Hot Topics

Security Operations

ķ≠k

KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again

| | IDN, IDN homograph phishing, internationalized domain names, KeePass, Punycode, SB Blogwatch
Mote below k: Not only malvertising, but also “verified by Google.” ...
Security Boulevard
A caricature of Elon Musk

Elon’s CSAM FAIL: Twitter Fined by Australian Govt.

| | Australia, Australian Government, Child Abuse, child exploitation, Child Online Safety, child porn, child pornography, Child protection, Child Safety, child security online, child sexual exploitation, childpornography, CSAM, Digital Trust and Safety, Elon Musk, elon musk twitter, eSafety Commission, grooming, Julie Inman Grant, Linda Yaccarino, SB Blogwatch, trust and safety, Twitter, X
Straya strikes back: Musk’s mob declines to answer questions, breaking law dunundah ...
Security Boulevard
A small bunch of keys on a stark, white background

Google Pushes ‘Passkeys’ Plan — but it’s Too Soon for Mass Rollout

| | 2 factor auth, 2-fa authentication, 2-factor authentication, 2fa, 2FA Authenticator, 2FA/MFA, advanced authentication, auth, Authentication, biometric, biometric authentication, biometric identification, biometric security, biometrics, biometrics authentication, Biometrics-Based Authentication, FIDO, FIDO Alliance, FIDO2, google, MFA, MFA rollout, Multi-Factor Authentication (MFA), Passkeys, passwordless, , passwordless-authentication, PKI-based passwordless authentication, SB Blogwatch, two-factor-authentication.2fa, WebAuthn
FIDO FAIL: “Killing passwords” is a worthy goal—but is coercion the best way? ...
Security Boulevard
A 3D render of a DNA strand

Huge DNA PII Leak: 23andMe Must Share the Blame

| | 23andMe, Compromised Credential, compromised credentials, compromised credentials monitoring, Credential Compromise, Credential Management and Enforcement for ICS/SCADA environments, credential replay attacks, credential reuse, credential stuffing, credential stuffing attack, Credential Stuffing Attacks, DEVOPS, DevSecOps, DNA, GDPR, iam, password reuse, pii, PII Leakage, SB Blogwatch
DNA: Do Not Agree. 23andMe says it’s not a breach—just credential stuffing. I’m not so sure ...
Security Boulevard
a PRC flag flies in a stiff breeze

China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?

| | BlackTech, CCP, china, china espionage, cisa, cisco, FBI, hong kong, Japan, nsa, Peoples Republic of China, SB Blogwatch, Taiwan
TTP: IOS EEM CLI BBQ LOL—FBI, NSA, CISA join Japan’s NISC to warn of espionage group linked to Chinese Communist Party ...
Security Boulevard
Sony PlayStation 2 detail, showing the RESET button

‘All of Sony’ Hacked, Claims Ransomed.vc Group

| | CISO, Ransomed.vc, Ransomware, SB Blogwatch, Sony
Hackers Play in Sony’s World: If true, Sony might have to push the RESET button (again) ...
Security Boulevard
The Google WebP logo

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

| | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
The classic sign: “Welcome to fabulous Las Vegas, Nevada” all lit up in neon

What Happens in Vegas: MGM Resorts ‘Ransomware’ Attack

| | casino, casinos, las vegas, MGM Resorts, Ransomware, SB Blogwatch, Vegas
You’re welcome to it. Not happening in Vegas: 12 hotels and casinos—nor in many more elsewhere, neither ...
Security Boulevard
A man has fallen asleep on top of his books and papers

‘BLASTPASS’ iPhone Exploit — Apple Asleep at the Switch

| | Apple, BLASTPASS, Citizen Lab, FaceTime, FaceTime bug, imessage, ios, iPhone, NSO, NSO Group, Pegasus, Pegasus Spyware, Privacy, SB Blogwatch
Zero click, zero day, zero clue: Yet another iOS zero-day lets NSO’s Pegasus “mercenary spyware” cause chaos ...
Security Boulevard
A lemur stares back at you, with a shocked expression

Sourcegraph’s Shocking Screwup: Private Secrets in Public Repo

| | AI, authentication token, compromised credentials, credential replay attacks, large language models, Large Language Models (LLM), Large language models (LLMs), LLM, pii, PII Leakage, Run-time Secrets Protection, SB Blogwatch, secret, secret key, secret keys, secret management, secrets scanning, Sourcegraph
Credentials create crisis: AI source code navigation LLM leaks PII after DevOps SNAFU ...
Security Boulevard
Load more