Tuesday, 28 June 2022

Russian Hackers Declare War on Lithuania — Killnet DDoS Panic - Security Boulevard

NATO Member Attacked: NATO member Lithuania is under attack from Russian hacking group Killnet. The attacks have been going on for the past week.

Monday, 27 June 2022

ADPPA US Privacy Law: Coming Soon in Wake of Roe v. Wade Redo - Security Boulevard

Welcome to Gilead: We could soon have a federal GDPR—or something similar, at least. Draft legislation is speeding its way through the House of Representatives.

Friday, 24 June 2022

NSA Wants To Help you Lock Down MS Windows in PowerShell - Security Boulevard

Make Monad Great Again: A new cheatsheet from four infosec agencies is making the rounds. The NSA and CISA, together with their cousins in the UK (NCSC) and New Zealand (GCSB), have dreamed up some new recommendations to secure your Windows PCs and servers.

Thursday, 23 June 2022

Cloudflare Outage Outrage | Yet More FAA 5G Stupidity - DevOps.com

The Moral of the Story: Look like the innocent flower, but be the serpent under it

Rejoice, devs and all! Privacy Pass standard nukes CAPTCHAs - develop.secure.software

IETF says I’m human:

Tuesday, 21 June 2022

Hacker Paige Thompson Could Face 45 Years in Prison — ‘Suicide by Law Enforcement’ - Security Boulevard

‘Ethical Hacker,’ Said Failed Defense Plea: Capital One hacker Paige A. Thompson has been found guilty. A jury didn’t buy the defense story of a mere ethical hacker embarrassing a big corporation.

Friday, 17 June 2022

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook - Security Boulevard

#DeleteFacebook: A study shows many U.S. hospitals are leaking personal information to Facebook. Patients’ data is silently scarfed up by the Meta Pixel tracking widget.

Thursday, 16 June 2022

Cloud Giants Shun Wind Power? | LaMDA not Sentient? | MS IE RIP? - DevOps.com

The moral of the story: Brevity is the soul of wit.

Software supply chain alert: ‘7 million’ cleartext access tokens in Travis CI logs - ReversingLabs

Rotate your tokens!

Monday, 13 June 2022

Apple M1 Flaw Can’t be Fixed — PACMAN Panic - Security Boulevard

MIT ARM PAC Hack: Apple’s M1 chip isn’t as safe from buffer overflows as previously thought. M1 and other designs based on ARMv8.3 can have their protections neutered.

Friday, 10 June 2022

Tesla Fails Yet Again: Hackers can Steal Cars via NFC - Security Boulevard

NFC: ‘No F***ing Chance’ it’s Secure. Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Late model S and X cars are probably vulnerable, too.

Thursday, 9 June 2022

DoJ, FBI, IRS Make Empty Boast: SSNDOB ‘Seized’ - Security Boulevard

Just a Speedbump on the Road to Crime: A collection of law enforcement agencies are gloating over their “seizure” of the notorious SSNDOB marketplace, which traded in stolen personal information. But the action seems too little, too late.

How to make C++ memory-safe? Chrome targets UAF bugs with garbage collection - develop.secure.software

Peace sign of the times:

Tuesday, 7 June 2022

Verizon’s Legionella Bugs | Bolt’s Dot-Bomb Echo | Yandex’s Russian CEO Quits - DevOps.com

The moral of the story: Life … is a tale told by an idiot—full of sound and fury, signifying nothing

Monday, 6 June 2022

Broken Windows: ‘Follina’ Flaw not Fixed — For 22 MONTHS - Security Boulevard

The Last Straw for Windows Users? A nasty zero-click, zero-day RCE bug remains unpatched. All supported versions of Windows, plus Windows 7, are affected.

Thursday, 2 June 2022

Tim Hortons ‘Misled’ Customers on Location Privacy — ‘Poorly Designed’ App Tracked Users 24×7 - Security Boulevard

You’ve Always Got Time for Privacy: Canadian coffee-and-doughnuts joint Tim Hortons has been politely rebuked by The Office of the Privacy Commissioner of Canada (OPC). Always fresh.

