Software Supply Chain Security

An open padlock on a PC keyboard, with the word “FAIL” superimposed

PKfail: 800+ Major PC Models have Insecure ‘Secure Boot’

Richi Jennings | July 26, 2024 | Binarly, BIOS, BIOS update, Certificate and Key Management, hardware supply chain, key management, Key Management Problem, PKfail, Private Key Management, SB Blogwatch, secure boot, UEFI, UEFI Failing, UEFI firmware, UEFI vulnerabilities, Unified Extensible Firmware Interface (UEFI)

Big BIOS bother: Hundreds of PC models from vendors such as HP, Lenovo, Dell, Intel, Acer and Gigabyte shipped with useless boot protection—using private keys that aren’t private ...

Security Boulevard

CrowdStrike Admits it Doesn’t ‘Canary’ Test all Updates

Richi Jennings | July 24, 2024 | canary deployment, CrowdStrike, CrowdStrike Falcon, CrowdStrike Falcon XDR, Downtime and outages, outage, Outage Investigation, SB Blogwatch

Corporate incompetence: Beleaguered security firm issues initial post-mortem on Friday’s faux pas ...

Security Boulevard

businesses, third-party, supply chain, vendor, fortification, defenses

Supply Chain Cyberattacks are on the Rise – Here’s How U.S. Businesses can Fortify Their Defenses

Sam Peters | July 23, 2024 | cyberattacks, Defense, supply chain, Third-Party, threats, Vulnerabilities

The management of vendor and third-party risks is emerging as the number one challenge among U.S. information security professionals ...

Security Boulevard

A Microsoft Windows “blue screen of death”

Global Outage Outrage: CrowdStrike Security Tool Blamed

Richi Jennings | July 19, 2024 | azure, Azure cloud, cloud outage, CrowdStrike, CrowdStrike Falcon, CrowdStrike Falcon XDR, Downtime and outages, m365, Microsoft 365, Microsoft 365 (365), Microsoft 365 outage, Microsoft 365 service outage alert, Microsoft Azure, Microsoft Azure Security, outage, Outage Investigation, SB Blogwatch

BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide ...

Security Boulevard

Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen)

Richi Jennings | July 16, 2024 | API exploit, blockchain, Crypto, cryptocurrencies, cryptocurrency, cryptocurrency exchange, DeFi, domain hijacking, Google Domains, imaginary money, Ponzi scheme, SB Blogwatch, smart contract, Smart Contract Security, smart contracts, Squarespace, Web3

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decentralized finance sites ...

Security Boulevard

AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again

Should’ve used MFA: $T loses yet more customer data—this time, from almost all of them ...

Security Boulevard

‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans

Richi Jennings | July 10, 2024 | blast radius, collision-based-hashing-algorithm-disclosure, CVE-2024-3596, hash, hash algorithms, hash function, hash functions, Man In The Middle, man in the middle attack, man in the middle attacks, maninthemiddleattacks, md5 hash, men-in-the-middle attack, mitm, MitM Attack, mitm attacks, RADIUS, SB Blogwatch

MD5 MITM Muddle: Ancient, widely used protocol has CVSS 9.0 vulnerability ...

Security Boulevard

A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Richi Jennings | July 5, 2024 | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...

Security Boulevard

‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE

Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...

Security Boulevard

supply chain, chip, security, chip supply chain

Building Resilience in the Chip Supply Chain

Vishal Gauri | July 2, 2024 | chip supply chain, cyber resilience, semiconductors

To bolster digital security and resilience across the semiconductor supply chain, a critical first step is that organizations across the supply chain must re-orient their cybersecurity strategies ...

Security Boulevard