Software Supply Chain Security
Ransomware Robs Realtors — Rapattoni MLS-aaS Down: Day 8 and Counting
Richi Jennings | | legacy, Legacy Application, legacy applications, legacy apps, legacy IT, legacy Software, legacy system security risk, legacy systems, MLS, Ransomware, Rapattoni, real estate, real estate agents, realtors, SaaS, SB Blogwatch
MLS FAIL: Home listings SaaS dead in the water as real estate agents lose leads ...
Security Boulevard
‘Sabotage the Factory’ — 16 Big Bugs in Codesys ICS/OT/SCADA Software
Richi Jennings | | CoDe16, Codesys, ICS, ICS/SCADA, ICS/SCADA Security, operational technologies, operational technology, operational technology security, OT, SB Blogwatch, SCADA, Vladimir Eliezer Tokarev, Vladimir Tokarev
CoDe16 FAIL: Researchers unveil high-severity vulns in Codesys Control, used in millions of devices ...
Security Boulevard
Teenage Hackers Must be Stopped: US DHS’s CSRB Report
Richi Jennings | | 2 factor auth, 2-factor authentication, 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA policies, 2FA/MFA, cellphone fraud, CSRB, Cyber Safety Review Board, Department of Homeland Security, DHS, DUAL FACTOR AUTHENTICATION, factor auth, homeland security, Homeland Security Presidential Directive, homelandsecurity, Lapsus$, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, two factor authentication, U.S. Department of Homeland Security, United States Department of Homeland Security, US Homeland Security
2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.) ...
Security Boulevard
Ransomware in Schools: White House Wants Action NOW
Richi Jennings | | Alejandro Mayorkas, Biden, Biden administration, Biden cybersecurity summit, Biden National Cybersecurity Strategy, Biden-Harris, Colorado, education, fcc, Federal Communications Commission, High school attacks, Jessica Rosenworcel, Joe Biden, K-12, K-12 Cloud Risks, K-12 Cloud Security, K-12 cybersecurity, K-12 Education, K-12 Schools, Keith Krueger, President Biden, Ransomware, SB Blogwatch, school, Schools, U.S. Federal Communications Commission, White House
Don’t make me tap the sign: Biden administration hosts summit; bangs heads together from government, school districts and industry ...
Security Boulevard
How to Get Unlimited Airline Miles: Researchers Find the Cheat Codes
Richi Jennings | | air miles, airline, airline apps, Airlines, frequent flyer, Hotel Cybersecurity, hotels, Points, Points.com, SB Blogwatch
That’s not supposed to happen: Three ethical hackers found five huge bugs in Points.com ...
Security Boulevard
8 Black Hat sessions you don’t want to miss
Now in its 27th year, the Black Hat USA conference has grown into one of the biggest and most prestigious cybersecurity shows in the world — a showcase for top security experts ...
Microsoft is a “Strategic Problem in the Security Space,” Says CEO
Richi Jennings | | Amit Yoran, azure, Azure Active Directory, Azure AD, Azure security, Microsoft, Microsoft Azure, Microsoft Azure Active Directory, Microsoft Azure Security, SB Blogwatch, Tenable
Fist of FAIL: Tenable CEO Amit Yoran has had enough—and he’s not gonna take it anymore. Satya Nadella (pictured) can’t be happy ...
Security Boulevard
‘China’ Azure Breach: MUCH Worse Than Microsoft Said
Richi Jennings | | Active Directory, Authentication, azure, Azure Active Directory, Azure AD, Entra ID, Exchange, Microsoft, Microsoft Azure, Microsoft Azure Active Directory, Microsoft Azure Security, OpenID, Outlook.com, SB Blogwatch, Storm-0558, Wiz
Storm-0558 Breaks: Satya and Pooh, sitting in a tree, K.I.S.S.I.N.G ...
Security Boulevard
CISA Warning: MOVEit Has Yet Another Zero-Day SQL Injection RCE Bug [updated]
Richi Jennings | | CL0P, Cl0p Ransomware, clop, clop-ransomware, CVE-2023-34362, CVE-2023-35036, CVE-2023-35708, MOVEit Cloud, MOVEit Transfer, MOVEit Transfer Zero Day, Progress Software, Ransomware, SB Blogwatch, sql injection, SQL injection attack, SQL injection attacks, sql injection prevention, SQL Injection Vulnerabilities, SQL injections
Once is happenstance. Twice is coincidence. Three times is sheer incompetence ...
Security Boulevard
Has the Altruism Model of Open Source Security Peaked?
With an executive order, the Biden administration attempted to address concerns around open source software’s security. In Section 4 of Executive Order 14028, Improving the Nation’s Cybersecurity, open source and the software ...
Security Boulevard