Editorial Calendar
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones
Richi Jennings | | 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA solution, 2FA/MFA, Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iCloud, Apple ID, Apple ID failure, Apple iOS, Apple iPad, Apple iPhone, bypass 2FA, MFA, MFA Bombing, mfa fatigue, MFA hacks, mfa protection, mfasecurity, Multi-Factor Authentication (MFA), OTP, OTP circumvention bot, OTP interception bot, phishing-resistant MFA, push otp, SB Blogwatch, TOTP, two-factor-authentication.2fa
Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support ...
Security Boulevard
Cybersecurity Infrastructure Investment Crashes and Burns Without Governance
Just like pilot awareness is crucial during unexpected aviation events, cybersecurity's traditional focus on infrastructure needs to shift to more adept governance ...
Security Boulevard
Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data
Richi Jennings | | Brian J. Dunne, class action, class action lawsuit, DeleteFacebook, facebook, facebook fine, free vpn app, Ghostbusters, IAPP, Man In The Middle, man in the middle attack, man in the middle attacks, Mark Zuckerberg, Meta, mitm, MitM Attack, mitm attacks, mitm tool, mitm tools, Onavo, Onavo VPN, SB Blogwatch, Snapchat, SSL Bump, VPN
Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ...
Security Boulevard
Securing the Future: Navigating the Complexities of Cloud Security
Cloud environments are complex, and can create a difficult territory for security and IT teams to monitor and comprehend ...
Security Boulevard
Telegram Privacy Nightmare: Don’t Opt In to P2PL
Richi Jennings | | 2-step verification, 2fa, 2FA apps, 2FA bypass, 2FA Flaws, 2FA/MFA, Access control and Identity Management, Cloud MFA, digital identity verification, iam, ID verification, MFA, mfa login, mfasecurity, Multi-Factor Authentication (MFA), P2P, SB Blogwatch, SMS, SMS messages, SMS Toll Fraud, Telegram, Telegram app, two-factor-authentication.2fa, Verify 2FA
Scary SMS shenanigans: Avoid Telegram’s new “Peer-To-Peer Login” program if you value your privacy or your cellular service ...
Security Boulevard
China Steals Defense Secrets ‘on Industrial Scale’
Richi Jennings | | china, china espionage, China-linked Hackers, Chinese, Chinese Communists, chinese government, chinese hacker, Chinese hackers, Chinese Intelligence, Chinese state-sponsored hacking group, Chinese Threat Actors, ConnectWise, ConnectWise Vulnerabilities, CVE-2022-0185, CVE-2022-3052, CVE-2023-22518, CVE-2024-1709, Data Stolen By China, Dawn Calvary, f5, F5 BIG-IP, F5 BIG-IP vulnerability, Genesis Day, gov.uk, Mandiant, MSS, MSS Hackers, Peoples Republic of China, PRC, PRC Espionage, SB Blogwatch, ScreenConnect, Teng Snake, uk, UNC302, UNC5174, Uteus, Xiaoqiying
UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic ...
Security Boulevard
Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys
Richi Jennings | | Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iOS, Apple iPad, ARM, cache, dmp, GoFetch, iPad, M1, M2, M3, Macintosh, macos, SB Blogwatch
GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads ...
Security Boulevard
Application Security for Dummies: The Only Way Forward
Aviad Mizrachi | | Application Security, Cybersecurity, Security Usability, User-Friendly Security, ux-design
To improve application security, we must make security so stupid that anyone can do it, and that applies up and down the stack ...
Security Boulevard
IoT Consumer Labeling Goes Global – What This Means for Vendors and Consumers
Carsten Rhod Gregersen | | Compliance, Connected Devices, Cyber Resilience Act, cybersecurity standards, Data Security, Device redevelopment, European legislation, Fines for non-compliance, GDPR (General Data Protection Regulation), Internet of Things (IoT)
IoT producers must comprehend the relevant rules, consult legal and technological experts and evaluate cybersecurity procedures ...
Security Boulevard