Hot Topics

API Security

The Golden Gate Bridge, under an blood-red sky

Cisco Zero-Day: As Bad as it Gets — and No Fix 4 Weeks in

| | 0-day, 0-day exploits, 0-day vulnerability, 0day, cisco, Cisco IOS XE, CVE-2023-20198, SB Blogwatch, Zero Day Attacks, zero-day, Zero-Day Bug, Zero-day Exploit, zero-day exploits, zero-day flaw, zero-day flaws, zero-day threat, zero-day vulnerabilities, Zero-day Vulnerability, zero-days, zeroday, zerodayvulnerabilities
Keeping us in suspense—It doesn’t get worse than this: CVE-2023-20198 is CVSS=10 ...
Security Boulevard
A small bunch of keys on a stark, white background

Google Pushes ‘Passkeys’ Plan — but it’s Too Soon for Mass Rollout

| | 2 factor auth, 2-fa authentication, 2-factor authentication, 2fa, 2FA Authenticator, 2FA/MFA, advanced authentication, auth, Authentication, biometric, biometric authentication, biometric identification, biometric security, biometrics, biometrics authentication, Biometrics-Based Authentication, FIDO, FIDO Alliance, FIDO2, google, MFA, MFA rollout, Multi-Factor Authentication (MFA), Passkeys, passwordless, , passwordless-authentication, PKI-based passwordless authentication, SB Blogwatch, two-factor-authentication.2fa, WebAuthn
FIDO FAIL: “Killing passwords” is a worthy goal—but is coercion the best way? ...
Security Boulevard
Three iPhone 15s sit on a wicker table, with the words “PATCH NOW!” macro’ed on top

iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain

| | Apple, Apple iPhone, Apple zero-day, CVE-2023-42824, CVE-2023-5217, iOS 7, iPadOS Vulnerability, iPhone, iPhone and iPad, iphone update, SB Blogwatch, Zero Day Attacks, zero-day vulnerabilities, Zero-day Vulnerability, zero-days
Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug) ...
Security Boulevard
A tailor’s dummy hand is separated from its arm

Broken ARM: Mali Malware Pwns Phones

| | android, ARM, CVE-2023-33200, CVE-2023-34970, CVE-2023-4211, GPU, hardware supply chain, Linux, Mali, open source software supply chain, SB Blogwatch, software supply chain, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...
Security Boulevard
a PRC flag flies in a stiff breeze

China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?

| | BlackTech, CCP, china, china espionage, cisa, cisco, FBI, hong kong, Japan, nsa, Peoples Republic of China, SB Blogwatch, Taiwan
TTP: IOS EEM CLI BBQ LOL—FBI, NSA, CISA join Japan’s NISC to warn of espionage group linked to Chinese Communist Party ...
Security Boulevard
Ahmed El-Tantawy

More iOS Zero-Days, More Mercenary Spyware — This Time: Cytrox Predator

| | 0day, Ahmed Eltantawy, Apple iOS, Apple zero-day, Citizen Lab, CVE-2023-41991, CVE-2023-41992, CVE-2023-41993, CVE-2023-4762, Cytrox, egypt, Google Project Zero, ios, iOS spyware, Predator spyware, Privacy, Sandvine, SB Blogwatch, spyware, Vodafone, Vodafone Egypt
Apple Scrambled to Fix 3 More CVEs: Egyptian opposition presidential candidate Ahmed Eltantawy targeted “by the government ...
Security Boulevard
The Google WebP logo

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

| | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
API security, API, cloud, audits, testing, API security vulnerabilities testing BRc4 Akamai security pentesting ThreatX red team pentesting API APIs Penetration Testing

API Security’s Role in Protecting Retail Cloud Apps

| | Cloud Security, cnapp, cspm, data protection, DEVOPS, DevSecOps, retail
Protection from API security threats is crucial, especially for retail companies that hold sensitive customer and financial data ...
Security Boulevard
A man has fallen asleep on top of his books and papers

‘BLASTPASS’ iPhone Exploit — Apple Asleep at the Switch

| | Apple, BLASTPASS, Citizen Lab, FaceTime, FaceTime bug, imessage, ios, iPhone, NSO, NSO Group, Pegasus, Pegasus Spyware, Privacy, SB Blogwatch
Zero click, zero day, zero clue: Yet another iOS zero-day lets NSO’s Pegasus “mercenary spyware” cause chaos ...
Security Boulevard
Google Android malware

Google Kills 3rd-Party Cookies — but Monopolizes AdTech

| | adtech, Advertising, Advertising and AdTech, adverts, cookie, Cookie Consent, cookieconsent, cookies, FLEDGE, FLoC, Privacy, Privacy Sandbox, SB Blogwatch, Topics, tracking cookies, web cookie
Firefox looking good right now: “Privacy Sandbox” criticized as a proprietary, hypocritical, anti-competitive, self-serving contradiction ...
Security Boulevard
Load more