home.social
Sign in Create account

#sbblogwatch — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sbblogwatch, aggregated by home.social.

  1. Richi Jennings @[email protected] ·

    Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker.

    The former head of #L3Harris​’s #Trenchant “offensive cyber” division has admitted to stealing a weapons-grade exploit chain worth $35 million and then selling it for personal gain. The feds charged #PeterWilliams last week—and this week he’s decided to ’fess up.

    The company’s not on trial, but the story raises important questions about the national security risks of outsourcing such weaponry. In #SBBlogwatch, we go out with a whimper.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/10/ $LHX

    #l3harris #trenchant #peterwilliams #sbblogwatch
  2. Richi Jennings @[email protected] ·

    Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker.

    The former head of #L3Harris​’s #Trenchant “offensive cyber” division has admitted to stealing a weapons-grade exploit chain worth $35 million and then selling it for personal gain. The feds charged #PeterWilliams last week—and this week he’s decided to ’fess up.

    The company’s not on trial, but the story raises important questions about the national security risks of outsourcing such weaponry. In #SBBlogwatch, we go out with a whimper.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/10/ $LHX

    #l3harris #trenchant #peterwilliams #sbblogwatch
  3. Richi Jennings @[email protected] ·

    Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker.

    The former head of #L3Harris​’s #Trenchant “offensive cyber” division has admitted to stealing a weapons-grade exploit chain worth $35 million and then selling it for personal gain. The feds charged #PeterWilliams last week—and this week he’s decided to ’fess up.

    The company’s not on trial, but the story raises important questions about the national security risks of outsourcing such weaponry. In #SBBlogwatch, we go out with a whimper.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/10/ $LHX

    #l3harris #trenchant #peterwilliams #sbblogwatch
  4. Richi Jennings @[email protected] ·

    Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker.

    The former head of #L3Harris​’s #Trenchant “offensive cyber” division has admitted to stealing a weapons-grade exploit chain worth $35 million and then selling it for personal gain. The feds charged #PeterWilliams last week—and this week he’s decided to ’fess up.

    The company’s not on trial, but the story raises important questions about the national security risks of outsourcing such weaponry. In #SBBlogwatch, we go out with a whimper.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/10/ $LHX

    #sbblogwatch #peterwilliams #trenchant #l3harris
  5. Richi Jennings @[email protected] ·

    Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker.

    The former head of #L3Harris​’s #Trenchant “offensive cyber” division has admitted to stealing a weapons-grade exploit chain worth $35 million and then selling it for personal gain. The feds charged #PeterWilliams last week—and this week he’s decided to ’fess up.

    The company’s not on trial, but the story raises important questions about the national security risks of outsourcing such weaponry. In #SBBlogwatch, we go out with a whimper.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/10/ $LHX

    #l3harris #trenchant #peterwilliams #sbblogwatch
  6. Richi Jennings @[email protected] ·

    Showstopper bugs with security certificates—plus failing USB keyboards and mice—cause QA questions.

    #Microsoft​’s #Windows security update rollup is badly buggy this month. Post-patch, the #WinRE recovery environment doesn’t work with most keyboards and mice. And a fix for a cryptography bypass bug is causing failures at several enterprises, requiring rollbacks or registry edits to resolve.

    It’s leading to inevitable concerns about the #Windows dev process. In #SBBlogwatch, we grab a Linux ISO.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/10/ $MSFT

    #microsoft #windows #winre #sbblogwatch
  7. Richi Jennings @[email protected] ·

    #JaguarLandRover woes worse than previously thought.

    The iconic British brand today warned its business would stay stalled for even longer. And a loose confederation of threat actors, now calling itself Scattered Lapsus$ Hunters, has claimed responsibility for hacking the big car firm—via tedious Telegram trolling.

    Yes, it’s those Salesforce vish kiddies again. In #SBBlogwatch, we drive the point home.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/09/

    #jaguarlandrover #sbblogwatch
  8. Richi Jennings @[email protected] ·

    “Like an arsonist selling firefighting services,” quips this 76-year-old.

    U.S. senator #RonWyden (pictured) is demanding the #FTC do something about #Microsoft already. He says Satya’s crew are to blame for some awful #ransomware attacks exploiting a vulnerability that’s more than 10 years old.

