Hot Topics

Software Supply Chain Security

ķ≠k

KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again

| | IDN, IDN homograph phishing, internationalized domain names, KeePass, Punycode, SB Blogwatch
Mote below k: Not only malvertising, but also “verified by Google.” ...
Security Boulevard
Three iPhone 15s sit on a wicker table, with the words “PATCH NOW!” macro’ed on top

iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain

| | Apple, Apple iPhone, Apple zero-day, CVE-2023-42824, CVE-2023-5217, iOS 7, iPadOS Vulnerability, iPhone, iPhone and iPad, iphone update, SB Blogwatch, Zero Day Attacks, zero-day vulnerabilities, Zero-day Vulnerability, zero-days
Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug) ...
Security Boulevard
A tailor’s dummy hand is separated from its arm

Broken ARM: Mali Malware Pwns Phones

| | android, ARM, CVE-2023-33200, CVE-2023-34970, CVE-2023-4211, GPU, hardware supply chain, Linux, Mali, open source software supply chain, SB Blogwatch, software supply chain, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...
Security Boulevard
Ahmed El-Tantawy

More iOS Zero-Days, More Mercenary Spyware — This Time: Cytrox Predator

| | 0day, Ahmed Eltantawy, Apple iOS, Apple zero-day, Citizen Lab, CVE-2023-41991, CVE-2023-41992, CVE-2023-41993, CVE-2023-4762, Cytrox, egypt, Google Project Zero, ios, iOS spyware, Predator spyware, Privacy, Sandvine, SB Blogwatch, spyware, Vodafone, Vodafone Egypt
Apple Scrambled to Fix 3 More CVEs: Egyptian opposition presidential candidate Ahmed Eltantawy targeted “by the government ...
Security Boulevard
The Google WebP logo

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

| | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
A man has fallen asleep on top of his books and papers

‘BLASTPASS’ iPhone Exploit — Apple Asleep at the Switch

| | Apple, BLASTPASS, Citizen Lab, FaceTime, FaceTime bug, imessage, ios, iPhone, NSO, NSO Group, Pegasus, Pegasus Spyware, Privacy, SB Blogwatch
Zero click, zero day, zero clue: Yet another iOS zero-day lets NSO’s Pegasus “mercenary spyware” cause chaos ...
Security Boulevard
Two old vehicles rust away in a junkyard

This SUCKS: ‘Cars Are a Privacy Nightmare,’ Mozilla Fumes

| | automaker, Car, cars, cellular IoT, cellular IoT security, Connected Cars, Consumer IoT, Internet of things, Internet of Things (IoT), Internet of Things (IoT) Security, Internet of Things cyber security, iot, Mozilla, Mozilla Foundation, New Cars, Privacy, Privacy4Cars, SB Blogwatch, vehicle, vehicle cybersecurity, vehicle OTAs
IoT cars considered harmful: Own a car? Care about your privacy? Mozilla Foundation has bad news for you ...
Security Boulevard
A lemur stares back at you, with a shocked expression

Sourcegraph’s Shocking Screwup: Private Secrets in Public Repo

| | AI, authentication token, compromised credentials, credential replay attacks, large language models, Large Language Models (LLM), Large language models (LLMs), LLM, pii, PII Leakage, Run-time Secrets Protection, SB Blogwatch, secret, secret key, secret keys, secret management, secrets scanning, Sourcegraph
Credentials create crisis: AI source code navigation LLM leaks PII after DevOps SNAFU ...
Security Boulevard
A phone home screen shows Signal and Telegram app icons

BadBazaar: Chinese Spyware Shams Signal, Telegram Apps

| | android, android spyware, APT15, BadBazaar, Flygram, google, Google Play Incompetence, Google Play Store, GREF, Lukas Stefanko, Nickel, Samsung, SB Blogwatch, signal, Signal Plus Messenger, spyware, Telegram, Vixen Panda
After sneaking into Google and Samsung app stores, “GREF” APT targets Uyghurs and other PRC minorities ...
Security Boulevard
a little teapot, short and stout

Lapsus$ Jury Says Teen Duo Did Do Crimes

| | Arion Kurtaj, Grand Theft Auto, Lapsus$, Ransomware, Rockstar Games, SB Blogwatch, Strawberry Tempest
Arion Kurtaj and anon minor: Part of group that hacked Uber, Nvidia, Microsoft, Rockstar Games and many more ...
Security Boulevard
Load more