#NSA inserted #backdoors into #iOS, says #FSB, allowing @NSAGov to spy on #Russian officials and foreign diplomats.@Kaspersky dubbed it #Triangulation. In today’s #SBBlogwatch, we wonder why it took 4 YEARS to find. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ZoojilKI7M
— @Richi 🤓 Jennings (@RiCHi) June 2, 2023
Friday, 2 June 2023
Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research - Security Boulevard
Thursday, 1 June 2023
Dev Jobs are Dead: ‘Everyone’s a Programmer’ With AI ¦ Intel VPUs - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) June 1, 2023
1⃣ @Nvidia’s CEO grabs headlines by saying your career is toast, and
2⃣ @Intel is still fighting.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Ym8m7piEbD #DevOps $NVDA $INTC
Wednesday, 31 May 2023
‘Extinction risk’: Could AI wipe out humans via software backdoors? - ReversingLabs
Industry warns of doom unless #AI tamed. Today’s #GenerativeAI models are writing semi-decent code—shouldn’t we worry we’re prepping ground for Skynet?
— @Richi 🤓 Jennings (@RiCHi) May 31, 2023
In this week’s #SSBlogwatch we need your clothes, your boots and your motorcycle. For @ReversingLabs: https://t.co/A0B3AP8Et7
Tuesday, 30 May 2023
‘Predator’ — Nasty Android Spyware Revealed - Security Boulevard
#Malware used by nation-states to target journos, activists and opposition pols gets deconstructed. Its fast, silent attack is frightening.#Predator runs on #iOS and #Android. In today’s #SBBlogwatch, we unpick it. At @TechstrongGroup’s @SecurityBlvd: https://t.co/mP7WeUHZXy
— @Richi 🤓 Jennings (@RiCHi) May 30, 2023
Friday, 26 May 2023
COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT - Security Boulevard
New #malware that disrupts #electricity #grids. The threat, dubbed #COSMICENERGY, shares DNA with other nasties.
— @Richi 🤓 Jennings (@RiCHi) May 26, 2023
And, yes, it appears to come from #Russia. In today’s #SBBlogwatch, we беспокоимся о будущем. At @TechstrongGroup’s @SecurityBlvd: https://t.co/60TFPSqTH6 #ICS
Thursday, 25 May 2023
US DoJ Makes PyPI Give Up User Data ¦ Tape Storage: Not Dead - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) May 25, 2023
1⃣ @PyPI complies with a “string of subpoenas,” and
2⃣ #LTO continues to grow, despite predictions of its demise.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/a9wWCbJgCv #DevOps
Wednesday, 24 May 2023
‘BrutePrint’ Unlocks Android Phones — Chinese Researchers - Security Boulevard
A brace of 0-days allow them to unlock @Android phones with a fake #fingerprint. They’ve dubbed it #BrutePrint.
— @Richi 🤓 Jennings (@RiCHi) May 24, 2023
Check your #ThreatModel for broken #biometrics. In today’s #SBBlogwatch, we touch on all the issues.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/iGrXGStaae
Tuesday, 23 May 2023
PyPI paused as automated attack overwhelms admins - ReversingLabs
:@PyPI under attack from bots at weekend. Bad actors submitting malicious packages with names similar to established deps.
— @Richi 🤓 Jennings (@RiCHi) May 23, 2023
Yet another scary illustration of fragile #SoftwareSupplyChains. In this week’s #SSBlogwatch we look deeper.
For @ReversingLabs: https://t.co/ahUzInOJjM
Monday, 22 May 2023
Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight - Security Boulevard
:@EUintheUS slaps €1.2B fine on @Meta. For @Facebook’s illegal processing of data in US—where there’s no #privacy law.
— @Richi 🤓 Jennings (@RiCHi) May 22, 2023
It’s taken 10 years already. In #SBBlogwatch, we see this rumbling on for another decade.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/cb6h0Zk1aO #GDPR
Friday, 19 May 2023
Google Chrome 3rd Party Cookies Crumbling — Finally! - Security Boulevard
:@Google’s plan to kill the #3rdPartyCookie is moving forward.