    Known as #Kerberoasting, the exploit affects #ActiveDirectory installs that aren’t configured to modern specs. In #SBBlogwatch, we wonder where to point fingers: securityboulevard.com/2025/09/

    #ronwyden #ftc #microsoft #ransomware #kerberoasting #activedirectory
  9. Richi Jennings @[email protected] ·

    Restaurant Brands International (RBI) “assistant” platform riddled with terrible #security flaws.

    A pair of ethical hackers discovered a bunch of “catastrophic” vulns in the code running 30,000 #BurgerKing, #TimHortons, #Popeyes and #FirehouseSubs locations. Owner #RBI quickly fixed the flaws, but then its contractor #Cyble issued a sus-seeming #DMCA takedown notice.

    Tale as old as time: Poor, unfortunate $8½ billion corporation vs. evil, vindictive, millennial hackers. In #SBBlogwatch, we rule.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/09/

    #security #burgerking #timhortons #popeyes #firehousesubs #rbi
  10. Richi Jennings @[email protected] ·

    #MobileFortify: Liberty’s existential threat, or sensible way to ID illegal immigrants?

    U.S. Immigration and Customs Enforcement (ICE) agents are using a new phone app: Mobile Fortify puts “instant, #AI powered” #FacialRecognition in their hands. What could possibly go wrong?

    A major risk is inaccurate recognition. In #SBBlogwatch, the French want their statue back.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/06/

    #mobilefortify #ai #facialrecognition #sbblogwatch
  11. Richi Jennings @[email protected] ·

    Won’t somebody PLEASE think of the children?

    President #Trump will reprieve #TikTok a third time, despite concerns about #security, press freedom and child safety. The White House says he’ll sign yet another executive order preventing enforcement of #PAFACA—the Protecting Americans from Foreign Adversary Controlled Applications Act.

    As you might remember, he first did this way back in January. In #SBBlogwatch, we turn the page for you.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/06/ #PAFACA

    #trump #tiktok #security #pafaca #sbblogwatch
  12. Richi Jennings @[email protected] ·

    We were warned this would happen. And now here we are.

    United Natural Foods ($UNFI) has had to switch off systems after a cyberattack, crippling its operations. This is a huge deal, because #UNFI is a big part of the grocery distribution network in the U.S. and Canada.

    Once again, it looks like the work of #UNC3944, a/k/a #ScatteredSpider. In #SBBlogwatch, we hoard canned goods.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/06/

    #unfi #unc3944 #scatteredspider #sbblogwatch
  13. Richi Jennings @[email protected] ·

    #Zuckerberg’s privacy pledge revealed as ineffectual

    Millions of websites are leaking your private information to #Meta, the parent company of #Facebook, #Instagram, etc. By hacking #Android browser features in ways that were never intended, Meta is tracking you all the way around the web—with no disclosure nor oversight.

    Incognito mode doesn’t stop it; neither does blocking 3rd-party cookies. Russian social giant #Yandex is doing it too.

    As soon as researchers disclosed the #LocalMess problem, Meta stopped it—for now. In #SBBlogwatch, we go live in a cave.

    securityboulevard.com/2025/06/

    #zuckerberg #meta #facebook #instagram #android #yandex
  14. Richi Jennings @[email protected] ·

    Privacy-first messenger blocks #MicrosoftRecall

    #Recall, #Microsoft’s “magical” AI tool that watches everything you do, is back. But the team behind private messaging app #Signal aren’t happy about it—they’ve added a feature to stop Recall taking screenshots of your chats.

    As you might recall, Recall was initially dubbed a “#privacy disaster,” before being “delayed indefinitely.” But Microsoft tweaked and relaunched it. And in #SBBlogwatch, people aren’t entirely happy about that.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/05/

    #microsoftrecall #recall #microsoft #signal #privacy #sbblogwatch
  15. Richi Jennings @[email protected] ·

    Three major British retailers recently attacked, resulting in huge damage. Now we see the self-same scum spotlighting stores in the States.

    Google’s Mandiant threat intelligence team issued this dire warning yesterday. The scrotes appear to be #UNC3944, a/k/a #ScatteredSpider, a casual confederacy of criminals wielding #DragonForce #ransomware.

    “Shields up, U.S. retailers,” quipped Mandiant’s chief analyst. In #SBBlogwatch, we hail the Kobayashi Maru.

    @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/05/

    #unc3944 #scatteredspider #dragonforce #ransomware #sbblogwatch
  16. Richi Jennings @[email protected] ·

    Commissioner Brendan Carr (pictured) wants $4.5 million fine on #Telnyx, for enabling “illegal robocall scheme.”

    Scammers called 1,800 victims pretending to be the “FCC fraud prevention team.” This seems to have been enough to awaken the sleeping government giant and kick it into action. It proposes to fine the VoIP company alleged to be responsible for enabling the scammers, Telnyx LLC.

    But the #FCC only acted after scammers tried to scam its own staff. In #SBBlogwatch, we don’t know your customer. @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/02/

    #telnyx #fcc #sbblogwatch
  17. Richi Jennings @[email protected] ·

    Want more #SpeculativeExecution bugs? “You’re gonna be in a great mood all day.”

    #Apple’s latest three generations of #ARM ISA chips have a pair of #Spectre-like vulnerabilities. But, unlike other #SpeculativeExecution flaws, this one seems like the real deal: It could actually be exploited to steal your private info. “Four or five seconds—it’s done!”

    #Apple’s known about at least one of the bugs for TEN months. In #SBBlogwatch, we wonder why Tim’s crew did nothing about it. @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/01/ $AAPL

    #speculativeexecution #apple #arm #spectre #sbblogwatch
  18. Richi Jennings @[email protected] ·

    The Protecting Americans from Foreign Adversary Controlled Applications Act shouldn’t be enforced, orders President #Trump.

    #PAFACA, the law requiring #ByteDance to sell #TikTok, is now in force. But the U.S. president seems to have changed his mind about the ban, despite concerns about security, press freedom and child safety.

    A Day 1 executive order directs the DoJ not to enforce the law—for now. In #SBBlogwatch, we wonder why we still can’t install the app. @TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/01/

    #trump #pafaca #bytedance #tiktok #sbblogwatch
  19. Richi Jennings @[email protected] ·

    #Cariad, VW Group’s software arm, made this classic error.

    Personal data from hundreds of thousands of cars sat unsecured for about six months. #Volkswagen was keeping it in an Amazon cloud storage instance, but didn’t secure the keys.

    The big German firm ist sehr verlegen. In #SBBlogwatch, we hope for a safer 2025. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/12/

    #cariad #volkswagen #sbblogwatch
  20. Richi Jennings @[email protected] ·

    Smells like #Russia is responsible, but reality is a bit more complicated.

    #Stoli Group USA filed for #Chapter11 bankruptcy last week. But now its leaders have come out swinging: They’re blaming #ransomware hackers and the Russian regime.

    There seems to be an unspoken assumption the hackers were #Russian-state sponsored. In #SBBlogwatch, we wonder what Patsy Stone would have thought, darling. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/12/

    #russia #stoli #chapter11 #ransomware #russian #sbblogwatch
  21. Richi Jennings @[email protected] ·

    Redmond business leaders line up to say what’s new in #Windows #security.

    #Microsoft vice presidents David “dwizzzle” Weston (pictured) and Pavan Davuluri (errm, not) are among the anointed ones making noise this week. They’re telling all—about preventing a repeat of July’s #CrowdStrike débâcle.

    #MicrosoftIgnite 2024 is their nexus of (ahem) “learnings.” In #SBBlogwatch, we hunker down in the windy city. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/11/

    #windows #security #microsoft #crowdstrike #microsoftignite #sbblogwatch
  22. Richi Jennings @[email protected] ·

    #Canadian Centre for #CyberSecurity fingers #Chinese state sponsored hackers.

    #Canada⁠’s CISA equivalent calls #China⁠’s security threat “expansive and aggressive.” Beijing backed groups represent “the most sophisticated and active cyber threat to Canada,” having compromised 20 or more government networks in the past four years.

