Ditches C# for Rust: M365 Core Gets Safety and Perf Boosts
C# — Rust in peas: Microsoft 365 “Core Platform Substrate” gets rewrite in Rust language ...
Security Boulevard