— @Richi 🤓 Jennings (@RiCHi) May 19, 2023
The #PrivacySandbox #AdTech APIs are close to being finalized, but more testing needs done. In today’s #SBBlogwatch, we can’t wait another 18 months.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/Zq08qpKL7w
Thursday, 18 May 2023
OpenAI to go Open Source — Elon Musk was a ‘Huge Idiot’ ¦ Mojo Risin’ - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) May 18, 2023
1⃣ Sources say it’s an #OpenSource future for @OpenAI, and
2⃣ Improving #AI #perf with #MojoLang.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/bh0Jgu1sGb #DevOps
Wednesday, 17 May 2023
MSI UEFI key breach: How safe are YOUR secrets?
Last month’s @MSItweets data theft causing panic: Extremely sensitive signing #keys have been found among the leaked data.
— @Richi 🤓 Jennings (@RiCHi) May 17, 2023
If nothing else, there are important lessons to learn. In this week’s #SSBlogwatch we lock up our secrets.
For @ReversingLabs: https://t.co/QIJL1wXoun
Tuesday, 16 May 2023
TSA Facial Recognition Pilot Flies Solo at U.S. Airports - Security Boulevard
:@TSA is piloting a way to match scans of your face with the ID you present at security.
— @Richi 🤓 Jennings (@RiCHi) May 16, 2023
But there are #privacy concerns—are they justified? In today’s #SBBlogwatch, we kick the tires and light the fires.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/4b4S4x3kFi
Wednesday, 10 May 2023
Microservices Sucks — Amazon Goes Back to Basics - DevOps.com
In #TheLongView: @Amazon @PrimeVideo has ditched its use of #microservices-cum-#serverless, reverting to a traditional, #monolithic architecture. It vastly improved the workload’s cost and #scalability.
— @Richi 🤓 Jennings (@RiCHi) May 10, 2023
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/pGSObEIwSe #DevOps
Tuesday, 9 May 2023
Red teamers take on AI at DEF CON 31 - ReversingLabs
At @DEFCON 31, #infosec researchers can compete to find vulns in the new generation of #LLM #generativeAI.
— @Richi 🤓 Jennings (@RiCHi) May 9, 2023
From bias, to hallucination and jailbreaks, expect much egg on face. In this week’s #SSBlogwatch we prime for prompt action. For @ReversingLabs: https://t.co/bhxGToJADr
Monday, 8 May 2023
Knives Out for TikTok as Journo Reveals her Spy Story - Security Boulevard
Reporter “surveilled” by @TikTok_US staff. Saga left @CristinaCriddle “on edge,” losing sleep and asking, “What is #TikTok?”@ByteDanceTalk denies spying. In today’s #SBBlogwatch, we feel direction wind is blowing. At @TechstrongGroup’s @SecurityBlvd: https://t.co/fx1A8QlLqa
— @Richi 🤓 Jennings (@RiCHi) May 8, 2023
Friday, 5 May 2023
Dallas Reels from Royal Ransomware Raid - Security Boulevard
#Dallas still paralyzed from Monday’s #ransomware attack. City IT badly affected—including @DallasPD, 911 dispatch, courts. #Royal ransomware group is perp.
— @Richi 🤓 Jennings (@RiCHi) May 5, 2023
In today’s #SBBlogwatch, we shot J.R. (ask your parents).
At @TechstrongGroup’s @SecurityBlvd: https://t.co/ovMfFAL4dz
Thursday, 4 May 2023
FIDO/WebAuthn Passkeys is Inevitable: Get on the Train ¦ IBM CEO Hates WFH - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) May 4, 2023
1⃣ The #Passkeys #authentication standard gets a huge boost, and
2⃣ @IBM’s @ArvindKrishna wants workers back in the office.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/myY00RiYsf #DevOps #DevSecOps #2FA #WFH
Wednesday, 3 May 2023
SolarWinds hack: Did DoJ know 6 months earlier? - ReversingLabs
What did @TheJusticeDept know about the @SolarWinds fiasco? How early did it find out? And who did it tell?
— @Richi 🤓 Jennings (@RiCHi) May 3, 2023
It’s complicated. But Hanlon’s razor probably applies. In this week’s #SSBlogwatch we look at the story from all sides. For @ReversingLabs: https://t.co/cunYTPlzYO
Tuesday, 2 May 2023
New Apple ‘Rapid’ Update is Slow, Messy FAIL - Security Boulevard
:@Apple’s new #RapidSecurityResponse update is a mess. The whole thing seems a bit half-baked.