    So says a report produced by the #CCCS. In #SBBlogwatch, we stand on guard for thee. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/11/

    #canadian #cybersecurity #chinese #canada #china #cccs
  23. Richi Jennings @[email protected] ·

    No, #ChaseBank isn’t going to let you cash bad checks. It’s fraud—no matter what X and #TikTok tell you.

    JPMorganChase is catching up with thousands of alleged fraudsters who passed bad checks a few weeks back. Egged on by stupid videos on X and #TikTok that described it as a #glitch, they withdrew money on forged checks, despite it being a federal crime.

    It’s episode 82,105 of, “Don’t do what TikTok tells you.” In #SBBlogwatch, we require you to exit our grassed area. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/10/

    #chasebank #tiktok #glitch #sbblogwatch
  24. Richi Jennings @[email protected] ·

    Fake ransomware created by Russian #GRU #Unit29155 attacked #Ukraine and #NATO—a month before the full scale invasion.

    A federal grand jury has indicted five more alleged members of the #WhisperGate conspiracy. The same #Russian gang continues its #cyberwarfare to this day, we’re told.

    The U.S. Department of State is offering $10 million for leads on the perps. In #SBBlogwatch, we curate YOU. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/09/

    #gru #unit29155 #ukraine #nato #whispergate #russian
  25. Richi Jennings @[email protected] ·

    USB MFA SCA😱: #Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.

    The most widely used #FIDO2 authentication device has a nasty flaw: It can be cloned. Other uses of #YubiKey’s vulnerable Infineon embedded chip might also be at risk—such as passports and credit cards.

    But is the sky really falling? In #SBBlogwatch, we dig into the nuance. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/09/ #EUCLEAK

    #infineon #fido2 #yubikey #sbblogwatch #eucleak
  26. Richi Jennings @[email protected] ·

    USB MFA SCA😱: #Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.

    The most widely used #FIDO2 authentication device has a nasty flaw: It can be cloned. Other uses of #YubiKey’s vulnerable Infineon embedded chip might also be at risk—such as passports and credit cards.

    But is the sky really falling? In #SBBlogwatch, we dig into the nuance. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/09/ #EUCLEAK

    #infineon #fido2 #yubikey #sbblogwatch #eucleak
  27. Richi Jennings @[email protected] ·

    USB MFA SCA😱: #Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.

    The most widely used #FIDO2 authentication device has a nasty flaw: It can be cloned. Other uses of #YubiKey’s vulnerable Infineon embedded chip might also be at risk—such as passports and credit cards.

    But is the sky really falling? In #SBBlogwatch, we dig into the nuance. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/09/ #EUCLEAK

    #eucleak #sbblogwatch #yubikey #fido2 #infineon
  28. Richi Jennings @[email protected] ·

    USB MFA SCA😱: #Infineon hardware and software blamed for timing side-channel attack on popular auth tokens.

    The most widely used #FIDO2 authentication device has a nasty flaw: It can be cloned. Other uses of #YubiKey’s vulnerable Infineon embedded chip might also be at risk—such as passports and credit cards.

    But is the sky really falling? In #SBBlogwatch, we dig into the nuance. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/09/ #EUCLEAK

    #infineon #fido2 #yubikey #sbblogwatch #eucleak
  29. Richi Jennings @[email protected] ·

    #Versa Networks criticized for swerving the blame.

    A huge, gaping vulnerability in #VersaDirector allowed a #Chinese state sponsored #APT group to pivot into countless enterprises. Dubbed #VoltTyphoon, the group’s aim is to be ready for cyberwar between the PRC and America. So, yeah, this is a major problem.

    But Versa Networks, Inc. made the classic PR faux pas of blaming its own customers—major U.S. ISPs and MSPs. In #SBBlogwatch, we break out the popcorn. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/08/ $LUMN

    #versa #versadirector #chinese #apt #volttyphoon #sbblogwatch
  30. Richi Jennings @[email protected] ·

    #MDM software for schools is breached for second time this year—13,000 devices wiped in Singapore alone.

    #MobileGuardian, an educational mobile device management (MDM) service, is in trouble again. Tens of thousands of students have lost everything.

