“No Ordinary Vulnerability” —
Thursday, 28 December 2023
Wednesday, 20 December 2023
Tuesday, 19 December 2023
Mr. Cooper Hackers Stole ~15 Million Users’ Data - Security Boulevard
Another day, another huge leak:
Monday, 18 December 2023
Friday, 15 December 2023
Wednesday, 13 December 2023
Tuesday, 12 December 2023
Friday, 8 December 2023
Wednesday, 6 December 2023
Tuesday, 5 December 2023
Friday, 1 December 2023
Wednesday, 29 November 2023
Monday, 27 November 2023
Wednesday, 22 November 2023
‘LitterDrifter’ Russian USB Worm Leaks from Ukraine War Zone - Security Boulevard
FSB APT USB VBS LNK DLL: WTH?
Monday, 20 November 2023
Friday, 17 November 2023
Thursday, 16 November 2023
Wednesday, 15 November 2023
Monday, 13 November 2023
LockBit Crashes Boeing Dark Web Data — No Ransom Paid - Security Boulevard
Seattle plane maker tries to tell us the 50GB dump is ever so boring and not worth spinning up Tor for.
Friday, 10 November 2023
Thursday, 9 November 2023
Wednesday, 8 November 2023
Atlassian Bug now a Perfect 10: Riot of Ransomware Raids - Security Boulevard
Step #1: Get it off the Internet
Friday, 3 November 2023
VICTORY: Google WEI ‘Stealth DRM’ Plan is Dead (or is it?) - Security Boulevard
WEI is dead — long live WMI:
Thursday, 2 November 2023
AI Safety: 28 Nations+EU Agree to Test in Turing’s Huts - Security Boulevard
Foo, bar, #BletchleyDeclaration—signed at UK’s AI Safety Summit: Not much substance, but unity is impressive.
Wednesday, 1 November 2023
We Won’t Pay Ransomware Crims — 40 Nations Promise Biden’s WH - Security Boulevard
Will CRI pledge work? International Counter Ransomware Initiative hopes to pull rug from under scrotes.
Tuesday, 31 October 2023
Thursday, 26 October 2023
#iLeakage: All Apple CPUs Vulnerable — No Patch in Sight - Security Boulevard
Son of Spectre: No fix for iOS, “unstable” workaround for macOS.
Tuesday, 24 October 2023
Don’t Be Evil: Google’s Scary ‘IP Protection’ Privacy Plan - Security Boulevard
Firefox here we come! “Free” privacy proxy for all Chrome users? What could possibly go wrong?
Monday, 23 October 2023
Okta Hacked Yet Again: 2FA Firm Failed to 2FA - Security Boulevard
You had one job: Once is happenstance, twice is coincidence, FIVE TIMES is sheer incompetence.
Friday, 20 October 2023
KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again - Security Boulevard
Mote below ķ: Not only malvertising, but also “verified by Google.”
Tuesday, 17 October 2023
Cisco Zero-Day: As Bad as it Gets — and No Fix 4 Weeks in - Security Boulevard
Keeping us in suspense—It doesn’t get worse than this: CVE-2023-20198 is CVSS=10.
Monday, 16 October 2023
Elon’s CSAM FAIL: Twitter Fined by Australian Govt. - Security Boulevard
Straya strikes back: Musk’s mob declines to answer questions, breaking law dunundah.
Friday, 13 October 2023
Stalking: Fear of Apple AirTag ‘Explodes’ — Lawsuit Momentum Grows - Security Boulevard
This is why we can’t have nice things: 38 victims of Apple’s “negligence” named in amended class action.
Wednesday, 11 October 2023
Microsoft kills Python 3.7 ¦ … and VBScript ¦ Exascaling ARM on Jupiter - DevOps.com
The moral of the story: So long, and thanks for all the fish
Tuesday, 10 October 2023
Google Pushes ‘Passkeys’ Plan — but it’s Too Soon for Mass Rollout - Security Boulevard
FIDO FAIL: “Killing passwords” is a worthy goal—but is coercion the best way?
Monday, 9 October 2023
Huge DNA PII Leak: 23andMe Must Share the Blame - Security Boulevard
The firm’s PR spin implies it’s the users’ fault for not using unique passwords—but is that fair? No, of course it isn’t.
Friday, 6 October 2023
iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain - Security Boulevard
Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero days (and the overheating bug)
Wednesday, 4 October 2023
Meta Mayhem: Hybrid Work FAIL ¦ Yet More Layoffs - DevOps.com
The moral of the story: Be where you are—otherwise you will miss your life
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) October 4, 2023
1⃣ @Meta’s enforced #HybridWork plan is failing badly, and
2⃣ #Meta makes more #layoffs.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/UaQUYO9CXq #DevOps $META
Tuesday, 3 October 2023
Broken ARM: Mali Malware Pwns Phones - Security Boulevard
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver.
Nasty bugs in #Android #GPU driver for the #ARM #Mali. Affects flagship phones such as the Samsung Galaxy S20.
— @Richi 🤓 Jennings (@RiCHi) October 3, 2023
There’s a patch upstream. In today’s #SBBlogwatch, we wonder if it’ll ever get delivered to our phones. At @TechstrongGroup’s @SecurityBlvd: https://t.co/1mkkvnMPbg
Monday, 2 October 2023
Don’t Say ‘Skynet’ — NSA’s AI Security Center is New Hub for Agency Efforts - Security Boulevard
COME WITH ME IF YOU WANT TO LIVE: Nothing suspicious to see here—move along.
