Software Supply Chain Security

Yikes, YubiKey Vulnerable — ‘EUCLEAK’ FIDO FAIL?

Richi Jennings | September 4, 2024 | CVE-2024-45678, ECDSA, EUCLEAK, FIDO, FIDO2, Infineon, Passkeys, SB Blogwatch, YSA-2024-03, Yubikey

USB MFA SCA😱: Infineon hardware and software blamed for timing side-channel attack on popular auth tokens ...

Security Boulevard

China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target

Richi Jennings | August 28, 2024 | CenturyLink, china, china espionage, China-linked Hackers, China-nexus cyber attacks, China-nexus cyber espionage, CVE-2024-39717, Lumen, Lumen Technologies, Peoples Republic of China, SB Blogwatch, Versa Director, Versa Neworks, VersaMem, Volt Typhoon

Xi whiz: Versa Networks criticized for swerving the blame ...

Security Boulevard

Patch Tuesday not Done ’til LINUX Won’t Run?

Richi Jennings | August 21, 2024 | CVE-2022-2601, Dual boot, GRUB2 Bootloader Secure Boot Bypass, Linux, Microsoft, Microsoft Patch Tuesday August 2024, Microsoft Windows, Patch Tuesday, SB Blogwatch, SBAT, secure boot, Secure Boot Advanced Targeting, Windows

Redmond reboot redux: “Something has gone seriously wrong.” You can say that again, Microsoft ...

Security Boulevard

The word “Tuesday” in cutout paper letters on a textured background

August Patch Pileup: Microsoft’s Zero-Day Doozy Dump

Richi Jennings | August 14, 2024 | Adobe patch, august patch tuesday, CVE-2024-21302, CVE-2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38189, CVE-2024-38193, CVE-2024-38199, CVE-2024-38200, CVE-2024-38202, CVE-2024-38213, Microsoft patch tuesday, Microsoft Patch Tuesday August 2024, Patch Tuesday, SB Blogwatch

See These CVEs: Patch Tuesday—ten zero-days, seven Critical vulns, zero time to waste ...

Security Boulevard

WTH? DPRK WFH Ransomware Redux: 3rd Person Charged

Richi Jennings | August 13, 2024 | Andrew M., DPRK, Korea, Korean military, Korean ransomware, Matthew Isaac Knoot, North Korea, North Korean Hacking, North Korean Threat Actors, northkorea, Noth Korea, SB Blogwatch

North Korean army of remote IT workers enabled by Matthew Isaac Knoot, alleges DoJ ...

Security Boulevard

David Boies, founding partner and chairman of Boies Schiller Flexner, LLP

CrowdStrike Sued? — Delta Dials David Boies

Richi Jennings | July 31, 2024 | CrowdStrike, CrowdStrike Falcon, CrowdStrike incident;, Delta Airlines, falcon, SB Blogwatch

Is Delta the First of Many? Airline calls in attorneys Boies Schiller Flexner to claw back its cash ...

Security Boulevard

An open padlock on a PC keyboard, with the word “FAIL” superimposed

PKfail: 800+ Major PC Models have Insecure ‘Secure Boot’

Richi Jennings | July 26, 2024 | Binarly, BIOS, BIOS update, Certificate and Key Management, hardware supply chain, key management, Key Management Problem, PKfail, Private Key Management, SB Blogwatch, secure boot, UEFI, UEFI Failing, UEFI firmware, UEFI vulnerabilities, Unified Extensible Firmware Interface (UEFI)

Big BIOS bother: Hundreds of PC models from vendors such as HP, Lenovo, Dell, Intel, Acer and Gigabyte shipped with useless boot protection—using private keys that aren’t private ...

Security Boulevard

CrowdStrike Admits it Doesn’t ‘Canary’ Test all Updates

Richi Jennings | July 24, 2024 | canary deployment, CrowdStrike, CrowdStrike Falcon, CrowdStrike Falcon XDR, Downtime and outages, outage, Outage Investigation, SB Blogwatch

Corporate incompetence: Beleaguered security firm issues initial post-mortem on Friday’s faux pas ...

Security Boulevard

businesses, third-party, supply chain, vendor, fortification, defenses

Supply Chain Cyberattacks are on the Rise – Here’s How U.S. Businesses can Fortify Their Defenses

Sam Peters | July 23, 2024 | cyberattacks, Defense, supply chain, Third-Party, threats, Vulnerabilities

The management of vendor and third-party risks is emerging as the number one challenge among U.S. information security professionals ...

Security Boulevard

A Microsoft Windows “blue screen of death”

Global Outage Outrage: CrowdStrike Security Tool Blamed

Richi Jennings | July 19, 2024 | azure, Azure cloud, cloud outage, CrowdStrike, CrowdStrike Falcon, CrowdStrike Falcon XDR, Downtime and outages, m365, Microsoft 365, Microsoft 365 (365), Microsoft 365 outage, Microsoft 365 service outage alert, Microsoft Azure, Microsoft Azure Security, outage, Outage Investigation, SB Blogwatch

BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide ...

Security Boulevard

Software Supply Chain Security

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On