Securing Open Source - Security Boulevard

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

Richi Jennings — Fri, 29 Mar 2024 17:19:26 +0000

Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup.

The post PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found appeared first on Security Boulevard.

China Steals Defense Secrets ‘on Industrial Scale’

Richi Jennings — Mon, 25 Mar 2024 17:08:40 +0000

UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic.

The post China Steals Defense Secrets ‘on Industrial Scale’ appeared first on Security Boulevard.

Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys

Richi Jennings — Fri, 22 Mar 2024 18:56:32 +0000

GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads.

The post Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys appeared first on Security Boulevard.

EPA and White House Raise Alarm on Water Cybersecurity

Richi Jennings — Wed, 20 Mar 2024 16:22:50 +0000

Iran and China fingered: Biden admin. chides governors: Water infra. lacks “even basic cybersecurity precautions.”

The post EPA and White House Raise Alarm on Water Cybersecurity appeared first on Security Boulevard.

Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date

Richi Jennings — Wed, 13 Mar 2024 16:57:09 +0000

Wanna be a VRP VIP? Last year, $GOOG paid $10 million to ethical hackers for finding vulnerabilities.

The post Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date appeared first on Security Boulevard.

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

Richi Jennings — Thu, 29 Feb 2024 16:37:11 +0000

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times.

The post GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL appeared first on Security Boulevard.

CNCF Graduates Falco Project to Improve Linux Security

Michael Vizard — Thu, 29 Feb 2024 15:00:20 +0000

The Cloud Native Computing Foundation (CNCF) announced today that Falco, an open source tool for defining security rules in Linux environments, has officially graduated.

The post CNCF Graduates Falco Project to Improve Linux Security appeared first on Security Boulevard.

US Will Fight Russian Disinformation — Hacks and Leaks and Deepfakes, Oh My!

Richi Jennings — Tue, 27 Feb 2024 18:51:31 +0000

Pay no attention to that man: State Dept. Global Engagement Centre chief James Rubin (pictured) follows the yellow brick road.

The post US Will Fight Russian Disinformation — Hacks and Leaks and Deepfakes, Oh My! appeared first on Security Boulevard.

PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs

Richi Jennings — Thu, 22 Feb 2024 18:01:59 +0000

Underpaid, overworked and angry: Whistleblower in hacker contractor firm for Chinese government blows lid off tactics, techniques and procedures.

The post PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs appeared first on Security Boulevard.

LockBit Takedown by Brits — Time for ‘Operation Cronos’

Richi Jennings — Tue, 20 Feb 2024 14:04:30 +0000

RaaS nicked: 11-nation army led by UK eliminates ransomware-for-hire scrotes’ servers.

The post LockBit Takedown by Brits — Time for ‘Operation Cronos’ appeared first on Security Boulevard.