The #NSA is forming a security center for #AI. Honcho @CYBERCOM_DIRNSA thinks the NSA has “unique talent and expertise” to keep AI secure.
— @Richi 🤓 Jennings (@RiCHi) October 2, 2023
In today’s #SBBlogwatch, we’re from the government and we’re here to help. At @TechstrongGroup’s @SecurityBlvd: https://t.co/0pUY7dy3bZ
Friday, 29 September 2023
Raspberry Pi 5: Faster, Better, Stronger — Spendier - DevOps.com
The moral of the story: You’re not defined by your past—you’re prepared by it
In a cheeky extra #TheLongView: Everyone’s favorite single-board #ARM computer, #RaspberryPi, has a new gen. coming soon. #RPi5 has double the performance, quadruple the base RAM and far more capable I/O.
— @Richi 🤓 Jennings (@RiCHi) September 29, 2023
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/veGdjSH0cY #DevOps
Thursday, 28 September 2023
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge? - Security Boulevard
TTP: IOS EEM CLI BBQ LOL—FBI, NSA, CISA join Japan’s NISC to warn of espionage group linked to Chinese Communist Party.
#China attacks #Cisco routers, installs persistent malware with sneaky backdoors. They break into IOS and drop a hidden EEM policy to manipulate a CLI result.
— @Richi 🤓 Jennings (@RiCHi) September 28, 2023
Clear as mud? In today’s #SBBlogwatch, we fire up the BBQ. At @TechstrongGroup’s @SecurityBlvd: https://t.co/HHRY8ioCI9
Wednesday, 27 September 2023
FCC: Net Neutrality is a ‘Thing’ Again ¦ Meta Shutters Big UK Site - DevOps.com
The moral of the story: In the long run, the sharpest weapon of all is a kind and gentle spirit
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) September 27, 2023
1⃣ #NetNeutrality is back on the @FCC’s agenda, and
2⃣ unused #London office gets Zucked.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/8GDM0zf6OH #DevOps $META
Tuesday, 26 September 2023
‘All of Sony’ Hacked, Claims Ransomed.vc Group - Security Boulevard
Hackers Play in Sony’s World:
Yet another hack of @Sony: Emergent #ransomware gang #Ransomed.vc says it pwned entire #Sony group.
— @Richi 🤓 Jennings (@RiCHi) September 26, 2023
“We are currently investigating. … We have no further comment.” In today’s #SBBlogwatch, we’re not 100% surprised. At @TechstrongGroup’s @SecurityBlvd: https://t.co/Fh3B0TMEkM
Monday, 25 September 2023
More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator - Security Boulevard
Apple Scrambled to Fix 3 More CVEs:
Would-be president pwned by President: #AhmedTantawy had phone hacked; #CitizenLab says Egyptian govt did it.
— @Richi 🤓 Jennings (@RiCHi) September 25, 2023
Fingered: @VodafoneEgypt, @Sandvine and #Cytrox itself. In today’s #SBBlogwatch, we rethink seeing pyramids. At @TechstrongGroup’s @SecurityBlvd: https://t.co/1Uu0Ii9wYL
Thursday, 14 September 2023
Google De-Recruits 100s of Recruiters ¦ ARM Valued at $45½B in IPO - DevOps.com
The moral of the story: You only pass through this life once—you don’t come back for an encore.
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) September 14, 2023
1⃣ #Google fires hundreds of #recruiters, and
2⃣ $ARM gets a sky-high #IPO valuation.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/OoxF8PAx8h #DevOps
Wednesday, 13 September 2023
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug - Security Boulevard
WebP FAIL:
After Apple’s #BLASTPASS patches, come a bunch of others. Exploits are in the wild.
— @Richi 🤓 Jennings (@RiCHi) September 13, 2023
The bug is in #libwebp—a Google #WebP image library built in to many apps. In today’s #SBBlogwatch, we prepare for carpal tunnel. At @TechstrongGroup’s @SecurityBlvd: https://t.co/VB0FSMOX7u
Tuesday, 12 September 2023
What Happens in Vegas: MGM Resorts ‘Ransomware’ Attack - Security Boulevard
You’re welcome to it:
#MGMResorts has pulled the plugs—it’s come under cyberattack. Seems like another #ransomware attack.#MGM is a huge deal in #LasVegas, owning 12 properties. In today’s #SBBlogwatch, we’re not staying in #Vegas. At @TechstrongGroup’s @SecurityBlvd: https://t.co/hpuyoE63wL
— @Richi 🤓 Jennings (@RiCHi) September 12, 2023
Monday, 11 September 2023
‘BLASTPASS’ iPhone Exploit — Apple Asleep at the Switch - Security Boulevard
Zero click, zero day, zero clue:
#Apple under fire yet again for insecure software. It’s the 13th #ZeroDay of 2023—time for someone in Cupertino to wake up.
— @Richi 🤓 Jennings (@RiCHi) September 11, 2023
Yes, another #ZeroClick. In today’s #SBBlogwatch, we eyeroll at Apple’s claim to be secure. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ILx07kLyHv
Friday, 8 September 2023
Google Kills 3rd-Party Cookies — but Monopolizes AdTech - Security Boulevard
#Firefox looking good right now:
#Google says its #TopicsAPI is ready: #PrivacySandbox is shipping in #Chrome—finally. So, la $GOOG is preparing to switch off #tracking #cookies.
— @Richi 🤓 Jennings (@RiCHi) September 8, 2023
Sinister land grab? In today’s #SBBlogwatch, we see both sides. At @TechstrongGroup’s @SecurityBlvd: https://t.co/gJetFjDrrD
Thursday, 7 September 2023
Oracle Bill is 5x Client’s Budget ¦ Toyota Out of Space - DevOps.com
The moral of the story: Comparison is the thief of joy
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) September 7, 2023
1⃣ #Birmingham looks like the Detroit of the UK—is it #Oracle’s fault?
2⃣ Was #Toyota’s factory failure caused by running out of disk space?
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/caZCFl8rOw
Wednesday, 6 September 2023
This SUCKS: ‘Cars Are a Privacy Nightmare,’ Mozilla Fumes - Security Boulevard
IoT cars considered harmful:
All top car brands collect personal data. They probably share and/or sell it, they don’t keep it secure—and good luck opting out. The @Mozilla Foundation is horrified.
— @Richi 🤓 Jennings (@RiCHi) September 6, 2023
In today’s #SBBlogwatch, we drive the point home. At @TechstrongGroup’s @SecurityBlvd: https://t.co/y7Lj97oEiA
Tuesday, 5 September 2023
Sourcegraph’s Shocking Screwup: Private Secrets in Public Repo - Security Boulevard
Credentials create crisis:
#Sourcegraph’s #LLM was hacked last week. Scrotes labored for days to make it available free.
— @Richi 🤓 Jennings (@RiCHi) September 5, 2023
Some #PII might have leaked, too. The company isn’t sure. In today’s #SBBlogwatch, we check our GitHub repos (yet again). At @TechstrongGroup’s @SecurityBlvd: https://t.co/5vfp8qSD5s
Thursday, 31 August 2023
BadBazaar: Chinese Spyware Shams Signal, Telegram Apps - Security Boulevard
I’m Shocked. SHOCKED!
#China accused of hiding #spyware in app stores. APT #GREF put #BadBazaar in cloned #Signal & #Telegram.#Google acted (slowly), but #Samsung failed to do anything. In today’s #SBBlogwatch, we’re all about the déjà vu. At @TechstrongGroup’s @SecurityBlvd: https://t.co/UhBg5OCyNV
— @Richi 🤓 Jennings (@RiCHi) August 31, 2023
Wednesday, 30 August 2023
Qakbot Cracked: FBI and Friends Hack the Hackers - Security Boulevard
Or is it just resting? Beautiful plumage.
World’s biggest loader #botnet has ceased to be. Bereft of life—thanks to @TheJusticeDept & Euro partners.#Qakbot has rung down the curtain. In today’s #SBBlogwatch, we’ve gone to join the choir invisible. At @TechstrongGroup’s @SecurityBlvd: https://t.co/mk49dhV4rT #DuckHunt
— @Richi 🤓 Jennings (@RiCHi) August 30, 2023
Tuesday, 29 August 2023
Did Russia Hack Poland’s Trains? MSM Says Yes, but … Well, You Decide - Security Boulevard
Train Phreaking:
#Trains all over #Poland are mysteriously slamming on the brakes. Of course, the MSM is all up in a lather.
— @Richi 🤓 Jennings (@RiCHi) August 29, 2023
Or was it just a modern-day #BlueBox prank? In today’s #SBBlogwatch, we grab some delicious Cap’n Crunch. At @TechstrongGroup’s @SecurityBlvd: https://t.co/iaM6voueA2
Monday, 28 August 2023
‘Scrum == Cancer’ ¦ Plus: Linux 6.5 Ships - DevOps.com
The moral of the story: When we strive to become better than we are, everything around us becomes better too
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) August 28, 2023
1⃣ #Scrum sucks, sources say; and
2⃣ Here comes the #Linux 6.5 kernel.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Dx8Mj1xV1C #DevOps
Friday, 25 August 2023
Gmail Adds Extra Checks, Thwarting Sneaky Hackers - Security Boulevard
But Please Don’t Use SMS:
If hackers can silently watch your inbox, they can also break into your other accounts.
— @Richi 🤓 Jennings (@RiCHi) August 25, 2023
So Google’s adding #authentication to the #Gmail settings scrotes use. In today’s #SBBlogwatch, we finally sort out our #2FA. At @TechstrongGroup’s @SecurityBlvd: https://t.co/zFIsjIZ0Ze
Thursday, 24 August 2023
Lapsus$ Jury Says Teen Duo Did Do Crimes - Security Boulevard
‘teapotuberhacker’ is not Guilty but not ‘Not Guilty’
Jury decides they committed crimes using #SocialEngineering, insider bribery and #SIMswapping—holding victims to #crypto-ransom.
— @Richi 🤓 Jennings (@RiCHi) August 24, 2023
It all sounded a bit too easy. In today’s #SBBlogwatch, we put the kettle on. At @TechstrongGroup’s @SecurityBlvd: https://t.co/cxkiZEl3tP #Lapsus$
Wednesday, 23 August 2023
IBM LLM AI: COBOL to Java ASAP ¦ ARM IPO is GO! - DevOps.com
The moral of the story: Life’s tough—but it’s tougher when you’re stupid
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) August 23, 2023
1⃣ Translating legacy #COBOL code to a slightly more modern language, and
2⃣ @Arm will go public (again) next month.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/VJ9LY358o7 #DevOps
Monday, 21 August 2023
LOL WinRAR: Serious One-Click Bug (Patch NOW) - Security Boulevard
LOL WinRAR:
#WinRAR has a serious security hole. If you still have it installed, get the update (or uninstall).