— @Richi 🤓 Jennings (@RiCHi) May 2, 2023
No doubt it’s important to install. In today’s #SBBlogwatch, we’re in the dark—because there aren’t any release notes.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/1dgcYPvzEw
Friday, 28 April 2023
Rust in Windows — it’s Official — Safe and Fast - Security Boulevard
Yes, @Microsoft loves @RustLang: It’s rewriting some of @Windows in #Rust. #Security VP @dwizzzleMSFT reveals more, to the excitement of many.
— @Richi 🤓 Jennings (@RiCHi) April 28, 2023
In today’s #SBBlogwatch, we can’t wait for the next #Insider build. At @TechstrongGroup’s @SecurityBlvd: https://t.co/vKeFXQbslb
Thursday, 27 April 2023
Linux 6.3: What’s New ¦ AWS Layoffs are a Worry - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) April 27, 2023
1⃣ A new #Linux kernel drops, and
2⃣ #layoffs at @AWScloud point to trouble.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Mgt8eLrtsf #DevOps $AMZN #AWS
Wednesday, 26 April 2023
#RSAC is bustling — AI + security is huge: #StrongerTogether? - ReversingLabs
At #RSAC, you can’t move for #AI chatter. How will it help with #SoftwareSupplyChain #security? And will it help bad actors?@MosconeCenter is full of people again. In this week’s #SSBlogwatch we believe the hype. For @ReversingLabs’ @SecuredSoftware: https://t.co/2SaXAzF1II
— @Richi 🤓 Jennings (@RiCHi) April 26, 2023
Tuesday, 25 April 2023
FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch - Security Boulevard
:@Google’s #2FA #OTP app now remembers settings between installs. $GOOG’s #Authenticator app has been worse than useless.
— @Richi 🤓 Jennings (@RiCHi) April 25, 2023
But Google might have reduced your security. In today’s #SBBlogwatch, we sync our thoughts.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/OqBnSHvkZY
Monday, 24 April 2023
Governments Try to Ban Encryption (Yet Again) - Security Boulevard
Yet again, they’re tugging on the “think of the children” strings.
— @Richi 🤓 Jennings (@RiCHi) April 24, 2023
Really? This tired old argument again? In today’s #SBBlogwatch, we repeat ad nauseam: You can’t make #math illegal.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/ZoFovPDZQ1
Tuesday, 18 April 2023
EU cyber laws ‘will’ make FOSS devs liable - ReversingLabs
The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).
European lawmakers want all software makers to be liable for security holes. Even non-profit or hobbyist developers could be sued for negligence.
The EU’s draft Cyber Resilience Act (CRA) and Product Liability Act (PLA) would “create a chilling effect” and do “irreparable harm,” according to the organization behind Python and PyPI. When replicated across other parts of the software supply chain ecosystem, we risk the whole house of cards crashing down — as devs race to limit their liability.
The goal might be laudable, but some aspects need a major rethink. In this week’s Secure Software Blogwatch, we fear unintended consequences.
Read more: EU cyber laws ‘will’ make FOSS devs liable
Monday, 17 April 2023
Drop Everything: Update Chrome NOW — 0-Day Exploit in Wild - Security Boulevard
:@GoogleChrome has high-severity vuln. Scrotes already exploiting it.#CVE20232033 is a nasty zero-day that needed @Google to rush out an emergency patch.
— @Richi 🤓 Jennings (@RiCHi) April 17, 2023
In today’s #SBBlogwatch, we head for the hamburger.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/KoDNHxIRyk
Friday, 14 April 2023
Western Digital Redux: My Cloud Alive Again, Ransom is $10M+ - Security Boulevard
10 days on, @WesternDigital #MyCloud drives are alive again. But #ransomware hackers want huge payday—or will release 10TB of pilfered private data.
— @Richi 🤓 Jennings (@RiCHi) April 14, 2023
In today’s #SBBlogwatch, we wonder if we can trust $WDC ever again.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/EQgCCON5st
Thursday, 13 April 2023
Can ChatGPT Fix Bugs? ‘Wolverine’ Dev Says YES - DevOps.com
In this week’s #TheLongView: Instead of #AI aids for #programming, what about for #debugging?
