Richi Jennings

Tuesday, 31 January 2023

Another Password Manager Leak Bug: But KeePass Denies CVE - Security Boulevard

‘Nihilistic; Dismissive’
Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw.

3/ This strikes many as dangerous.

However, Reichl blames the victim, saying an exploit would be the notional user’s fault for using an insecure device.

In today’s #SBBlogwatch, we dig in.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/dAe0UIjlZ0
— @Richi 🤓 Jennings (@RiCHi) January 31, 2023

Friday, 27 January 2023

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al - Security Boulevard

Site Seized; Russians Riled: The ransomware scrotes known as Hive got pwned this week. Their servers are no more.

3/ Six months of secret work has paid off, we’re told.

In today’s #SBBlogwatch, мы заняты пчелы.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/y8oFdBlzVo
— @Richi 🤓 Jennings (@RiCHi) January 27, 2023

Wednesday, 25 January 2023

Microsoft Outage Outrage: Was it BGP or DNS? - DevOps.com

The moral of the story: Life imposes things on you that you can’t control, but you still have the choice of how you’re going to live through this

#TheLongView: All of @Microsoft’s cloud services go down, everywhere. Redmond’s IaaS, PaaS and SaaS—incl @GitHub—were dead for hours, and are still running unreliably—despite Microsoft saying it’s fixed.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/BQfV23PBtU #DevOps
— @Richi 🤓 Jennings (@RiCHi) January 25, 2023

Tuesday, 24 January 2023

Move over, npm: Trust VS Code extensions at your own risk, dev teams - ReversingLabs

VSC Marketplace FAIL: It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect.

3/ It may also be present in @VisualStudio and @AzureDevOps.

In this week’s #SSBlogwatch we run and hide.

For @ReversingLabs’ @SecuredSoftware: https://t.co/fo19rhLAoX
— @Richi 🤓 Jennings (@RiCHi) January 24, 2023

Monday, 23 January 2023

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew - Security Boulevard

FBI TSC CSV on AWS S3: CommuteAir, a United Airlines puddle-jumper affiliate, leaked the federal government’s No-Fly and “Selectee” lists. Or, at least, a snapshot from 2019—totaling more than 1.8 million entries.

3/ I’m amazed it hasn’t happened before.

In today’s #SBBlogwatch, we say hello to our old friend maia arson crimew—@_nyancrimew.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/WgrpNc5vxd #CommuteAir
— @Richi 🤓 Jennings (@RiCHi) January 23, 2023