— @Richi 🤓 Jennings (@RiCHi) August 21, 2023
Do what you want, because you are free. In today’s #SBBlogwatch, we’re sailing away (adventure waits on every shore). At @TechstrongGroup’s @SecurityBlvd: https://t.co/iWCbhwdZH4
Thursday, 17 August 2023
80% of Bosses ‘Regret’ Stopping WFH ¦ PSA: Disable STS! - DevOps.com
The moral of the story: Be nice to people on the way up, because you may meet them on the way down
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) August 17, 2023
1⃣ Rethinking return-to-office mandates and
2⃣ A ridiculous, ancient Windows bug.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/kCtkMiU6PX #DevOps
Wednesday, 16 August 2023
Ransomware Robs Realtors — Rapattoni MLS-aaS Down: Day 8 and Counting - Security Boulevard
MLS FAIL:
A service that helps local #realtor associations manage home listings has been down for a week, thanks to #ransomware.
— @Richi 🤓 Jennings (@RiCHi) August 16, 2023
It’s been a long time coming. In today’s #SBBlogwatch, we smell #legacy systems. At @TechstrongGroup’s @SecurityBlvd: https://t.co/7TNuGQs1jd @Rapattoni #MLS
Tuesday, 15 August 2023
AI coding helpers get FAILing grade - ReversingLabs
Fools rush in:
#ChatGPT is wrong more than half the time—makes many conceptual errors, but sounds confident, authoritative.
— @Richi 🤓 Jennings (@RiCHi) August 15, 2023
So, hard to spot the errors, say researchers. In this week’s #SSBlogwatch we can’t say we’re totally surprised. For @ReversingLabs: https://t.co/egp3AdqNmJ #AI #DevOps
Monday, 14 August 2023
‘Sabotage the Factory’ — 16 Big Bugs in Codesys ICS/OT/SCADA Software - Security Boulevard
#CoDe16 FAIL:
See that power station, chemical plant or production line? Probably uses @CODESYS_Group software to program its industrial computers.
— @Richi 🤓 Jennings (@RiCHi) August 14, 2023
In today’s #SBBlogwatch, we’re crushed by the wheels of industry. At @TechstrongGroup’s @SecurityBlvd: https://t.co/kn3Smp94cF #ICS #OT #SCADA
Friday, 11 August 2023
Teenage Hackers Must be Stopped: US DHS’s CSRB Report - Security Boulevard
TL;DR: 2FA SMS FAIL
:@DHSgov’s report into last year’s #Lapsus$ attacks is finally public. #CSRB came to the oh-so-insightful conclusion that people shouldn’t use #SMS #2FA.
— @Richi 🤓 Jennings (@RiCHi) August 11, 2023
Duh. In today’s #SBBlogwatch, we waited 18 months for this? At @TechstrongGroup’s @SecurityBlvd: https://t.co/J0bVOUIayp
Thursday, 10 August 2023
Google’s Shiny New AI Dev Environment — the ‘Experimental’ Project IDX - DevOps.com
The moral of the story: You live once and life is wonderful, so eat the damned red velvet cupcake
In this week’s #TheLongView: @Google’s full-stack, browser based development environment in the cloud. It’s not just a #Copilot clone, but aims to help you “get an app from zero to production.”
— @Richi 🤓 Jennings (@RiCHi) August 10, 2023
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Cp2d9LIZsA #DevOps #ProjectIDX #AI
Wednesday, 9 August 2023
Ransomware in Schools: White House Wants Action NOW - Security Boulevard
Don’t make me tap the sign:
#Ransomware scrotes attacking public schools is a huge problem. And it’s getting worse—especially in primary and secondary.
— @Richi 🤓 Jennings (@RiCHi) August 9, 2023
But where’s the money coming from? In today’s #SBBlogwatch, we wonder if localism works. At @TechstrongGroup’s @SecurityBlvd: https://t.co/iJmAmHHJcK
Tuesday, 8 August 2023
Listen up, devs: AI trained to overhear passwords - ReversingLabs
Sing loudly at login:
Researchers trained #DeepLearning model with keypress sounds from Apple laptops. If it can hear you type, it can predict your credentials — with scary accuracy.
— @Richi 🤓 Jennings (@RiCHi) August 8, 2023
Yes, even over Zoom. In this week’s #SSBlogwatch we turn up the music. For @ReversingLabs: https://t.co/r3TjsbiUWn
Monday, 7 August 2023
How to Get Unlimited Airline Miles: Researchers Find the Cheat Codes - Security Boulevard
Points of Interest:
Ethical hackers found huge bugs in @PointsLoyalty. The ease with which the team found them is kinda worrying.
— @Richi 🤓 Jennings (@RiCHi) August 7, 2023
In today’s #SBBlogwatch, we wonder what else is lurking that lets scrotes steal quasi-currency. At @TechstrongGroup’s @SecurityBlvd: https://t.co/4446lFAmxn
Thursday, 3 August 2023
Microsoft is a “Strategic Problem in the Security Space,” Says CEO - Security Boulevard
Fist of FAIL: Amit Yoran has had enough—and he’s not gonna take it anymore.
:@AYoran says his team reported a critical @Azure bug four months ago. Has @Microsoft fixed it yet?
— @Richi 🤓 Jennings (@RiCHi) August 3, 2023
“Of course not,” he says.