    This comes only a few months after a threat actor hacked the personal data of almost 90,000 parents and staff from Mobile Guardian’s servers. At the time, reports said the scrote was trying to blackmail the firm.

    CEO Patrick Lawson is keeping a low profile. In #SBBlogwatch, we wonder if the same hacker is seeking revenge. At @TechstrongGroup⁠’s @SecurityBlvd: securityboulevard.com/2024/08/

    #mdm #mobileguardian #sbblogwatch
  31. Richi Jennings @[email protected] ·

    Hacktivist group wields infostealer Trojan, leaks 1,200 GB of mouse droppings.

    #NullBulge, a hacktivist group not motivated by money, has attacked Walt #Disney Co. With the help of an insider, it claims to have stolen 1.2 TB of data from the #Slack instance run by the haus of mouse. This, we’re told, is as a punishment for bad behavior by $DIS.

    That’s a lot of data. In #SBBlogwatch, we wonder if all is as it seems. At @TechstrongGroup​’s @SecurityBlvd: securityboulevard.com/2024/07/

    #nullbulge #disney #slack #sbblogwatch
  32. Richi Jennings @[email protected] ·

    Cryptocurrency fans lose their worthless tokens via phishing attacks on decen­tral­ized finance sites.

    Hundreds of domains at #Squarespace were left vulnerable by a gaping security hole: According to researchers, $SQSP allowed anyone to claim and hijack any domain migrated there from the now-dead #GoogleDomains service. Naturally, the attacking scrotes targeted #cryptocurrency sites (because mostly they’re run by people who don’t know what they’re doing).

    Yep, it’s yet another story of weak #DeFi security. In #SBBlogwatch, nothing of value was lost. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/07/

    #squarespace #googledomains #cryptocurrency #defi #sbblogwatch
  33. Richi Jennings @[email protected] ·

    Ancient, widely used protocol has CVSS 9.0 vulnerability: #BlastRADIUS.

    #RADIUS, the protocol nobody thinks much about, has a critical bug. This 1990s auth­en­ti­ca­tion/auth­or­i­z­ation standard has the potential to cause widespread pain and anguish, thanks to how it’s deeply embedded into countless bits of networking gear.

    IT/DevOps staff can look forward to some canceled vacay. In #SBBlogwatch, we wonder what else is lurking to bite us. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/07/

    #radius #sbblogwatch #blastradius
  34. Richi Jennings @[email protected] ·

    Ten billion plain-text passwords in a file—sky falling or situation normal?

    The internet’s biggest password dump has gotten even bigger. Like some sort of obsessive Pokémon-GO fanatic, the credential collector known only as #ObamaCare added another 1½  billion stolen cleartext #passwords to the fabled #RockYou list.

    It’s now so close to the magic 10  billion mark. In #SBBlogwatch, we wonder what it really means. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/07/

    #obamacare #passwords #rockyou #sbblogwatch
  35. Richi Jennings @[email protected] ·

    Chinese company takes over widely used free web service—almost 400,000 websites at risk.

    Last week, we warned you to remove any dependencies on the #Polyfill​.​io web browser fallback service. It’s been taken over by malicious actors and is being used in #SupplyChain attacks, say researchers.

    This week brings more research, showing the problem’s almost four times as big as we thought. And major public websites are still using it—including government services.

    It’s quite a worry. In #SBBlogwatch, we daren’t even breathe on this house of cards. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/07/

    #polyfill #supplychain #sbblogwatch
  36. Richi Jennings @[email protected] ·

    Redmond realizes #Recall requires radical rethink.

    As you might recall, #MicrosoftRecall is a #privacy disaster. And now, #Microsoft has had to pull the flagship #AI feature of its shiny new “Copilot+ PC” brand.

    At the 11th hour, Redmond saw it had some nasty #security implications, which couldn’t be tweaked in time for next week’s release of new #ARM PCs. The embarrassing U-turn came at the same time as Congress grilled Microsoft vice chair and CLO #BradSmith about #whistleblower accusations of slack security.

    Egg, meet face. In #SBBlogwatch, we wonder why NOW. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/06/

    #recall #microsoftrecall #privacy #microsoft #ai #security
  37. Richi Jennings @[email protected] ·

    #UNC5537 breached at least 165 #Snowflake instances.