Proposal: It’s time to regulate and license devs - develop.secure.software

‘The end of IT as we know it’:

3xFAIL: IPv6 Fails | Fintech Fails | Firefox Fails - DevOps.com

The moral of the story: Better three hours too soon than a minute too late.

Thursday, 26 May 2022

Digital Driver’s License Fails Spectacularly — ‘Laughably Easy’ to Forge - Security Boulevard

ServiceNSW’s Reaction was NSFW: Is your state implementing a digital driver’s license? You’d better hope it does better than the Australian state of New South Wales.

Wednesday, 25 May 2022

Go Language is Popular? | VMware Sells to Broadcom? | Unlimited PTO? - DevOps.com

The moral of the story: I like this place and could willingly waste my time in it

Tuesday, 24 May 2022

Zola Wedding App ‘Hacked’ — Victims Lose BIG Money - Security Boulevard

2FA and PCI FAIL? A wedding planning startup, Zola, has been hacked—or so it seems. But the company denies this, blaming its users for reusing passwords.

Thursday, 19 May 2022

‘Incompetent’ Tesla Lets Hackers Steal Cars — via Bluetooth - Security Boulevard

Elon Needs Another Dead Cat: The Tesla Model 3 can be unlocked and stolen via a simple relay attack. The Model Y is probably vulnerable, too.

Tuesday, 17 May 2022

Apple Allows 50% Fee Rise | @ElonMusk Fans: 70% Fake | Microsoft Salaries up by 100%? - DevOps.com

The moral of the story: Expectation is the root of all heartache

Monday, 16 May 2022

Do You Want Secure Supply Chains? SHOW ME THE MONEY - Security Boulevard

1.5 Million Benjamins Needed: The Open Source Security Foundation and Linux Foundation have a plan to fix our broken software supply chains. OpenSSF has published the 10-step program and asked industry to pony up $150 million as a down payment.

Friday, 13 May 2022

MAJOR Justice Dept. Breach — ‘Time for Drastic Measures’ - Security Boulevard

DEA 2FA TLA BBQ: Criminals have access to Justice Department databases, we’re told. Scrotes can write fake data as well as read highly sensitive information, said a credible report.

Thursday, 12 May 2022

EU Has Lost the Plot, Will Ban Encryption — Think of the Children - Security Boulevard

Here We Go Again: The European Union “is failing to protect children.” This stunning admission came from socialist “commissioner,” Ylva Johansson (pictured). She says something must be done—and, yes, what they’re proposing is indeed something.

Tuesday, 10 May 2022

Agile/Scrum is a Failure – Here’s Why - DevOps.com

The moral of the story: The fault is not in our stars—but in ourselves

Monday, 9 May 2022

Putin’s ‘Victory Parade’ TV Show Hacked: ‘Blood on Your Hands’ - Security Boulevard

Vladimir vs. Volodymyr: Ukrainian hackers and their friends continue to pummel Russian computers. And it’s not just DDoS pranks: “Hundreds of millions of documents” are being leaked.

Friday, 6 May 2022

Biden Revs Up US Quantum Plans (Because China) - Security Boulevard

Don’t Say the C-Word: This week, the White House issued a memorandum and executive order that put a shedload of wood behind the quantum-computing arrow. The president wants industry to prep for the coming days when powerful quantum computers are reality. And he’s assembling a committee of experts.

Thursday, 5 May 2022

Twitter/Bluesky ADX Algorithm | Cloud Energy Use ‘Tripled’ | Apple Staff are Revolting - DevOps.com

The Moral of the Story: May the Fifth be with you

Tuesday, 3 May 2022

Spanish Govt. Hacked by NSO Pegasus Spyware (or was it?) - Security Boulevard

Dead-Cat Distraction? The prime minister and the defense minister of Spain were both infected with Pegasus last year. The notorious spyware, sold by NSO Group “only to governments,” was said to have caused large amounts of data to be exfiltrated to persons unknown.