Satya looks like he’s about to punch someone. In today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/OcTW5HxcwS
2024—Year of the Linux Desktop? ChromeOS Reflects its Inner Penguin ¦ GNOME Rethink - DevOps.com
The moral of the story: People of accomplishment rarely sit back and let things happen to them
In this week’s #TheLongView: Can the #Linux desktop installed base ever break the mythical 10% barrier?
— @Richi 🤓 Jennings (@RiCHi) August 3, 2023
1⃣ @Google has been refactoring #ChromeOS, and
2⃣ @GNOME is working on new #WindowManager ideas.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Gug1nV3SoZ #DevOps
Tuesday, 1 August 2023
BREAKING NEWS: You’re not Anonymous on Facebook (Duh) - Security Boulevard
Apparently this is news to some people:
#Anonymous posting in @Facebook groups isn’t a #privacy shield: You can’t just defame someone and get away with it.
— @Richi 🤓 Jennings (@RiCHi) August 1, 2023
Judge in Netherlands says @Meta must name anonymous user. In today’s #SBBlogwatch, we see both sides. At @TechstrongGroup’s @SecurityBlvd: https://t.co/PrXHu8Ljvz
Friday, 28 July 2023
Android Foils AirTag Stalkers and Thieves — While Apple Does Nothing - Security Boulevard
C’mon Cupertino:
An Apple #AirTag that’s not yours traveling with you is bad news. Now Android will alert you.
— @Richi 🤓 Jennings (@RiCHi) July 28, 2023
What’s Apple doing? Sitting on their hands. In today’s #SBBlogwatch, we can’t wait until Tim’s crew get with the program. At @TechstrongGroup’s @SecurityBlvd: https://t.co/1WbSTFaQio
Thursday, 27 July 2023
Overture Maps’ Challenge to Google ¦ Frontier Model Forum’s AI Safety Shtick - DevOps.com
The moral of the story: You have two hands—one for helping yourself, the other for helping others
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) July 27, 2023
1⃣ A big-tech consortium goes toe-to-toe with @GoogleMaps, and
2⃣ A big-tech consortium tries to fool #AI regulators.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/mUoIqlO36p #DevOps
Wednesday, 26 July 2023
ALERT: Google Wants to DRM your OS for ‘Web Environment Integrity’ - Security Boulevard
We Will Kill WEI:
Google calls it #WebEnvironmentIntegrity (#WEI): A super-secure service to certify your OS hasn’t been messed with.
— @Richi 🤓 Jennings (@RiCHi) July 26, 2023
Naturally, the “freedom to tinker” brigade are up in arms. In today’s #SBBlogwatch, we see both sides. At @TechstrongGroup’s @SecurityBlvd: https://t.co/5OeH6sT43W
Tuesday, 25 July 2023
No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’ - ReversingLabs
The future of zero trust?
Googlers will be protected from themselves. In what’s described as a pilot program, they’ll lose internet access at work and/or root privs.
— @Richi 🤓 Jennings (@RiCHi) July 25, 2023
The idea is to stop break-ins. In this week’s #SSBlogwatch we try not to imagine the horror. For @ReversingLabs: https://t.co/jiSig18Bn9
Monday, 24 July 2023
‘China’ Azure Breach: MUCH Worse Than Microsoft Said - Security Boulevard
Storm-0558 Breaks:
Nasty hack ‘by #China’ even nastier: Hackers stole a key cracking open AAD multi-tenant apps.
— @Richi 🤓 Jennings (@RiCHi) July 24, 2023
People are using words like “shoddy” and “fiasco.”
In today’s #SBBlogwatch, we wonder if #EntraID rebrand is connected. At @TechstrongGroup’s @SecurityBlvd: https://t.co/KXi0qjTHha
Friday, 21 July 2023
R.I.P. Kevin Mitnick, 1963–2023 - Security Boulevard
Kevin is Free:
#KevinMitnick lost his battle with pancreatic cancer. He leaves behind a wife, their unborn child and an entire culture he helped create.
— @Richi 🤓 Jennings (@RiCHi) July 21, 2023
The internet has many words to say. In today’s #SBBlogwatch, here are some. At @TechstrongGroup’s @SecurityBlvd: https://t.co/no0XF6y7pi
Thursday, 20 July 2023
AI ‘is Getting Worse’ ¦ AI ‘Will Lose India Jobs’ (Probably Isn’t ¦ Probably Won’t)
The moral of the story: It takes 20 years to build a reputation and five minutes to ruin it
In this week’s #TheLongView, a conundrum:
— @Richi 🤓 Jennings (@RiCHi) July 20, 2023
1⃣ On the one hand, researchers say #ChatGPT is losing the plot
2⃣ On the other, we hear outsourced coding jobs in #India will be replaced by #AI.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/WjwMN8dEYf #DevOps
Wednesday, 19 July 2023
Biden Admin. Adds ‘Mercenary Spyware’ Firms to Ban List - Security Boulevard
Predator/ALIEN not welcome in U.S.
#Predator #spyware pushers #Intellexa & #Cytrox banned by @CommerceGov: U.S. orgs can’t do business with them—nor with any of the other firms on the #EntityList.
— @Richi 🤓 Jennings (@RiCHi) July 19, 2023
In today’s #SBBlogwatch, we talk transatlantic tension. At @TechstrongGroup’s @SecurityBlvd: https://t.co/roWbDcFegu
Monday, 17 July 2023
OPSEC FAIL: US Military Email Going to Mali — via Typo - Security Boulevard
MX Mixup:
Every week, thousands of #email messages get sent to #Mali instead of U.S. DoD addresses ending .MIL: Mali’s top-level domain is .ML and typing is hard, yo.