— @Richi 🤓 Jennings (@RiCHi) April 13, 2023
The pseudonymous @Bio_Bootloader says he’s persuaded #GPT4 to make his code self heal.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/mAODYklXQw #DevOps #ChatGPT
Wednesday, 12 April 2023
‘But His Emails!’ — Ukrainian Hackers Hack Hillary Hacker - Security Boulevard
Confirms #DCLeaks caper was by #APT28. #Russian #GRU officer #SergeyMorgachev wanted by @FBI for influencing 2016 #election. And now he’s been doxxed—hackers ordered sex toys.
— @Richi 🤓 Jennings (@RiCHi) April 12, 2023
In today’s #SBBlogwatch, we dil-don’t. At @TechstrongGroup’s @SecurityBlvd: https://t.co/vSK7NdipXi
Tuesday, 11 April 2023
Has public USB ‘juice jacking’ made it into the wild? - ReversingLabs
🫣@FBIDenver last week warned folks not to plug into public #USB charging stations.
— @Richi 🤓 Jennings (@RiCHi) April 11, 2023
As more and more laptops can charge via USB PD, traveling #DevOps staff (with credentials etc.) need to be aware.
In this week’s #SSBlogwatch, we remember DEF CON 19: https://t.co/i3mhj08HV3
Monday, 10 April 2023
Yes, You CAN Steal This Car — by Opening the Fender - Security Boulevard
Thieves are prising open the front fenders of cars, just below the headlight. The idea is to get at the car’s data bus, known as CAN.
😱 @Toyota #RAV4 and many others vulnerable to #CANbus injection attack. Cars need #ZeroTrust too.
— @Richi 🤓 Jennings (@RiCHi) April 10, 2023
Scrotes CAN spoof the keyless ignition.
In today’s #SBBlogwatch, we bemoan lousy vehicle security design.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/3Sc49Cd1wB
Friday, 7 April 2023
Tesla Staff Shared Saucy Snaps of Customers (Sources Say) - Security Boulevard
After interviewing nine ex-employees, @Reuters alleges gross misconduct inside #Tesla: “#Private camera recordings, captured by cars, were shared in chat rooms.”
— @Richi 🤓 Jennings (@RiCHi) April 7, 2023
In today’s #SBBlogwatch, we break out the duct tape.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/u97atBZQUT
Thursday, 6 April 2023
Android Apps Must Let Users Delete Data ¦ RISC-V in the Data Center - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) April 6, 2023
1⃣ @Google forces apps to make deleting users’ data easier,
2⃣ the @RISC_V drumbeat grows louder.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/PpTTz4PPhD #DevOps @Calista_Redmond @AndroidDev
Wednesday, 5 April 2023
With Twitter code in the wild, DevSecOps doubts surface - ReversingLabs
First, @Twitter’s source code was leaked. Then it open-sourced its #ranking algorithm.
— @Richi 🤓 Jennings (@RiCHi) April 6, 2023
In this week’s #SSBlogwatch we ponder the unintended consequences of “transparency.”
For @ReversingLabs’ @SecuredSoftware: https://t.co/SOnU3SFz3V
Tuesday, 4 April 2023
TikTok Abused Kids’ Data — UK Fines it $16 Million - Security Boulevard
UK regulator punishes TikTok at 5.5% of revenue. Says app illegally tracked children.
3/ In other news, #Australia bans the app from federal phones, making it the fifth eye to close.
— @Richi 🤓 Jennings (@RiCHi) April 4, 2023
In today’s #SBBlogwatch, we sip our coffee, oblivious to the events unfolding currently.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/KfSJ652phF
Monday, 3 April 2023
Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!) - Security Boulevard
Hack of WD systems leads to My Cloud service outage. Owners unable to access files.
3/ Bizarrely, even though users have local files on the NAS, they’re *inaccessible*.
— @Richi 🤓 Jennings (@RiCHi) April 3, 2023
In today’s #SBBlogwatch, we shrug and shuck.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/iiJOzVR05P
Friday, 31 March 2023
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) March 31, 2023
1⃣ The @npmJS #npm #repo suffers #spam infestation, and
2⃣ Microsoft @Azure makes @GoogleCloud sad.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/7Dx18QMc2T #DevOps
Thursday, 30 March 2023
Brits Slap Wrists of DDoS Kids, via NCA’s Fake Booter Sites - Security Boulevard
UK National Crime Agency nips it in the bud: Aims to scare straight naughty DDoS kiddies.
