Securing Open Source

Apple Enrages IT — 45-Day Cert Expiration Fury

Richi Jennings | October 16, 2024 | 90-day certificates, 90-day TLS certificate validity, Apple, Apple Safari, browser, Browser Security, CA/B Forum, CA/Browser Forum, CAB Forum, certificate, Certificate and Key Lifecycle Management, Certificate and Key Management, Certificate Automation, mobile safari, Safari, SB Blogwatch, Sectigo

CA/B testing: Ludicrous proposal draws ire from “furious” systems administrators ...

Security Boulevard

Biggest Ever DDoS is Threat to OT Critical Infrastructure

Egyptian River Floods: Operational technology (OT) targeted in “world record” 3.8 Tb/s distributed denial of service (DDoS) ...

Security Boulevard

open, open source, AI, generative, runtime, software, security,

Why NTIA Support of Open-Source AI is Good for Security

Michael Lieberman | September 3, 2024 | generative AI, NTIA, open source AI, software supply chain

A fully open model — one where the training data is available for inspection and modification — provides a means for addressing another threat: malicious or accidentally bad training data ...

Security Boulevard

Prisoner Swap: Huge Russian Hackers Freed — Seleznev and Klyushin

Richi Jennings | August 2, 2024 | cyber attacks russia, Putin, Roman Seleznev, Russia, russia hacker, russia-based, Russian hacker, Russian hackers, Russian hacking, SB Blogwatch, Vladimir Putin, Vladislav Klyushin

Pragmatic politics: Anger as Putin gets back two notorious cybercriminals ...

Security Boulevard

‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans

Richi Jennings | July 10, 2024 | blast radius, collision-based-hashing-algorithm-disclosure, CVE-2024-3596, hash, hash algorithms, hash function, hash functions, Man In The Middle, man in the middle attack, man in the middle attacks, maninthemiddleattacks, md5 hash, men-in-the-middle attack, mitm, MitM Attack, mitm attacks, RADIUS, SB Blogwatch

MD5 MITM Muddle: Ancient, widely used protocol has CVSS 9.0 vulnerability ...

Security Boulevard

A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Richi Jennings | July 5, 2024 | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...

Security Boulevard

‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE

Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...

Security Boulevard

detection, campaigns, threat, HEAT, managed detection and response, Apache ActiveMQ, vulnerability, Aqua Cham, threat, elGang APT Meltdown Spectre Threat Detection

Three Nation-State Campaigns Targeting Healthcare, Banking Discovered

Nathan Eddy | June 27, 2024 | AiTM, bec, MFA, Phishing, Ransomware, threat actor

Researchers have identified three distinct nation-state campaigns leveraging advanced highly evasive and adaptive threat (HEAT) tactics ...

Security Boulevard

A flock of ostriches (or is it a troop?)

WordPress Plugin Supply Chain Attack Gets Worse

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) ...

Security Boulevard

Google Hates Ad Blockers: Manifest V3 Push Starts Today

We warned you. As of June 3, Google is following through on its threat to kill ad blockers. Privacy-focused Chrome extensions are living on borrowed time; developers must upgrade to the less ...

Security Boulevard