— @Richi 🤓 Jennings (@RiCHi) July 17, 2023
In today’s #SBBlogwatch, we tri tipin rite. At @TechstrongGroup’s @SecurityBlvd: https://t.co/22ceGU9ijf
Thursday, 13 July 2023
China Breaches Microsoft Cloud — Spied on US Govt. Email - Security Boulevard
The government is greatly displeased—even U.S. spokespeople aren’t holding back:
:@Microsoft’s #SaaS email system got hacked two months ago. Redmond’s only telling us now, in part because it only found out a month later.
— @Richi 🤓 Jennings (@RiCHi) July 13, 2023
In today’s #SBBlogwatch, we get that special déjà vu feeling again.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/cU2fAuBjNc
Wednesday, 12 July 2023
Forking RHEL! Oracle and SUSE Join the Fight ¦ Silverman Sues AI Firms - DevOps.com
The moral of the story: There are no mistakes, only opportunities
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) July 12, 2023
1⃣ @SUSE announces a @RedHat Enterprise Linux fork after @Oracle said a similar thing, and
2⃣ @SarahKSilverman says @OpenAI and @Meta have stolen her words.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/nuSPG714aV #DevOps
Tuesday, 11 July 2023
EU-US data transfers back in hotseat: Security of user data adds to privacy concerns - ReversingLabs
EU and US try yet again:
#EU says new agreement with US means it’s OK to transfer data westwards again. Third time’s a charm?
— @Richi 🤓 Jennings (@RiCHi) July 12, 2023
This time it’ll stick, right? In this week’s #SSBlogwatch we fear it won’t — not if @MaxSchrems has his way.
For @ReversingLabs: https://t.co/6yomrHHqZ4 #GDPR
Monday, 10 July 2023
StackRot: Linux Bug so bad Linus Dives Into Code to Fix It - Security Boulevard
Maple Tree Side Effects: Torvalds feels the pressure, fixes lazy locks.
Critical #vulnerability in #Linux caused #LinusTorvalds to get hands dirty. In June, patches appeared in said honcho’s name. Eyebrows raised.
— @Richi 🤓 Jennings (@RiCHi) July 10, 2023
Now we know why. In today’s #SBBlogwatch, we race to condition that hair. At @TechstrongGroup’s @SecurityBlvd: https://t.co/23Gf8jpNtm
Friday, 7 July 2023
Contec SolarView: Critical Bug Unpatched After 14 MONTHS - Security Boulevard
PV OT: VPN PDQ
An easily exploited, critical vuln in #Contec’s #SolarView #SCADA product is still live in hundreds of places—and being exploited.
— @Richi 🤓 Jennings (@RiCHi) July 7, 2023
In today’s #SBBlogwatch, we wonder why they’re on the internet in the first place. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ZbSsUeOltf
Thursday, 6 July 2023
Threads: Twitter Killer or Ad-Infested Hellscape? - DevOps.com
The moral of the story: When you cease to dream you cease to live
In this week’s #TheLongView: @Meta launches its much-leaked #Threads microblogging app.
— @Richi 🤓 Jennings (@RiCHi) July 6, 2023
A spinoff from @Instagram, it’s already reached 30M signups at the time of writing. How is Meta’s #DevOps team making it scale?
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/lqHivV95MV
Wednesday, 5 July 2023
Fortinet Bug: RUN — Don’t Walk — to Patch Critical RCE - Security Boulevard
#Xortigate Xceptional Xploits:
:@Fortinet #FortiOS has yet another nasty bug. Is your shop one of the 300,000 that hasn’t patched #CVE202327997?
— @Richi 🤓 Jennings (@RiCHi) July 5, 2023
But you need to PAY to get the update. In today’s #SBBlogwatch, we’re amazed, astounded and astonished. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ABy7mTyzqr
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites - ReversingLabs
It’s not rocket surgery:
:@MITREcorp’s top three are exactly the same as last year. Combined, just those three account for about half the problems.#CWE #1, #4, #7 and #17 are #MemorySafety bugs. In this week’s #SSBlogwatch we point the finger at C/C++. For @ReversingLabs: https://t.co/AaeUWf2C6R
— @Richi 🤓 Jennings (@RiCHi) July 5, 2023
Friday, 30 June 2023
‘Wagner Mercenary’ Hackers Destroy Russian Satellite Comms - Security Boulevard
Слава Україні — Героям слава!
Dozor-Teleport hack, vandalism and data breach. But is it a Ukrainian false flag op?
Dozor-Teleport hack, vandalism and data breach. But is it a Ukrainian false flag op?
#SatCom provider #DozorTeleport has been hacked, knocking it off internet. Did #PMCWagner do it, or was it #Ukraine? Service known to be used by #Russian military, so either theory works.
— @Richi 🤓 Jennings (@RiCHi) June 30, 2023
In today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/0j4nOJLDrj
Thursday, 29 June 2023
IBM/Red Hat Sparks Anger at GPL ‘breach’ as RHEL Source Locked Up - DevOps.com
The moral of the story: Every moment is a fresh beginning
In #TheLongView: @RedHat Enterprise #Linux (@RHEL) goes closed source. Well—not really; but @IBM’s lawyers are accused of skating so close to edge of legality that they risk violating the GNU Public License.