Thursday, 28 April 2022

Ukraine Beats Russia in Cyberwarfare — at ‘Unprecedented Scale’ - Security Boulevard

Grip the Table Harder, Vlad: Russia is attacking Ukraine with cyberattacks and psyops. Microsoft PR is crowing about all the events Redmond has “observed.”

Tuesday, 26 April 2022

What Should Elon Musk Do? | Passwordless Future: Tense | WebKit iOS Monopoly Ends? - DevOps.com

The moral of the story: Such as we are made of, such we be.

Monday, 25 April 2022

‘Crypto Bug of the Year’ Fixed — Update Java NOW - Security Boulevard

Thumbs Down for Oracle: A ridiculously dumb flaw in Java’s signature checking code is now patched. The Elliptic Curve Digital Signature Algorithm (ECDSA) allowed a “blank” signature to be waved through. Doctor Who fans will recognise the reference in the “Psychic Signatures” moniker.

Friday, 22 April 2022

YouTube Bans Hong Kong Election Candidate, Lee Ka-chiu - Security Boulevard

Leekachiu, I Choose You: Google and Facebook have acted against China’s candidate in Hong Kong’s upcoming elections. John Lee Ka-chiu (pictured) was sanctioned by the U.S. in 2020.

Thursday, 21 April 2022

Wi-Fi 7 Chips Ahoy | Google ‘Gone Downhill Fast’ | Real-World ‘Severance’ - DevOps.com

The moral of the story: Modest doubt is called the beacon of the wise

Tuesday, 19 April 2022

China Conquers Confidential Comms – U.S. Utterly Undone - Security Boulevard

No ‘Quantum Leap’ Gags, Please: Chinese researchers have achieved yet another advance in spy-proof data transmission. For the first time, they managed to communicate securely across a distance of more than 60 miles.

Thursday, 14 April 2022

Russian Dev Exodus | Puppet IPO FAIL | Intel 18A Ahead of Sched. - DevOps.com

The moral of the story: Heat not a furnace for your foe so hot that it do singe yourself.

Wednesday, 13 April 2022

Russia Tries to Kill Ukraine’s Power Grid—and FAILS - Security Boulevard

Re-Enter Sandworm: Russia’s infamous Sandworm APT group is at it again: The scrotes have been trying to cut power to the Ukrainian capital, destroy the grid and wipe the computers used to control it.

Tuesday, 12 April 2022

NSO Group Spied on European Union—on French Orders? - Security Boulevard

What Did Didier Do? An espionage attempt was made by an NSO Group customer to hack the phones of senior EU officials. Although there’s some suggestion that it might have been QuaDream—a similar Israeli spyware firm.

Friday, 8 April 2022

Facebook Destroys Russian Trolls (Hey Hey Rise Up) - Security Boulevard

虳迮 迮 邾迮郅訄 苺郕訄郇邽: Meta says it’s eliminated countless fake Facebook accounts controlled by state actors from Russia and Belarus. The trolls have been spreading disinformation and hacking into Ukrainian military accounts.

Thursday, 7 April 2022

Apple Failed—AirTag has a HUGE Stalking Problem - Security Boulevard

Apple Ignored Warnings: One year on, the Apple AirTag product proves the dire predictions correct. Based on sample data from eight police departments, the cheap location trackers are being used to “stalk and harass women.”

Wednesday, 6 April 2022

Facebook Bans Innocent Users | Azure and ARM/Ampere | ‘Great Resignation’—No End in Sight - DevOps.com

The moral of the story: No legacy is so rich as honesty.

Tuesday, 5 April 2022

Mailchimp Hack Causes Theft of Trezor Crypto Wallet ‘Money’ - Security Boulevard

Bloody Vikings: Hackers have stolen a mother lode of personal data from Intuit’s email marketing operation, Mailchimp. And it’s already causing widespread trouble.

Friday, 1 April 2022

Google Opens new Ad-Targeting API—Topics, ‘Privacy Sandbox’ and FLEDGE - Security Boulevard

Bad Google—No Cookie: Cookies are dead—or, at least, their days are numbered. Instead, Google wants to shape the future of targeted advertising.

Thursday, 31 March 2022

Apple, Facebook Doxxed Users—via Fake Police EDRs - Security Boulevard

Not a Smart Move: Hackers have been spoofing email from police forces to steal personal data from big tech companies. They’re faking the firms’ “emergency data request” process (EDR).

Tuesday, 29 March 2022

Lapsus$ Shames Okta/Sitel | Bitcoin Nukes Climate | EU DMA E2EE FAIL - DevOps.com

The Moral of the Story: Uneasy lies the head that wears the crown.

Monday, 28 March 2022

Kaspersky Banned by FCC: ‘Threat to National Security’ - Security Boulevard

Hide the Pain Eugene: The Federal Communications Commission added Kaspersky Lab to a list of banned companies. The FCC alleges the firm is a threat to U.S. national security.

Thursday, 24 March 2022

Cashio Stablecoin: Not Stable—CASH Loses 99.99995% - Security Boulevard

George Looks Pissed: A hacker drove a stablecoin into the ground yesterday. Cashio, a dollar-backed coin, is now all but worthless, thanks to a simple exploit.

Tuesday, 22 March 2022

Apple Outage Outrage | Linux Random Redo | Okta Hacked (or Not) - DevOps.com

The moral of the story: This above all—to thine own self be true.

Monday, 21 March 2022

Bad Dog—Everyone HATES This FIDO Passwordless Idea - Security Boulevard

Dog’s Breakfast of a Plan: Behold! The next steps to passwordless nirvana. The FIDO Alliance is happy to present its plan for ridding us from the yoke of passwords.

Thursday, 17 March 2022

CSS-Tricks Sells Out | Peloton Spins Out | ARM Axes 1,000 - DevOps.com

The moral of the story: Every meeting must involve a parting.

Tuesday, 15 March 2022

Russia Bans Instagram—Influencers Cry While Ukrainians Die - Security Boulevard

And Nothing of Value was Lost: Putin’s Kremlin has followed through on its threat to ban Meta’s Instagram app in Russia. Cue: Much wailing and gnashing of teeth among the 郕郅訄 邽郇郅迮郇迮郋赲.

Friday, 11 March 2022

Russia Force-Feeds new, ‘Trusted’ CA—Yeah, RIGHT - Security Boulevard

.RU CA MITMs You: Websites in Russia can’t renew their TLS/HTTPS certs. That’s because Western sanctions prevent them from paying the trusted certificate issuers.

Thursday, 10 March 2022

US Helped Ukraine With Infosec—Story is ‘Dangerous Arrogance’ - Security Boulevard

Unhelpful and Myopic: Mainstream media has been full of stories about how the U.S. cleverly anticipated the Russian invasion of Ukraine and skilfully helped the country shore up its defences against Russian hacking. But scratch the surface and there’s not much of a There there.

Wednesday, 9 March 2022

Lumen Says It’ll Exit Russia—but Will it REALLY? - Security Boulevard

Follow the Money:

Tuesday, 8 March 2022

TikTok Shuns Russia | War on Patent Trolls | Chrome is ‘Faster than Safari’ - DevOps.com

The Moral of the Story: Good words shall gain you honor, but good deeds shall gain you friends.

Monday, 7 March 2022

Lapsus$ Strikes Again—190GB Samsung Data Release by Nvidia Hackers - Security Boulevard

Ransomware Redux: Samsung Electronics has had confidential data stolen and leaked by ransomware scrotes. These are the same thugs that hacked Nvidia recently—calling themselves Lapsus$.

Thursday, 3 March 2022

Epic PsyOp—Ukrainians Leak 120,000 Russian Troops’ Info - Security Boulevard

Orcs’ PII at Large: Personal data on 120,000 of Putin’s invaders has been leaked. “Reliable sources” say this is the PII of Russian servicemen in the Ukrainian theater.

Wednesday, 2 March 2022

Ukraine Asks for DNS Censorship | Ukraine Snapchat Staff Danger | #BoycottKaspersky? - DevOps.com

The Moral of the Story: If an elephant has its foot on the tail of a mouse and you say that you are neutral, the mouse will not appreciate your neutrality.

Tuesday, 1 March 2022

Revealed: Daxin—‘China-Linked’ Advanced Stealth Backdoor - Security Boulevard

‘Oh, Bother,’ Said Pooh: Researchers unveiled espionage malware from China yesterday. What they’re calling Backdoor.Daxin “is, without doubt, the most advanced piece of malware” they’ve seen from The People’s Republic.

Friday, 25 February 2022

Hackers Wanted—Ukraine Government Calls Up its ‘Cybercommunity’ - Security Boulevard

Conscript Hackers: The Ukrainian Defense Ministry is asking for infosec help from its citizens. It’s calling up volunteers to join a “cyber force” that would defend against Russian attacks.

Thursday, 24 February 2022

Akamai: Buying Linode | Firefox: Not OK | Gone: Google Vaccine Mandate - DevOps.com

The Moral of the Story: Failure is the foundation of success—and the means by which it is achieved.

Tuesday, 22 February 2022

Puttin’ Putin on Notice—We Will Hack Russia Back - Security Boulevard

Monaco: Not Just a Tax Haven—If Russia launches cyberattacks on the U.S. or on NATO allies, it risks being hacked back. This warning comes amid rising tensions around Russia’s (ahem) “peacekeeping” in eastern Ukraine.

Monday, 21 February 2022

$3 Million Hack of NFTs—‘And Nothing of Value was Lost’ - Security Boulevard

Fake Money Funds Fake Property: OpenSea, the NFT marketplace, got hacked last week. Or perhaps it didn’t—the firm denies it, but also brags about its updated code that would have prevented the not-a-hack. You decide:

Thursday, 17 February 2022

IBM ‘is Ageist and Sexist’ | IBM Mainframe-aaS | IBM Vaccine Mandate - DevOps.com

The Moral of the Story: Those who know do not speak; those who speak do not know.

Tuesday, 15 February 2022

Oh! Canada—Truck Protest Donor PII Hacked - Security Boulevard

Freedom FAIL: Our polite neighbors to the north are revolting. And we’re funding them (in part).

Monday, 14 February 2022

Zoom Hot-Mic Bug: Is China Listening? - Security Boulevard

Hot-Mic Bug or Spyware Feature? Zoom users on macOS have noticed the microphone stays on after a meeting has ended. This only came to light after a privacy change was made in macOS Monterey, but it appears the problem has been in the code for a long time.

Thursday, 10 February 2022

Google Lauds 2FA Results—So Why do People HATE It? - Security Boulevard

2FA? 2SV? Let’s Call the Whole Thing Off: Google started auto-enrolling users in two-factor authentication (2FA). That was nine months ago—now it’s releasing the results.

Unreliable Server Scare | Information Batteries | ARM IPO PDQ - DevOps.com

The Moral of the Story: Fall seven times and stand up the eighth

Tuesday, 8 February 2022

Facebook’s Threat to Exit Europe—EU Waves Buh-Bye - Security Boulevard

Oh No EU Didn’t: Meta, Facebook’s parent, warned investors that it might need to pull out of Europe. Why? Because it might not have a legal basis for transferring users’ data outside of the GDPR zone.

Thursday, 3 February 2022

US Hacker ‘P4x’ Gets Back at Pyongyang (but We Smell a Rat) - Security Boulevard

DPRK FAIL: An infosec researcher was hacked by North Korea. U.S. law enforcement did nothing, so he took matters into his own hands.

Tuesday, 1 February 2022

App Store Antitrust Bill | GDPR vs. Google Fonts | Wordle Worth $10M+ - DevOps.com

The moral of the story: No disguise will hide one’s true character.

Monday, 31 January 2022

Banking Trojan in Google Play App Store—‘2FA Authenticator’ drops Vultur RAT - Security Boulevard

10K+ Downloads in 14+ Days: An Android app has been found to drop the Vultur banking Trojan. This “dangerous” and “advanced” banking malware steals victims’ financial credentials.

Friday, 28 January 2022

Fake Cash Scams Thrive on Facebook and Insta—FTC - Security Boulevard

Imaginary Money Enriches Zuckerberg: Cryptocurrency scammers love social media—especially Meta’s platforms. The Federal Trade Commission says hundreds of millions of dollars were scammed from U.S. consumers in 2021 (and that’s just the scams the FTC knows about).

Thursday, 27 January 2022

Google FLoC is Dead | Meta AI Supercomputer Lives | ARM Deal is Dead - DevOps.com

The Moral of the Story: Zeal should not outrun discretion.

Monday, 24 January 2022

WordPress Supply Chain Attack—93 Add-Ons Infected for Months - Security Boulevard

AccessPress Accessed by Hackers: A popular maker of WordPress plugins and themes was hacked by scrotes unknown. It seems 93 of AccessPress’s offerings were modified to give the hackers “full access” to users’ sites.

Wednesday, 19 January 2022

Zoom-Layoff CEO is Back | Bill Bans Targeted Ads | More FAA 5G Stupidity - DevOps.com

The Moral of the Story: The perfect is the enemy of the good.

Tuesday, 18 January 2022

Crypto.com: Fortune Favors the Hacker—$16M ‘Stolen’ - Security Boulevard

DeFi—A Planet-Burning Ponzi Scheme: DeFi exchange Crypto.com got hacked yesterday, sources say. Users reported imaginary money missing from their accounts—as researchers watched it being laundered.

Monday, 17 January 2022

‘Russian’ Wiper Malware: ‘Prelude to war’ in Ukraine - Security Boulevard

Operation Himmler Redux? Ukraine, surrounded on three sides by massed Russian military, is again under malware attack. And the tactics look strikingly similar to 2017’s NotPetya hack on Ukraine by the Russian GRU.

Friday, 14 January 2022

1/6/21 Insurrection—What Did the Social Networks Know? - Security Boulevard

Capitol Conundrum: The January 6 committee has had enough of delay and prevarication. The Congressional Select Ctte. wants evidence about alleged insurrectionists conspiring in the days leading up to that fateful day. And right now would be a good time.

Thursday, 13 January 2022

EEEWW—Green iMessage Bubbles | ‘Great Resignation’ Redux | Faster Firefox 96 - DevOps.com

The moral of the story: A weasel wishing Happy New Year to a chicken harbors no good intention.

Tuesday, 11 January 2022

‘Shame on You, Moxie Marlinspike’—Fake Cash Scheme Pollutes Signal Nonprofit - Security Boulevard

Follow the Funny Money: Creator of the Signal encrypted messaging app, Moxie Marlinspike (pictured), is suddenly stepping down as CEO of Signal. So suddenly, in fact, that there’s no succession plan in place—the foundation’s co-founder will step in for now.

Friday, 7 January 2022

Facebook/Google use Dark Patterns in Cookie Consent—says France, Waving $240M Fines - Security Boulevard

Tyranny’s bloody standard is raised against us: France plans to hit Google and Facebook/Meta with $240 million in fines (€210M). French people have been complaining the tech giants’ cookie-consent popups are illegal.

Thursday, 6 January 2022

Theranos’s Holmes VC Reverb | 5G C-Band Marches On | Mozilla Jumps Shark - DevOps.com

The Moral of the Story: What is safety to one is not always safety to another.

Tuesday, 4 January 2022

Did U.S. Charge Klyushin to Reveal 2016 DNC Hack Info? - Security Boulevard

Vladislav vs. Vladimir: A Russian man, extradited from Switzerland last month, is thought to be helping U.S. authorities learn more about the 2016 Democratic Party breach. The original charge was one of insider trading, but now we might find out more about that alleged election manipulation.

Monday, 3 January 2022

Apple AirTag: Absolutely Awful, Say Stalking Victims - Security Boulevard

Immoral Compass: Apple is under renewed flak for its AirTags—and how they make life easy for stalkers and carjackers. A tsunami of anecdata shows Cupertino’s location tracker toy being misused by criminals.