Hot Topics

Security Challenges and Opportunities of Remote Work

a PRC flag flies in a stiff breeze

China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?

| | BlackTech, CCP, china, china espionage, cisa, cisco, FBI, hong kong, Japan, nsa, Peoples Republic of China, SB Blogwatch, Taiwan
TTP: IOS EEM CLI BBQ LOL—FBI, NSA, CISA join Japan’s NISC to warn of espionage group linked to Chinese Communist Party ...
Security Boulevard
The Google WebP logo

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

| | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
A man has fallen asleep on top of his books and papers

‘BLASTPASS’ iPhone Exploit — Apple Asleep at the Switch

| | Apple, BLASTPASS, Citizen Lab, FaceTime, FaceTime bug, imessage, ios, iPhone, NSO, NSO Group, Pegasus, Pegasus Spyware, Privacy, SB Blogwatch
Zero click, zero day, zero clue: Yet another iOS zero-day lets NSO’s Pegasus “mercenary spyware” cause chaos ...
Security Boulevard
A lemur stares back at you, with a shocked expression

Sourcegraph’s Shocking Screwup: Private Secrets in Public Repo

| | AI, authentication token, compromised credentials, credential replay attacks, large language models, Large Language Models (LLM), Large language models (LLMs), LLM, pii, PII Leakage, Run-time Secrets Protection, SB Blogwatch, secret, secret key, secret keys, secret management, secrets scanning, Sourcegraph
Credentials create crisis: AI source code navigation LLM leaks PII after DevOps SNAFU ...
Security Boulevard
A duck stares at you, straight on

Qakbot Cracked: FBI and Friends Hack the Hackers

| | aresloader, Black Basta Ransomware, botnet, botnets, Department of Justice, Department of Justice (DOJ), DOJ, Duck Hunt, FBI, Federal Bureau of Investigation, justice department, loaders, Pinkslipbot, Qakbot, qakbot malware, Qbot, SB Blogwatch, takedown, takedowns, U.S. Department of Justice, U.S. Justice Department, United States Department of Justice, US Department of Justice, US FBI
Operation Duck Hunt shoots to kill big botnet ...
Security Boulevard
a little teapot, short and stout

Lapsus$ Jury Says Teen Duo Did Do Crimes

| | Arion Kurtaj, Grand Theft Auto, Lapsus$, Ransomware, Rockstar Games, SB Blogwatch, Strawberry Tempest
Arion Kurtaj and anon minor: Part of group that hacked Uber, Nvidia, Microsoft, Rockstar Games and many more ...
Security Boulevard
LOL Limewire

LOL WinRAR: Serious One-Click Bug (Patch NOW)

| | 7-Zip, archive, RAR files, SB Blogwatch, WinRAR
Even if You Are not a Pirate: Fix for CVE-2023-40477 now available ...
Security Boulevard
abandoned house

Ransomware Robs Realtors — Rapattoni MLS-aaS Down: Day 8 and Counting

| | legacy, Legacy Application, legacy applications, legacy apps, legacy IT, legacy Software, legacy system security risk, legacy systems, MLS, Ransomware, Rapattoni, real estate, real estate agents, realtors, SaaS, SB Blogwatch
MLS FAIL: Home listings SaaS dead in the water as real estate agents lose leads ...
Security Boulevard
power plant

‘Sabotage the Factory’ — 16 Big Bugs in Codesys ICS/OT/SCADA Software

| | CoDe16, Codesys, ICS, ICS/SCADA, ICS/SCADA Security, operational technologies, operational technology, operational technology security, OT, SB Blogwatch, SCADA, Vladimir Eliezer Tokarev, Vladimir Tokarev
CoDe16 FAIL: Researchers unveil high-severity vulns in Codesys Control, used in millions of devices ...
Security Boulevard
DHS secretary Alejandro Mayorkas

Teenage Hackers Must be Stopped: US DHS’s CSRB Report

| | 2 factor auth, 2-factor authentication, 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA policies, 2FA/MFA, cellphone fraud, CSRB, Cyber Safety Review Board, Department of Homeland Security, DHS, DUAL FACTOR AUTHENTICATION, factor auth, homeland security, Homeland Security Presidential Directive, homelandsecurity, Lapsus$, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, two factor authentication, U.S. Department of Homeland Security, United States Department of Homeland Security, US Homeland Security
2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.) ...
Security Boulevard
Load more