— @Richi 🤓 Jennings (@RiCHi) June 29, 2023
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/bYn9jTeZSI #DevOps
Wednesday, 28 June 2023
Ironic: LetMeSpy Spyware Hackers Were Hacked (by Hackers) - Security Boulevard
Content warning: Abuse, stalking, controlling behavior, Schadenfreude, irony, doxxing.
#LetMeSpy is a hacking tool used for #stalking and spying on spouses: Abusers secretly install the app on victims’ phones.
— @Richi 🤓 Jennings (@RiCHi) June 28, 2023
Sadly, its central DB was leaked.
In today’s #SBBlogwatch, we hate the game _and_ the player. At @TechstrongGroup’s @SecurityBlvd: https://t.co/1Xry08U7J7
Tuesday, 27 June 2023
Hackers breached UPS data for SMS phish spree - ReversingLabs
UPS SMS oops:
Bug allowed bad actor to manipulate URLs:
— @Richi 🤓 Jennings (@RiCHi) July 4, 2023
💭Dev should avoid consecutive object references and add entropy.
💭Ops should detect attacks and shut ’em down or tarpit them.
In this week’s #SSBlogwatch we ask what Brown can do for us? For @ReversingLabs: https://t.co/6vbRBvEbWK
Monday, 26 June 2023
GDPR FAIL: US Firm ‘Profiles Half the World’ — it’s Max Schrems Again - Security Boulevard
NYOB accuses Telesign, Proximus and BICS of misusing phone users’ private data:
Firms secretly track millions, without permission. Discovering alleged crime is @MaxSchrems/@NYOBeu.
— @Richi 🤓 Jennings (@RiCHi) June 26, 2023
Again points to “illegally” sending #EU citizens’ data to US. In today’s #SBBlogwatch, we feel a touch of déjà vu. At @TechstrongGroup’s @SecurityBlvd: https://t.co/YcNc7PuLry
Friday, 23 June 2023
Apple Fixes 0-Days — Russia Says US Used for Spying - Security Boulevard
‘#Triangulation’ spyware said to use backdoor Apple gave to NSA:
#Kremlin iPhones riddled with “#NSA” spyware for years, complains #Russia. You might recall this first blowing up three weeks ago.
— @Richi 🤓 Jennings (@RiCHi) June 23, 2023
Now #Apple finally fixed the bugs.
In today’s #SBBlogwatch, we ponder useful idiocy. At @TechstrongGroup’s @SecurityBlvd: https://t.co/0TayqgCnPE
Thursday, 22 June 2023
Google Calls Microsoft Azure Anti-Competitive ¦ Gen-Z Can’t Email - DevOps.com
The moral of the story: The longer I live, the more beautiful life becomes
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) June 22, 2023
1⃣ @Google complains to the @FTC about @Microsoft market abuses, and
2⃣ new graduates don’t know how to office.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/WXOpmNpH84 #DevOps #GenZ
Wednesday, 21 June 2023
Passkeys standard: Time to add it to your dev plans? - ReversingLabs
Momentum is building:
#Passkeys looks almost ready for prime time. Apple and Google are supporting it — and being interoperable.
— @Richi 🤓 Jennings (@RiCHi) June 21, 2023
Isn’t it time your dev team did, too? In this week’s #SSBlogwatch we get below the surface blather. For @ReversingLabs: https://t.co/9wb7qBJZNF
Tuesday, 20 June 2023
Microsoft Repeatedly Burned in ‘Layer 7’ DDoS - Security Boulevard
Unlucky Number:
#Microsoft confirms that a group has thwarted it again and again with #DDoS attacks on its cloud properties.
— @Richi 🤓 Jennings (@RiCHi) June 20, 2023
Redmond said it was a #Layer7 attack—i.e., $MSFT’s own software was vulnerable.
Today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/DEH8CjTlUU
Monday, 19 June 2023
Reddit Ransomware Raid Redux: BlackCat/ALPHV Demands $4.5M - Security Boulevard
And Now, This:
#BlackCat #ransomware crew wants @Reddit to pay up, or it’ll release internal data stolen four months ago. The scrotes also want #Reddit to volte-face on its controversial #API pricing policy.
— @Richi 🤓 Jennings (@RiCHi) June 19, 2023
Today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/xfKcTe2CUc
Friday, 16 June 2023
CISA Warning: MOVEit Has Yet Another Zero-Day SQL Injection RCE Bug - Security Boulevard
Alt. Angle: Russia-Russia-Russia Cl1p Clop
THIRD #SQLi flaw in #MOVEit—and being exploited.@ProgressSW MOVEd quickly to patch, but at this point it seems like a hapless game of Whac-A-Mole: Clearly a systemic lack of input sanitation.
— @Richi 🤓 Jennings (@RiCHi) June 16, 2023
In today’s #SBBlogwatch at @TechstrongGroup’s @SecurityBlvd: https://t.co/ZEFdpwilP2
Thursday, 15 June 2023
92% of Devs Use AI, Survey Says ¦ Intel One Mono Font
The moral of the story: Live as if you were to die tomorrow—learn as if you were to live forever
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) June 15, 2023
1⃣ @GitHub touts unbelievable #AI stats, and
2⃣ @Intel’s beautiful #OpenSource #font.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/tcwJtusV8h #DevOps
Wednesday, 14 June 2023
Your Personal Data Sold to US Intelligence Agencies - Security Boulevard
What Price 4th Amendment? Warrant not needed if info bought from brokers:
Secret report “raises significant issues related to privacy and civil liberties.”
