Hot Topics

Most Read This Week

ķ≠k

KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again

| | IDN, IDN homograph phishing, internationalized domain names, KeePass, Punycode, SB Blogwatch
Mote below k: Not only malvertising, but also “verified by Google.” ...
Security Boulevard
The Golden Gate Bridge, under an blood-red sky

Cisco Zero-Day: As Bad as it Gets — and No Fix 4 Weeks in

| | 0-day, 0-day exploits, 0-day vulnerability, 0day, cisco, Cisco IOS XE, CVE-2023-20198, SB Blogwatch, Zero Day Attacks, zero-day, Zero-Day Bug, Zero-day Exploit, zero-day exploits, zero-day flaw, zero-day flaws, zero-day threat, zero-day vulnerabilities, Zero-day Vulnerability, zero-days, zeroday, zerodayvulnerabilities
Keeping us in suspense—It doesn’t get worse than this: CVE-2023-20198 is CVSS=10 ...
Security Boulevard
A caricature of Elon Musk

Elon’s CSAM FAIL: Twitter Fined by Australian Govt.

| | Australia, Australian Government, Child Abuse, child exploitation, Child Online Safety, child porn, child pornography, Child protection, Child Safety, child security online, child sexual exploitation, childpornography, CSAM, Digital Trust and Safety, Elon Musk, elon musk twitter, eSafety Commission, grooming, Julie Inman Grant, Linda Yaccarino, SB Blogwatch, trust and safety, Twitter, X
Straya strikes back: Musk’s mob declines to answer questions, breaking law dunundah ...
Security Boulevard
November 25 is the international day against domestic violence

Stalking: Fear of Apple AirTag ‘Explodes’ — Lawsuit Momentum Grows

| | AirTag, AirTags, Apple, Apple AirTag, cyberstalking, Digital Stalking, Find My iPhone, SB Blogwatch, Stalkerware, Stalking, Stalkware, Tracker Detect, trackers
This is why we can’t have nice things: 38 victims of Apple’s “negligence” named in amended class action ...
Security Boulevard
A small bunch of keys on a stark, white background

Google Pushes ‘Passkeys’ Plan — but it’s Too Soon for Mass Rollout

| | 2 factor auth, 2-fa authentication, 2-factor authentication, 2fa, 2FA Authenticator, 2FA/MFA, advanced authentication, auth, Authentication, biometric, biometric authentication, biometric identification, biometric security, biometrics, biometrics authentication, Biometrics-Based Authentication, FIDO, FIDO Alliance, FIDO2, google, MFA, MFA rollout, Multi-Factor Authentication (MFA), Passkeys, passwordless, , passwordless-authentication, PKI-based passwordless authentication, SB Blogwatch, two-factor-authentication.2fa, WebAuthn
FIDO FAIL: “Killing passwords” is a worthy goal—but is coercion the best way? ...
Security Boulevard
A 3D render of a DNA strand

Huge DNA PII Leak: 23andMe Must Share the Blame

| | 23andMe, Compromised Credential, compromised credentials, compromised credentials monitoring, Credential Compromise, Credential Management and Enforcement for ICS/SCADA environments, credential replay attacks, credential reuse, credential stuffing, credential stuffing attack, Credential Stuffing Attacks, DEVOPS, DevSecOps, DNA, GDPR, iam, password reuse, pii, PII Leakage, SB Blogwatch
DNA: Do Not Agree. 23andMe says it’s not a breach—just credential stuffing. I’m not so sure ...
Security Boulevard
Three iPhone 15s sit on a wicker table, with the words “PATCH NOW!” macro’ed on top

iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain

| | Apple, Apple iPhone, Apple zero-day, CVE-2023-42824, CVE-2023-5217, iOS 7, iPadOS Vulnerability, iPhone, iPhone and iPad, iphone update, SB Blogwatch, Zero Day Attacks, zero-day vulnerabilities, Zero-day Vulnerability, zero-days
Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug) ...
Security Boulevard
A tailor’s dummy hand is separated from its arm

Broken ARM: Mali Malware Pwns Phones

| | android, ARM, CVE-2023-33200, CVE-2023-34970, CVE-2023-4211, GPU, hardware supply chain, Linux, Mali, open source software supply chain, SB Blogwatch, software supply chain, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...
Security Boulevard
U.S. Army general Paul Nakasone, head of the National Security Agency and U.S. Cyber Command

Don’t Say ‘Skynet’ — NSA’s AI Security Center is New Hub for Agency Efforts

| | AI, AI (Artificial Intelligence), AI Security, AI Security Center, artificial, Artificial Intelligence, Artificial Intelligence (AI), Artificial Intelligence (AI)/Machine Learning (ML), Artificial Intelligence Cybersecurity, Cyber Command, cybersecurity risks of generative ai, Gen. Paul Nakasone, generative AI, Generative AI risks, large language models, Large Language Models (LLM), Large language models (LLMs), LLM, LLMs, machine learnings, National Security Agency, nsa, SB Blogwatch, Security Machine Learning, U.S. Cyber Command, U.S. National Security Agency, US Cyber Command, USMC Forces Cyber Command
COME WITH ME IF YOU WANT TO LIVE: Nothing suspicious to see here—move along ...
Security Boulevard
a PRC flag flies in a stiff breeze

China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?

| | BlackTech, CCP, china, china espionage, cisa, cisco, FBI, hong kong, Japan, nsa, Peoples Republic of China, SB Blogwatch, Taiwan
TTP: IOS EEM CLI BBQ LOL—FBI, NSA, CISA join Japan’s NISC to warn of espionage group linked to Chinese Communist Party ...
Security Boulevard
Load more