    A week ago, we said #Ticketmaster was one of “several” victims of a hacking spree directed at customers of Snowflake, Inc. (NYSE:SNOW), a cloud analytics firm. But now it appears that number is a lot bigger.

    Surely data analytics experts should be able to spot hundreds of customers being breached? And why is a simple username/password pair enough to dump an entire database?

    In #SBBlogwatch, we wonder why Snowflake continues to blame the victims, when the firm seems at least partly responsible. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/06/

    #unc5537 #snowflake #ticketmaster #sbblogwatch
  38. Richi Jennings @[email protected] ·

    #Ticketmaster says the 1.3TB database was actually hosted on #Snowflake. And reports are coming in of several more massive leaks from other Snowflake customers.

    Some reports also blame Snowflake for lax #security, including an employee losing control of a powerful authentication credential that gave access to the whole kit and caboodle. A security firm, #HudsonRock, made the allegation and quickly felt the ire of Snowflake’s lawyers.

    Snowflake denies it’s been hacked. In #SBBlogwatch, we’re told it’s the customers’ fault. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/06/

    #ticketmaster #snowflake #security #hudsonrock #sbblogwatch
  39. Richi Jennings @[email protected] ·

    Kit from #ActionTec and #Sagemcom remotely ruined and required replacement.

    Almost half of #Windstream’s #Kinetic broadband users found their home routers completely dead, thanks to a malicious botnet known as #Chalubo. This happened seven months ago, but has only now come to light—via researchers who dubbed it #PumpkinEclipse.

    It has echoes of Ukrainian #ISP modems mysteriously self destructing, just before the 2022 Russian invasion. In #SBBlogwatch, we wonder if this was a test of something bigger. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/05/

    #actiontec #sagemcom #windstream #kinetic #chalubo #pumpkineclipse
  40. Richi Jennings @[email protected] ·

    U.S. Courts “likely” to rule whether new law is constitutional—or even practical.

    #TikTok’s #Chinese owner is suing the government to strike down last month’s law effectively banning the app. #ByteDance says the Protecting Americans from Foreign Adversary Controlled Applications Act (#PAFACA) is unconstitutional and the proposed remedies are impractical.

    Plus, it says, the U.S. hasn’t stuck to its side of the bargain. In #SBBlogwatch, here’s a page For You. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/05/

    #tiktok #chinese #bytedance #pafaca #sbblogwatch
  41. Richi Jennings @[email protected] ·

    The UK’s #PSTI Act aims to make net-connected consumer gear more secure.

    British lawmakers want to stop the sale of insecure devices. In addition to banning weak #passwords, says the Product Security and Telecommunications Infrastructure Act (PSTI), vendors must say how long the device will be supported. And device makers must follow the law as of right now.

    Compliance failure could mean big fines. In #SBBlogwatch, the ‘S’ in #IoT stands for #Security. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/04/

    #psti #passwords #sbblogwatch #iot #security
  42. Richi Jennings @[email protected] ·

    The analytics firm kept big companies’ secrets in an insecure #AWS bucket. Government says victims include the “critical infrastructure sector.”

    #Sisense, a service provider to huge companies including Nasdaq, Verizon and Air Canada, has lost control of its customers’ credentials and access tokens. #CISA, the Cybersecurity and Infrastructure Security Agency, warned users of the service to drop everything and rotate or reset their secrets.

    Sources say Sisense stopped storing secrets securely. In #SBBlogwatch, we facepalm hard. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/04/

    #aws #sisense #cisa #sbblogwatch
  43. Richi Jennings @[email protected] ·

    The Federal Communications Commission is finally minded to do something about decades-old vulnerabilities.

    Dusty, moldy, prehistoric protocols from the 1980s and ’90s still underpin our phone networks. Full of security holes, #SS7 and #Diameter allow scrotes to track our locations—whether mobile or wired (ask your parents). The #FCC is asking the industry to do something about it.

