Hot Topics

Securing Open Source

ķ≠k

KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again

| | IDN, IDN homograph phishing, internationalized domain names, KeePass, Punycode, SB Blogwatch
Mote below k: Not only malvertising, but also “verified by Google.” ...
Security Boulevard
Three iPhone 15s sit on a wicker table, with the words “PATCH NOW!” macro’ed on top

iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain

| | Apple, Apple iPhone, Apple zero-day, CVE-2023-42824, CVE-2023-5217, iOS 7, iPadOS Vulnerability, iPhone, iPhone and iPad, iphone update, SB Blogwatch, Zero Day Attacks, zero-day vulnerabilities, Zero-day Vulnerability, zero-days
Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug) ...
Security Boulevard
The Google WebP logo

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

| | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
Google Android malware

Google Kills 3rd-Party Cookies — but Monopolizes AdTech

| | adtech, Advertising, Advertising and AdTech, adverts, cookie, Cookie Consent, cookieconsent, cookies, FLEDGE, FLoC, Privacy, Privacy Sandbox, SB Blogwatch, Topics, tracking cookies, web cookie
Firefox looking good right now: “Privacy Sandbox” criticized as a proprietary, hypocritical, anti-competitive, self-serving contradiction ...
Security Boulevard
A phone home screen shows Signal and Telegram app icons

BadBazaar: Chinese Spyware Shams Signal, Telegram Apps

| | android, android spyware, APT15, BadBazaar, Flygram, google, Google Play Incompetence, Google Play Store, GREF, Lukas Stefanko, Nickel, Samsung, SB Blogwatch, signal, Signal Plus Messenger, spyware, Telegram, Vixen Panda
After sneaking into Google and Samsung app stores, “GREF” APT targets Uyghurs and other PRC minorities ...
Security Boulevard
DHS secretary Alejandro Mayorkas

Teenage Hackers Must be Stopped: US DHS’s CSRB Report

| | 2 factor auth, 2-factor authentication, 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA policies, 2FA/MFA, cellphone fraud, CSRB, Cyber Safety Review Board, Department of Homeland Security, DHS, DUAL FACTOR AUTHENTICATION, factor auth, homeland security, Homeland Security Presidential Directive, homelandsecurity, Lapsus$, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, two factor authentication, U.S. Department of Homeland Security, United States Department of Homeland Security, US Homeland Security
2FA SMS FAIL: Lapsus$ social engineers exploited weak two-factor authentication. Something must be done! (Well, this is something.) ...
Security Boulevard
OpenText OCSF WhiteSource Log4j window Proofpoint Open Source Security

Has the Altruism Model of Open Source Security Peaked?

| | executive order, maintainers, open source, Open Source Security, OSS, rsac
With an executive order, the Biden administration attempted to address concerns around open source software’s security. In Section 4 of Executive Order 14028, Improving the Nation’s Cybersecurity, open source and the software ...
Security Boulevard
FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch

FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch

| | 2fa, 2FA apps, 2FA Authenticator, 2FA Flaws, 2FA/MFA, Google Authenticator, Google authenticator app, iam, Multi-Factor Authentication (MFA), OTP, SB Blogwatch, two-factor-authentication.2fa
2FA OTP ASAP? Google Authenticator app now syncs your secrets: No stress if you break your phone ...
Security Boulevard
Governments Try to Ban Encryption (Yet Again)

Governments Try to Ban Encryption (Yet Again)

| | Child Abuse, child exploitation, child porn, child pornography, child sexual exploitation, CSAM, encryption, end-to-end encryption, SB Blogwatch, signal, Threema, WhatsApp, Won’t somebody think of the children?
Déjà vu: Yet again, they’re tugging on the “think of the children” strings. But you can’t make math illegal ...
Security Boulevard
Drop Everything: Update Chrome NOW — 0-Day Exploit in Wild

Drop Everything: Update Chrome NOW — 0-Day Exploit in Wild

| | Chrome, Chromium, CVE-2023-2033, google, Google Chrome, SB Blogwatch, Type Confusion
It’s Help|About Time: Chrome’s “V8” JavaScript engine has high-severity vuln. Scrotes already exploiting it ...
Security Boulevard
Load more