China stole NSA zero day—4+ years before Shadow Brokers leak - TechBeacon

APT31 vs. S32: FIGHT!

Too much alphanumeric soup? In this week’s #SecurityBlogwatch at @TechBeaconCom, all will become clear: https://t.co/GfhJWXEDkG

— @Richi 😷 Jennings (@RiCHi) February 25, 2021

SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs - Security Boulevard

“Trust Us (Except Don’t)”

This is all a bit too neat and tidy for my liking. In today’s #SBBlogwatch at @SecurityBlvd, we check under the rug: https://t.co/7CvuWztWms

— @Richi 😷 Jennings (@RiCHi) February 19, 2021

Oracle is Said to Help China Find Dissidents and Jail Minorities - Security Boulevard

When Larry Met 习

But is there a There there? In today’s #SBBlogwatch at @SecurityBlvd, we dig in: https://t.co/Krzffz4jZb

— @Richi 😷 Jennings (@RiCHi) February 18, 2021

Lesson from supply chain attacks: Beware 'dependency confusion' - TechBeacon

After Alex Birsan’s $130,000 bug-bounty haul last week, hundreds of bogus npm packages have popped up out of nowhere. They appear to have been published by copycat researchers—some of whom have less-than-pure intentions.

The moral of the story? Make sure the code you’re importing really is the code you think you’re importing.

And, of course, that means he was running his code on other people’s networks. In this week’s #SecurityBlogwatch at @TechBeaconCom, we get lost: https://t.co/r8SepQEDlY

— @Richi 😷 Jennings (@RiCHi) February 18, 2021

Internal Leak of 4,887 Users: Yandex Employee Fate Unknown - Security Boulevard

$YNDX Stays Schtum

No word on what’s happened to the scrote. In today’s #SBBlogwatch at @SecurityBlvd, we visualize them chopped up and hidden in matryoshka dolls: https://t.co/C37YigOSXu

— @Richi 😷 Jennings (@RiCHi) February 15, 2021