Securing Open Source - Security Boulevard

KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again

Richi Jennings — Fri, 20 Oct 2023 15:10:39 +0000

Mote below k: Not only malvertising, but also “verified by Google.”

The post KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again appeared first on Security Boulevard.

iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain

Richi Jennings — Fri, 06 Oct 2023 15:26:53 +0000

Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug).

The post iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain appeared first on Security Boulevard.

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

Richi Jennings — Wed, 13 Sep 2023 17:10:18 +0000

WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more.

The post Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug appeared first on Security Boulevard.

Google Kills 3rd-Party Cookies — but Monopolizes AdTech

Richi Jennings — Fri, 08 Sep 2023 17:39:16 +0000

Firefox looking good right now: “Privacy Sandbox” criticized as a proprietary, hypocritical, anti-competitive, self-serving contradiction.

The post Google Kills 3rd-Party Cookies — but Monopolizes AdTech appeared first on Security Boulevard.

BadBazaar: Chinese Spyware Shams Signal, Telegram Apps

Richi Jennings — Thu, 31 Aug 2023 17:13:45 +0000

After sneaking into Google and Samsung app stores, “GREF” APT targets Uyghurs and other PRC minorities.

The post BadBazaar: Chinese Spyware Shams Signal, Telegram Apps appeared first on Security Boulevard.

Teenage Hackers Must be Stopped: US DHS’s CSRB Report

Richi Jennings — Fri, 11 Aug 2023 15:16:16 +0000

2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.)

The post Teenage Hackers Must be Stopped: US DHS’s CSRB Report appeared first on Security Boulevard.

Has the Altruism Model of Open Source Security Peaked?

Sue Poremba — Thu, 04 May 2023 13:00:36 +0000

With an executive order, the Biden administration attempted to address concerns around open source software’s security. In Section 4 of Executive Order 14028, Improving the Nation’s Cybersecurity, open source and the software supply chain was specifically mentioned, with a requirement for “ensuring and attesting, to the extent practicable, to the integrity and provenance of open..

The post Has the Altruism Model of Open Source Security Peaked? appeared first on Security Boulevard.

FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch

Richi Jennings — Tue, 25 Apr 2023 17:39:06 +0000

2FA OTP ASAP? Google Authenticator app now syncs your secrets: No stress if you break your phone.

The post FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch appeared first on Security Boulevard.

Governments Try to Ban Encryption (Yet Again)

Richi Jennings — Mon, 24 Apr 2023 17:38:07 +0000

Déjà vu: Yet again, they’re tugging on the “think of the children” strings. But you can’t make math illegal.

The post Governments Try to Ban Encryption (Yet Again) appeared first on Security Boulevard.

Drop Everything: Update Chrome NOW — 0-Day Exploit in Wild

Richi Jennings — Mon, 17 Apr 2023 16:00:45 +0000

It’s Help|About Time: Chrome’s “V8” JavaScript engine has high-severity vuln. Scrotes already exploiting it.

The post Drop Everything: Update Chrome NOW — 0-Day Exploit in Wild appeared first on Security Boulevard.