Zero-Trust
KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again
Richi Jennings | | IDN, IDN homograph phishing, internationalized domain names, KeePass, Punycode, SB Blogwatch
Mote below k: Not only malvertising, but also “verified by Google.” ...
Security Boulevard
Cisco Zero-Day: As Bad as it Gets — and No Fix 4 Weeks in
Richi Jennings | | 0-day, 0-day exploits, 0-day vulnerability, 0day, cisco, Cisco IOS XE, CVE-2023-20198, SB Blogwatch, Zero Day Attacks, zero-day, Zero-Day Bug, Zero-day Exploit, zero-day exploits, zero-day flaw, zero-day flaws, zero-day threat, zero-day vulnerabilities, Zero-day Vulnerability, zero-days, zeroday, zerodayvulnerabilities
Keeping us in suspense—It doesn’t get worse than this: CVE-2023-20198 is CVSS=10 ...
Security Boulevard
Stalking: Fear of Apple AirTag ‘Explodes’ — Lawsuit Momentum Grows
Richi Jennings | | AirTag, AirTags, Apple, Apple AirTag, cyberstalking, Digital Stalking, Find My iPhone, SB Blogwatch, Stalkerware, Stalking, Stalkware, Tracker Detect, trackers
This is why we can’t have nice things: 38 victims of Apple’s “negligence” named in amended class action ...
Security Boulevard
Managing a World-Class Security Program in a Recession
James Christiansen | | CISO leadership, cost management, economic, employee security, risk management, security
As signs of a global recession continue to pile up, many businesses are tightening their spending across the board. Though cybersecurity remains a critical concern for virtually every type of organization, even ...
Security Boulevard
Google Pushes ‘Passkeys’ Plan — but it’s Too Soon for Mass Rollout
Richi Jennings | | 2 factor auth, 2-fa authentication, 2-factor authentication, 2fa, 2FA Authenticator, 2FA/MFA, advanced authentication, auth, Authentication, biometric, biometric authentication, biometric identification, biometric security, biometrics, biometrics authentication, Biometrics-Based Authentication, FIDO, FIDO Alliance, FIDO2, google, MFA, MFA rollout, Multi-Factor Authentication (MFA), Passkeys, passwordless, passwordless login, passwordless-authentication, PKI-based passwordless authentication, SB Blogwatch, two-factor-authentication.2fa, WebAuthn
FIDO FAIL: “Killing passwords” is a worthy goal—but is coercion the best way? ...
Security Boulevard
Huge DNA PII Leak: 23andMe Must Share the Blame
Richi Jennings | | 23andMe, Compromised Credential, compromised credentials, compromised credentials monitoring, Credential Compromise, Credential Management and Enforcement for ICS/SCADA environments, credential replay attacks, credential reuse, credential stuffing, credential stuffing attack, Credential Stuffing Attacks, DEVOPS, DevSecOps, DNA, GDPR, iam, password reuse, pii, PII Leakage, SB Blogwatch
DNA: Do Not Agree. 23andMe says it’s not a breach—just credential stuffing. I’m not so sure ...
Security Boulevard
iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain
Richi Jennings | | Apple, Apple iPhone, Apple zero-day, CVE-2023-42824, CVE-2023-5217, iOS 7, iPadOS Vulnerability, iPhone, iPhone and iPad, iphone update, SB Blogwatch, Zero Day Attacks, zero-day vulnerabilities, Zero-day Vulnerability, zero-days
Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug) ...
Security Boulevard
Broken ARM: Mali Malware Pwns Phones
Richi Jennings | | android, ARM, CVE-2023-33200, CVE-2023-34970, CVE-2023-4211, GPU, hardware supply chain, Linux, Mali, open source software supply chain, SB Blogwatch, software supply chain, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...
Security Boulevard
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?
Richi Jennings | | BlackTech, CCP, china, china espionage, cisa, cisco, FBI, hong kong, Japan, nsa, Peoples Republic of China, SB Blogwatch, Taiwan
TTP: IOS EEM CLI BBQ LOL—FBI, NSA, CISA join Japan’s NISC to warn of espionage group linked to Chinese Communist Party ...
Security Boulevard
‘All of Sony’ Hacked, Claims Ransomed.vc Group
Hackers Play in Sony’s World: If true, Sony might have to push the RESET button (again) ...
Security Boulevard