— @Richi 🤓 Jennings (@RiCHi) June 14, 2023
There have been “profound changes in the scope and sensitivity” of YOUR info available from data brokers.
Today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/UbsfL7l12p
Monday, 12 June 2023
What a Mess: Barracuda Swaps Countless Appliances — Malware Can’t be Removed - Security Boulevard
ESG FAIL:
#Barracuda on hook to exchange thousands of email security appliances: Pwned so hard they can’t be patched.
— @Richi 🤓 Jennings (@RiCHi) June 12, 2023
Scrotes exploited a @Barracuda #ZeroDay for SEVEN months. In today’s #SBBlogwatch, we can’t quite believe. At @TechstrongGroup’s @SecurityBlvd: https://t.co/8DK6bswgaq
Thursday, 8 June 2023
Pics AND it Didn’t Happen: Sex Deepfake FBI Alert - Security Boulevard
Fake Pr0n Hint:
:@FBI warning of uptick in #sextortion: Scrotes targeting victims by feeding headshots into #deepfake apps, shaking them down. #GenerativeAI is now making horrifically lifelike videos & images.
— @Richi 🤓 Jennings (@RiCHi) June 8, 2023
Today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/kIFFoSuzQ8
Wednesday, 7 June 2023
Microsoft’s 9th Outage in 2023 ¦ RISE of RISC-V ¦ Meta Ends WFH - DevOps.com
The moral of the story: Every human has a finite number of heartbeats—I don’t intend to waste any of mine
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) June 7, 2023
1⃣ Redmond #SaaS keeps failing,
2⃣ @RISC_V is #RISE’ing, and
3⃣ @Meta is enforcing #HybridWork.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/lFuPD3Aws5 #DevOps $MSFT $META
Tuesday, 6 June 2023
PyPI hackers code sneaky new tactic. Researchers caught 'em red handed - ReversingLabs
AST/SCA FAIL — RL FTW:
:@PyPI attackers used compiled code to evade detection. Possibly first attack to take advantage of .PYC files.@ReversingLabs’ reverse engineering team led by Karlo Zanki (pictured) spotted the tactic. In this week’s #SSBlogwatch we round up reax right: https://t.co/N2oLtWkGCn
— @Richi 🤓 Jennings (@RiCHi) June 6, 2023
Monday, 5 June 2023
Chrome Extensions Warning — Millions of Users Infected - Security Boulevard
Perhaps as many as 87 million victims—maybe more:
:@Google under fire again for lax @GoogleChrome Web Store management. Researchers discover 34 malicious #extensions.
— @Richi 🤓 Jennings (@RiCHi) June 5, 2023
And Google’s been ignoring reports since 2021. In today’s #SBBlogwatch, we ask: What price #SecOps? At @TechstrongGroup’s @SecurityBlvd: https://t.co/rCE6bcEKlU
Friday, 2 June 2023
Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research - Security Boulevard
Tit-For-Tat #Triangulation Trojan Talk:
#NSA inserted #backdoors into #iOS, says #FSB, allowing @NSAGov to spy on #Russian officials and foreign diplomats.@Kaspersky dubbed it #Triangulation. In today’s #SBBlogwatch, we wonder why it took 4 YEARS to find. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ZoojilKI7M
— @Richi 🤓 Jennings (@RiCHi) June 2, 2023
Thursday, 1 June 2023
Dev Jobs are Dead: ‘Everyone’s a Programmer’ With AI ¦ Intel VPUs - DevOps.com
The moral of the story: Too many of us are not living our dreams because we are living our fears
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) June 1, 2023
1⃣ @Nvidia’s CEO grabs headlines by saying your career is toast, and
2⃣ @Intel is still fighting.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Ym8m7piEbD #DevOps $NVDA $INTC
Wednesday, 31 May 2023
‘Extinction risk’: Could AI wipe out humans via software backdoors? - ReversingLabs
Generative, schmenerative:
Industry warns of doom unless #AI tamed. Today’s #GenerativeAI models are writing semi-decent code—shouldn’t we worry we’re prepping ground for Skynet?
— @Richi 🤓 Jennings (@RiCHi) May 31, 2023
In this week’s #SSBlogwatch we need your clothes, your boots and your motorcycle. For @ReversingLabs: https://t.co/A0B3AP8Et7
Tuesday, 30 May 2023
‘Predator’ — Nasty Android Spyware Revealed - Security Boulevard
‘Alien’ Technology:
#Malware used by nation-states to target journos, activists and opposition pols gets deconstructed. Its fast, silent attack is frightening.#Predator runs on #iOS and #Android. In today’s #SBBlogwatch, we unpick it. At @TechstrongGroup’s @SecurityBlvd: https://t.co/mP7WeUHZXy
— @Richi 🤓 Jennings (@RiCHi) May 30, 2023
Friday, 26 May 2023
COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT - Security Boulevard
IEC 60870-5-104 ‘insecure by design’:
New #malware that disrupts #electricity #grids. The threat, dubbed #COSMICENERGY, shares DNA with other nasties.
— @Richi 🤓 Jennings (@RiCHi) May 26, 2023
And, yes, it appears to come from #Russia. In today’s #SBBlogwatch, we беспокоимся о будущем. At @TechstrongGroup’s @SecurityBlvd: https://t.co/60TFPSqTH6 #ICS
Subscribe to:
Posts (Atom)