Securing Open Source
KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again
Richi Jennings | | IDN, IDN homograph phishing, internationalized domain names, KeePass, Punycode, SB Blogwatch
Mote below k: Not only malvertising, but also “verified by Google.” ...
Security Boulevard
iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain
Richi Jennings | | Apple, Apple iPhone, Apple zero-day, CVE-2023-42824, CVE-2023-5217, iOS 7, iPadOS Vulnerability, iPhone, iPhone and iPad, iphone update, SB Blogwatch, Zero Day Attacks, zero-day vulnerabilities, Zero-day Vulnerability, zero-days
Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug) ...
Security Boulevard
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
Richi Jennings | | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
Google Kills 3rd-Party Cookies — but Monopolizes AdTech
Richi Jennings | | adtech, Advertising, Advertising and AdTech, adverts, cookie, Cookie Consent, cookieconsent, cookies, FLEDGE, FLoC, Privacy, Privacy Sandbox, SB Blogwatch, Topics, tracking cookies, web cookie
Firefox looking good right now: “Privacy Sandbox” criticized as a proprietary, hypocritical, anti-competitive, self-serving contradiction ...
Security Boulevard
BadBazaar: Chinese Spyware Shams Signal, Telegram Apps
Richi Jennings | | android, android spyware, APT15, BadBazaar, Flygram, google, Google Play Incompetence, Google Play Store, GREF, Lukas Stefanko, Nickel, Samsung, SB Blogwatch, signal, Signal Plus Messenger, spyware, Telegram, Vixen Panda
After sneaking into Google and Samsung app stores, “GREF” APT targets Uyghurs and other PRC minorities ...
Security Boulevard
Teenage Hackers Must be Stopped: US DHS’s CSRB Report
Richi Jennings | | 2 factor auth, 2-factor authentication, 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA policies, 2FA/MFA, cellphone fraud, CSRB, Cyber Safety Review Board, Department of Homeland Security, DHS, DUAL FACTOR AUTHENTICATION, factor auth, homeland security, Homeland Security Presidential Directive, homelandsecurity, Lapsus$, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, two factor authentication, U.S. Department of Homeland Security, United States Department of Homeland Security, US Homeland Security
2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.) ...
Security Boulevard
Has the Altruism Model of Open Source Security Peaked?
With an executive order, the Biden administration attempted to address concerns around open source software’s security. In Section 4 of Executive Order 14028, Improving the Nation’s Cybersecurity, open source and the software ...
Security Boulevard
FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch
Richi Jennings | | 2fa, 2FA apps, 2FA Authenticator, 2FA Flaws, 2FA/MFA, Google Authenticator, Google authenticator app, iam, Multi-Factor Authentication (MFA), OTP, SB Blogwatch, two-factor-authentication.2fa
2FA OTP ASAP? Google Authenticator app now syncs your secrets: No stress if you break your phone ...
Security Boulevard
Governments Try to Ban Encryption (Yet Again)
Richi Jennings | | Child Abuse, child exploitation, child porn, child pornography, child sexual exploitation, CSAM, encryption, end-to-end encryption, SB Blogwatch, signal, Threema, WhatsApp, Won’t somebody think of the children?
Déjà vu: Yet again, they’re tugging on the “think of the children” strings. But you can’t make math illegal ...
Security Boulevard
Drop Everything: Update Chrome NOW — 0-Day Exploit in Wild
Richi Jennings | | Chrome, Chromium, CVE-2023-2033, google, Google Chrome, SB Blogwatch, Type Confusion
It’s Help|About Time: Chrome’s “V8” JavaScript engine has high-severity vuln. Scrotes already exploiting it ...
Security Boulevard