3/ The theory goes that an early slap on the wrist can stop people becoming hardened #cybercriminals.
— @Richi 🤓 Jennings (@RiCHi) March 30, 2023
In today’s #SBBlogwatch, we’re a tiny bit skeptical, your majesty.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/zjtZKoRmkb
Wednesday, 29 March 2023
Do you trust AI to find app sec holes while you sleep? - ReversingLabs
Microsoft has turned OpenAI’s LLM onto cybersecurity. “Security Copilot” is its name for conversational, ChatGPT security analysis and monitoring.
Or, at least, so says #Microsoft.
— @Richi 🤓 Jennings (@RiCHi) March 30, 2023
In this week’s #SSBlogwatch we wonder whether to believe the hype.
For @ReversingLabs’ @SecuredSoftware: https://t.co/TMl9H2xe08 #AI #ML #GPT #GPT4 #ChatGPT #ChatGPT4
Friday, 17 March 2023
FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?
Federal Communications Commission rules to block illegal text messages. What took you so long?
Sadly, this is likely to be as useful as the Commission’s rules about spoofed calls (i.e., not at all).
— @Richi 🤓 Jennings (@RiCHi) March 17, 2023
In today’s #SBBlogwatch, we ask if it’ll have the desired effect.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/0kOncwKKxh
Thursday, 16 March 2023
Scams Lost US $10 BILLION in 2022 — Crypto Fraud Grows Fast - Security Boulevard
It makes terrifying reading.
— @Richi 🤓 Jennings (@RiCHi) March 16, 2023
In today’s #SBBlogwatch, we duck and cover.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/iJs11FktrI
Wednesday, 15 March 2023
GitHub enforces 2FA — it’s about time (given the state of supply chain security) - ReversingLabs
This week’s #SSBlogwatch for @ReversingLabs’ @SecuredSoftware: https://t.co/hJnLLAR8Zf #2FA #MFA #SoftwareSupplyChain
— @Richi 🤓 Jennings (@RiCHi) March 15, 2023
Tuesday, 14 March 2023
SVB: When Silly Valley Sneezes, DevOps Catches a Cold - DevOps.com
In this week’s #TheLongView: #SiliconValleyBank and what it means for #DevOps. Your salary is safe, but who’s to blame?
— @Richi 🤓 Jennings (@RiCHi) March 14, 2023
Perhaps we just need *more* SVBs, so the risk doesn’t get concentrated in one bank.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/4tldSt3c8r #SVB
Monday, 13 March 2023
White House to Regulate Cloud Security: Good Luck With That - Security Boulevard
3/ The internet disagrees.
— @Richi 🤓 Jennings (@RiCHi) March 13, 2023
In today’s #SBBlogwatch, we unpick the arguments.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/xnkBuf6Nmu
Friday, 10 March 2023
‘Extraordinary, Egregious’ Data Breach at House and Senate - Security Boulevard
3/ By the people, for the people?
— @Richi 🤓 Jennings (@RiCHi) March 10, 2023
In today’s #SBBlogwatch, we wait to see how equal we really are.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/KQDiXatBnP
Thursday, 9 March 2023
Ban TikTok, say FBI, CIA, NSA, DNI, GOP, DNC, POTUS (but not ACLU) - Security Boulevard
The White House and both sides of the Senate agree: TikTok needs to be stopped—or at least RESTRICT’ed. A bipartisan bill seeks to make that happen.
This alphabet soup surely means a ban /will/ happen.
— @Richi 🤓 Jennings (@RiCHi) March 9, 2023
In today’s #SBBlogwatch, we refresh our FYPs while we still can.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/IkY8haRQhv
Wednesday, 8 March 2023
Linux Tweak Brings Big Speedup ¦ DCs in SPAAACE (Redux) ¦ Atlassian Fires 500 - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) March 8, 2023
1⃣ @Intel optimizes #Linux multithreaded networking,
2⃣ #DataCenters in #space (again), and
3⃣ more #DevOps toolmaker #layoffs.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/4ZDCq9LweN
Tuesday, 7 March 2023
White House cyber strategy: A love/hate story - ReversingLabs
3/ Naturally, it’s dividing opinions.
