Software Supply Chain Security
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data
Richi Jennings | | Brian J. Dunne, class action, class action lawsuit, DeleteFacebook, facebook, facebook fine, free vpn app, Ghostbusters, IAPP, Man In The Middle, man in the middle attack, man in the middle attacks, Mark Zuckerberg, Meta, mitm, MitM Attack, mitm attacks, mitm tool, mitm tools, Onavo, Onavo VPN, SB Blogwatch, Snapchat, SSL Bump, VPN
Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ...
Security Boulevard
China Steals Defense Secrets ‘on Industrial Scale’
Richi Jennings | | china, china espionage, China-linked Hackers, Chinese, Chinese Communists, chinese government, chinese hacker, Chinese hackers, Chinese Intelligence, Chinese state-sponsored hacking group, Chinese Threat Actors, ConnectWise, ConnectWise Vulnerabilities, CVE-2022-0185, CVE-2022-3052, CVE-2023-22518, CVE-2024-1709, Data Stolen By China, Dawn Calvary, f5, F5 BIG-IP, F5 BIG-IP vulnerability, Genesis Day, gov.uk, Mandiant, MSS, MSS Hackers, Peoples Republic of China, PRC, PRC Espionage, SB Blogwatch, ScreenConnect, Teng Snake, uk, UNC302, UNC5174, Uteus, Xiaoqiying
UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic ...
Security Boulevard
Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys
Richi Jennings | | Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iOS, Apple iPad, ARM, cache, dmp, GoFetch, iPad, M1, M2, M3, Macintosh, macos, SB Blogwatch
GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads ...
Security Boulevard
Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date
Richi Jennings | | alphabet, bounty, bug bounty, bug bounty program, bugbounty, ethical hacker, ethical hackers, ethical hacking, google, SB Blogwatch, Vulnerability Rewards Program (VRP), white hat, white hat hacker, white hat hackers, White Hat Security, White Hats, WhiteHat, whitehat hackers, WhiteHat Security
Wanna be a VRP VIP? Last year, $GOOG paid $10 million to ethical hackers for finding vulnerabilities ...
Security Boulevard
Mitigating Lurking Threats in the Software Supply Chain
The first step to addressing software supply chain vulnerabilities and threats is to understand the most common attacks. Here's where to start ...
Security Boulevard
Irony of Ironies: CISA Hacked — ‘by China’
Richi Jennings | | china, china espionage, Chinese, Chinese Communists, Chinese drive-by attack, chinese government, chinese hacker, Chinese hackers, Chinese state-sponsored hacking group, Chinese Threat Actors, CIRCIA, cisa, CISA.gov, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, Cyber Security and Infrastructure Security Agency, Cybersecurity & Infrastructure Security Agency, Cybersecurity and Infrastructure Agency, Data Stolen By China, federal agency, Ivanti, Ivanti Connect Secure, Ivanti Policy Secure, Ivanti security, Ivanti Vulnerabilities, Ivanti Zero day vulnerability, Ligolo, Magnet Goblin, NerbianRAT, NSA/CISA, Peoples Republic of China, SB Blogwatch, Volt Typhoon, WARPWIRE
Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti ...
Security Boulevard
Self-Replicating AI Malware is Here😱 #ComPromptMized
Richi Jennings | | AI, Artificial Intelligence (AI), Artificial Intelligence (AI)/Machine Learning (ML), Artificial Intelligence News, artificial intellignece, Artificial Stupidity, artificialintelligence, ComPromptMized, cybersecurity risks of generative ai, generative AI, Generative AI risks, Large Language Models (LLM), Large language models (LLMs), LLM, LLMs, Morris Worm, SB Blogwatch, worm, worm morris, WormGPT
Skrik: Researchers worm themselves into your nightmares ...
Security Boulevard
Cheap Video Doorbell Cams: Tools of Stalkers and Thieves
Richi Jennings | | Andoe, Anker, camera, camera hijacking, camera vulnerability, cameras, CCTV camera, CCTV cameras, Consumer IoT, Consumer Reports, Doorbell Camera, Eken, enshittification, Eufy, Fishbot, Gemee, hacked Wi-FI, Internet of things, Internet of Things (IoT), Internet of Things (IoT) Security, Internet of Things cyber security, internet-enabled cameras, iot, IoT camera, IoT security camera, IP surveillance cameras, ipcamera, Luckwolf, Rakeblue, Ring Camera, Ring Doorbell, safe wifi, SB Blogwatch, Sears, SHEIN, The ‘S’ in IoT stands for Security, Tuck, unsecure Wi-FI, Wi-Fi, Wi-Fi hacking, Wi-Fi networks, wi-fi security, Wyze
EKEN IoT FAIL: Amazon, Sears and Shein still sell security swerving stuff ...
Security Boulevard
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard