Securing Open Source

A still from the 1928 animated short, “Steamboat Willie”—the first appearance of Mickey Mouse

Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old

What a Mickey Mouse operation: Infostealer scrotes having a field day with unpatched vulnerability ...

Security Boulevard

Best of 2023: Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)

Richi Jennings | January 2, 2024 | cloud storage, My Cloud, Ransomware, SB Blogwatch, storage, WD, Western Digital, Western Digital My Cloud

Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files ...

Security Boulevard

Apple CEO Tim Cook, with superimposed text: “No Such Agency”

NSA iPhone Backdoor? Apple Avoids Russian Blame Game

Richi Jennings | December 28, 2023 | Apple, back door, backdoor, CVE-2023-32434, CVE-2023-32435, CVE-2023-32439, CVE-2023-38606, CVE-2023-41990, FSB, imessage, ios, iPhone, kaspersky, Kaspersky Lab, Kaspersky Security, nsa, Russia, Russian FSB, SB Blogwatch, spyware, triangulation, Zero Click Attack, Zero-Click Exploit

“No Ordinary Vulnerability” — Operation Triangulation research uncovers new details of fantastic attack chain ...

Security Boulevard

Best of 2023: Another Password Manager Leak Bug: But KeePass Denies CVE

Richi Jennings | December 28, 2023 | CVE-2023-24055, default settings, Dominik Reichl, KeePass, open source, password managers, SB Blogwatch

Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw ...

Security Boulevard

SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec

Richi Jennings | December 20, 2023 | Authentication, CBC, ChaCha20, chaves ssh, CVE-2023-48795, libSSH, Man In The Middle, man in the middle attack, man in the middle attacks, mitm, MitM Attack, mitm attack prevention, mitm attacks, openssh, OpenSSH protocol, SB Blogwatch, SSH, Terrapin

Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches ...

Security Boulevard

Happy New Year: Google Cookie Block Starts Soon, but Fear Remains

Richi Jennings | December 15, 2023 | adtech, Advertising, Advertising and AdTech, adverts, , , cookieconsent, cookies, FLEDGE, FLoC, GOOG, Google Chrome, Privacy, Privacy Sandbox, SB Blogwatch, Topics, tracking cookies,

2024 almost here: Rollout begins Jan 4, but few trust Google’s motives ...

Security Boulevard

The Ukrainian president, Volodymyr Zelenskyy, with superimposed text: “Bring it.”

Russia Hacks Ukraine, Ukraine Hacks Russia — Day#658

Richi Jennings | December 13, 2023 | Kyivstar, Russia, russia hacker, Russia-Ukraine, russia-ukraine conflict, Russia's War on Ukraine, Russian Cyber War, Russian cybercrime, SB Blogwatch, Ukraine, ukraine conflict, Ukraine Cyber War, Ukraine cyberattack

When will it end? Russia takes down Kyivstar cellular system, Ukraine destroys Russian tax system ...

Security Boulevard

A ballet dancer sits in a chair, head in hands. The text “IT’S EVEN WORSE” is superimposed.

Okta Screws Up (Yet Again) — ALL Customers’ Data Hacked, not just 1%

You had one job: Last month’s sheer incompetence descends this week into UTTER FARCE ...

Security Boulevard

Google to Force-Block Ad Blockers — Time to Get Firefox?

Richi Jennings | November 17, 2023 | ad blockers, ad-blocker, ad-blocking, adblock, adblockers, adblocking, adblocks, adtech, Advertising and AdTech, Chrome, Chrome extension, chrome extensions, google, Manifest V3, SB Blogwatch, uBlock Origin

Manifest V3: Destiny. Huge advertising monopoly flexes muscles: “Manifest V2” extensions to be nuked, but “V3” cripples ad blockers ...

Security Boulevard

A caricature of FBI head Christopher Wray

FBI’s Warrantless Spying on US Must Continue, Says FBI

Privacy, schmivacy: FBI head Christopher Wray (pictured) doesn’t see what all the fuss is about. Just renew FISA section 702 already! ...

Security Boulevard

Securing Open Source

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On