— @Richi 🤓 Jennings (@RiCHi) March 7, 2023
As usual, in this week’s #SSBlogwatch we’re not going to tell you what to think.
For @ReversingLabs’ @SecuredSoftware: https://t.co/n6ZhKsK2YS
Monday, 6 March 2023
Voice-Clone AI Scams — it’s NOT ME on the Phone, Grandma - Security Boulevard
Voice AI tech being misused by scammers: Scrotes fake your voice and call your grandparents.
3/ Stop the world. In today’s #SBBlogwatch, we want to get off.
— @Richi 🤓 Jennings (@RiCHi) March 6, 2023
At @TechstrongGroup’s @SecurityBlvd: https://t.co/64cGC0Grd5
Friday, 3 March 2023
Microsoft FAIL: ‘BlackLotus’ Bootkit Breaks Secure Boot - Security Boulevard
3/ Naïvely negligent or perfectly pragmatic?
— @Richi 🤓 Jennings (@RiCHi) March 3, 2023
In today’s #SBBlogwatch, we dig in and find out.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/kIO161g89k
Thursday, 2 March 2023
LinkedIn Job Scams: Out of Hand ¦ 4-Day Workweek: Let’s Get Serious - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) March 2, 2023
1⃣ Don’t get scammed looking for a job, and
2⃣ momentum grows for the 32-hour working week.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/P1LbbJSjpo #DevOps
Wednesday, 1 March 2023
LastPass revelations: BIG lessons for DevSecOps teams - ReversingLabs
And waddya know? The PC was infected with a #keylogger.
— @Richi 🤓 Jennings (@RiCHi) March 1, 2023
In this week’s #SSBlogwatch we facepalm, furiously.
For @ReversingLabs’ @SecuredSoftware: https://t.co/ySjfUL4sey #LastPass
Tuesday, 28 February 2023
US Marshals Ransomware Hack is ‘Major Incident’ - Security Boulevard
The U.S. Marshals Service (USMS) has been hacked (again). Scrotes stole sensitive stuff (supposedly).
Your tax dollars NOT at work.
— @Richi 🤓 Jennings (@RiCHi) February 28, 2023
In today’s #SBBlogwatch, we lose patience.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/NrCJDiiyDS
Friday, 24 February 2023
‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels - Security Boulevard
3/ Oh, what a tangled web we weave.
— @Richi 🤓 Jennings (@RiCHi) February 24, 2023
In today’s #SBBlogwatch, we struggle to be brief.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/LXa1NJagnj
Thursday, 23 February 2023
WTH? WFH is 6× Pre-Covid ¦ Plus: Agile Sucks (Redux) - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) February 23, 2023
1⃣ Working from home #WFH is here to stay, and
2⃣ #Agile is still a failure.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/e7eZXyPq0w #DevOps
Wednesday, 22 February 2023
Surprise! US DoD Server Had no Password — 3TB of Sensitive Data Leaked - Security Boulevard
3/ Amateurs. In today’s #SBBlogwatch, we seek professional help.
— @Richi 🤓 Jennings (@RiCHi) February 22, 2023
At @TechstrongGroup’s @SecurityBlvd: https://t.co/dF4Gk01OuM
Tuesday, 21 February 2023
Lesson from Core-JS: Beware hidden dependencies from indebted Russian devs - ReversingLabs
The Code-JS project is absolutely huge. Perhaps your project has a dependency on it? The likelihood is you’d never know.
The #SoftwareSupplyChain #security alarm should be at DEFCON 2 by now.
— @Richi 🤓 Jennings (@RiCHi) February 22, 2023
In this week’s #SSBlogwatch we sum up the situation at fast pace.
For @ReversingLabs’ @SecuredSoftware: https://t.co/LkVjR4i6Bg
Monday, 20 February 2023
GoDaddy Hosting Hacked — for FOURTH Time in 4 Years - Security Boulevard
3/ Hey, @GoDaddy: It’s bad enough you keep reporting hacks—but the same hack you failed to clean up previous times? INEXCUSABLE.
— @Richi 🤓 Jennings (@RiCHi) February 20, 2023
In today’s #SBBlogwatch, we note the trouble started when CEO moved from Expedia.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/M1hMQdZ62Q
Friday, 17 February 2023
‘Serious’ Ransomware Emergency in Oakland, Calif. — Legacy FAIL - Security Boulevard
Oakland is still reeling from last week’s ransomware attack. San Francisco’s poorer neighbor is asking for help.
