Huge DNA PII Leak: 23andMe Must Share the Blame
Richi Jennings | | 23andMe, Compromised Credential, compromised credentials, compromised credentials monitoring, Credential Compromise, Credential Management and Enforcement for ICS/SCADA environments, credential replay attacks, credential reuse, credential stuffing, credential stuffing attack, Credential Stuffing Attacks, DEVOPS, DevSecOps, DNA, GDPR, iam, password reuse, pii, PII Leakage, SB Blogwatch
DNA: Do Not Agree. 23andMe says it’s not a breach—just credential stuffing. I’m not so sure ... Read More
Google, Yahoo to Put Tighter Spam Restrictions on Bulk Senders
Email giants Google and Yahoo are putting tighter requirements on bulk email senders in hopes of reducing the massive amounts of spam that hammer inboxes every day and deflecting the phishing and other cyberthreats that hide within it. Google’s AI-enabled email defense systems every day block almost 15 billion unwanted ... Read More
iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain
Richi Jennings | | Apple, Apple iPhone, Apple zero-day, CVE-2023-42824, CVE-2023-5217, iOS 7, iPadOS Vulnerability, iPhone, iPhone and iPad, iphone update, SB Blogwatch, Zero Day Attacks, zero-day vulnerabilities, Zero-day Vulnerability, zero-days
Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug) ... Read More
CISA and NSA Offer MFA and SSO Guidelines for Developers, Vendors
Developers and tech vendors need to improve multifactor authentication (MFA) and single sign-on (SSO) tools and make them easier for organizations to use to reduce the threat of phishing, password spraying, and similar cyberattacks, according to the nation’s largest cybersecurity agencies. The Cybersecurity and Infrastructure Security Agency (CISA) and National ... Read More
Two Campaigns Drop Malicious Packages into NPM
The popular NPM code registry continues to be a target of bad actors looking to sneak their malicious packages into open-source code used by software developers. Researchers with Fortinet’s FortiGuard Labs this week said they found almost three dozen malicious packages in the registry that contain scripts that make them ... Read More
AWS’ MadPot Honeypot Operation Corrals Threat Actors
Engineers with Amazon Web Services more than a decade ago began developing tools to better collect intelligence on the cyberthreats coming into the giant cloud provider’s IT environment Fast forward to now, and AWS’s sophisticated suite of tools – called MadPot – comprises myriad monitoring sensors and automated response features ... Read More
Broken ARM: Mali Malware Pwns Phones
Richi Jennings | | android, ARM, CVE-2023-33200, CVE-2023-34970, CVE-2023-4211, GPU, hardware supply chain, Linux, Mali, open source software supply chain, SB Blogwatch, software supply chain, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ... Read More
Don’t Say ‘Skynet’ — NSA’s AI Security Center is New Hub for Agency Efforts
Richi Jennings | | AI, AI (Artificial Intelligence), AI Security, AI Security Center, artificial, Artificial Intelligence, Artificial Intelligence (AI), Artificial Intelligence (AI)/Machine Learning (ML), Artificial Intelligence Cybersecurity, Cyber Command, cybersecurity risks of generative ai, Gen. Paul Nakasone, generative AI, Generative AI risks, large language models, Large Language Models (LLM), Large language models (LLMs), LLM, LLMs, machine learnings, National Security Agency, nsa, SB Blogwatch, Security Machine Learning, U.S. Cyber Command, U.S. National Security Agency, US Cyber Command, USMC Forces Cyber Command
COME WITH ME IF YOU WANT TO LIVE: Nothing suspicious to see here—move along ... Read More
CISA Rolls Out a HBOM Framework to Secure Hardware Components
The federal government for the past few years has focused on protecting the software supply chain in the wake of such high-profile incidents as the SolarWinds hack in 2020 and the Log4j vulnerability a year later. A key part of that has been software bills-of-materials (SBOMs), an inventory of the ... Read More
Lawsuit Filed Against Google, Meta, H&R Block for Sharing Taxpayer Data
Meta, Google, and giant tax preparer H&R Block are being accused of conspiring to illegally use spyware from the tech giants to collect and share tax return information from hundreds of taxpayers that could be used to generate targeted online ads. The three companies – along with Google parent Alphabet ... Read More