    We’ve known about the problems since the mid-1990s. In #SBBlogwatch, we ask, “Why now?” At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/04/

    #ss7 #diameter #fcc #sbblogwatch
  44. Richi Jennings @[email protected] ·

    Last year’s Chinese hack of federal agencies’ email is still a mystery, and “should never have occurred,” says #CISA.

    CISA’s Cyber Safety Review Board thinks #Microsoft’s #cybersecurity is rotten. The company needs cultural reform and needs to stop releasing new features until it fixes the problem, the board says.

    Microsoft’s cloud email system was hacked by #Storm0558 in 2023. But Redmond still doesn’t know how. In #SBBlogwatch, we aggregate fruity reactions. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/04/

    #cisa #microsoft #cybersecurity #storm0558 #sbblogwatch
  45. Richi Jennings @[email protected] ·

    Last year’s Chinese hack of federal agencies’ email is still a mystery, and “should never have occurred,” says #CISA.

    CISA’s Cyber Safety Review Board thinks #Microsoft’s #cybersecurity is rotten. The company needs cultural reform and needs to stop releasing new features until it fixes the problem, the board says.

    Microsoft’s cloud email system was hacked by #Storm0558 in 2023. But Redmond still doesn’t know how. In #SBBlogwatch, we aggregate fruity reactions. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/04/

    #cisa #microsoft #cybersecurity #storm0558 #sbblogwatch
  46. Richi Jennings @[email protected] ·

    Last year’s Chinese hack of federal agencies’ email is still a mystery, and “should never have occurred,” says #CISA.

    CISA’s Cyber Safety Review Board thinks #Microsoft’s #cybersecurity is rotten. The company needs cultural reform and needs to stop releasing new features until it fixes the problem, the board says.

    Microsoft’s cloud email system was hacked by #Storm0558 in 2023. But Redmond still doesn’t know how. In #SBBlogwatch, we aggregate fruity reactions. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/04/

    #cisa #microsoft #cybersecurity #storm0558 #sbblogwatch
  47. Richi Jennings @[email protected] ·

    Last year’s Chinese hack of federal agencies’ email is still a mystery, and “should never have occurred,” says #CISA.

    CISA’s Cyber Safety Review Board thinks #Microsoft’s #cybersecurity is rotten. The company needs cultural reform and needs to stop releasing new features until it fixes the problem, the board says.

    Microsoft’s cloud email system was hacked by #Storm0558 in 2023. But Redmond still doesn’t know how. In #SBBlogwatch, we aggregate fruity reactions. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/04/

    #sbblogwatch #storm0558 #cybersecurity #microsoft #cisa
  48. Richi Jennings @[email protected] ·

    Last year’s Chinese hack of federal agencies’ email is still a mystery, and “should never have occurred,” says #CISA.

    CISA’s Cyber Safety Review Board thinks #Microsoft’s #cybersecurity is rotten. The company needs cultural reform and needs to stop releasing new features until it fixes the problem, the board says.

    Microsoft’s cloud email system was hacked by #Storm0558 in 2023. But Redmond still doesn’t know how. In #SBBlogwatch, we aggregate fruity reactions. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/04/

    #cisa #microsoft #cybersecurity #storm0558 #sbblogwatch
  49. Richi Jennings @[email protected] ·

    The #Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup.

    More software supply-chain security shenanigans: #PyPI came under attack earlier, with more than 500 fake packages with similar names to popular ones. Scrotes unknown have been trying to steal cryptocurrency credentials and other secrets.

    Yes, it’s happened yet again. In #SBBlogwatch, we ask if it’s time for a #CodeReuse rethink. At #TechstrongGroup’s #SecurityBlvd: securityboulevard.com/2024/03/

    #python #pypi #sbblogwatch #codereuse #techstronggroup #securityblvd
  50. Richi Jennings @[email protected] ·

    Researchers worm their way into broken #cache-filling microcode in most Macs and iPads.

    #Apple chip designers tried to make CPUs more speedy, but in fact made them less secure. A team of academics found a way to exploit a bug in the #M1, #M2 and #M3 processors that let them steal secrets—such as #encryption keys. They’re calling it #GoFetch.

    It’s yet another #prediction faux pas. In #SBBlogwatch, we cache in on the story. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/03/

    #cache #apple #m1 #m2 #m3 #encryption