In the meantime, #Oakland’s not even saying if the public’s private information is at risk.
— @Richi 🤓 Jennings (@RiCHi) February 17, 2023
In today’s #SBBlogwatch, we dig below the surface.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/Ie54YtdBYj
Thursday, 16 February 2023
Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) February 16, 2023
1⃣ Denis “@zloirock” Pushkarev is fed up with #CoreJS freeloaders, and
2⃣ hundreds more malicious packages found at @PyPI.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/bHIuuKuFp5 #DevOps
Wednesday, 15 February 2023
Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy - ReversingLabs
Some of the mistakes they’re making are absolute howlers.
— @Richi 🤓 Jennings (@RiCHi) February 15, 2023
In this week’s #SSBlogwatch we write one word after another.
For @ReversingLabs’ @SecuredSoftware: https://t.co/Gx5IP8jsYW
Tuesday, 14 February 2023
Your Mental Health Data for Sale or Rent — 20¢ - Security Boulevard
TIL Saint Valentine is also the patron saint of #epilepsy.
— @Richi 🤓 Jennings (@RiCHi) February 14, 2023
In today’s #SBBlogwatch, we love #privacy.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/RA7bAwvIsb
Friday, 10 February 2023
Reddit Hacked — 2FA is no Phishing Phix - Security Boulevard
#FIDO2 / #WebAuthn to the rescue?
— @Richi 🤓 Jennings (@RiCHi) February 10, 2023
In today’s #SBBlogwatch, we open a stopwatch app to time the arms race.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/Kgoqr28BDy #phishing #MFA
Thursday, 9 February 2023
Amazing Fast Crypto for IoT — US NIST Fingers ASCON - Security Boulevard
3/ It’ll be useful on cheap, tiny devices such as #RFID chips (pictured), which cost about 25¢ (also pictured).
— @Richi 🤓 Jennings (@RiCHi) February 9, 2023
In today’s #SBBlogwatch, in #NIST we trust—or do we?
At @TechstrongGroup’s @SecurityBlvd: https://t.co/BJhZlTQFi2
Wednesday, 8 February 2023
Voice.ai ‘Stole’ Code ¦ AWS Gets Filthier - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) February 8, 2023
1⃣ Alleged theft of #GPL code by @getVoiceAI, and
2⃣ @Amazon will run its @AWSCloud #datacenters on gas.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/kr0OeCTPXj #DevOps
Tuesday, 7 February 2023
C-SCRM: We’re from the government — and we’re here to help with software supply chain security - ReversingLabs
A whole alphabet soup of agencies, offices and councils are springing up in D.C. and beyond. They’re trying to help us with the software supply chain security problem.
3/ Sounds terrifying.
— @Richi 🤓 Jennings (@RiCHi) February 7, 2023
In this week’s #SSBlogwatch we remember Ronald Reagan.
For @ReversingLabs’ @SecuredSoftware: https://t.co/ribZWAd9BZ
Monday, 6 February 2023
Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42 - Security Boulevard
Police in the Netherlands broke open alleged drugs gangs by hacking an encrypted messenger service, Exclu. Lives were saved and alleged perps arrested.
3/ I think we can assume WhatsApp and Signal are still safe.
— @Richi 🤓 Jennings (@RiCHi) February 6, 2023
In today’s #SBBlogwatch, we have nothing to hide.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/FKB5eQdT7G
Friday, 3 February 2023
Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology - Security Boulevard
We waited 65 days for this?
— @Richi 🤓 Jennings (@RiCHi) February 3, 2023
In today’s #SBBlogwatch, we’re done with the Anker brand.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/fReUMYqynm
Thursday, 2 February 2023
OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) February 2, 2023
1⃣ #ChatGPT darling @OpenAI wants people to write code in English, and
2⃣ the unintended consequences of blocking shared accounts at @Netflix.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/pXmthwdl4K #DevOps $MSFT $NFLX
Wednesday, 1 February 2023
‘Finish Him!’ US Kills Huawei With Final Tech Ban - Security Boulevard
The federal government has cut off Huawei’s last sources of technology. Export licenses for chips and other tech components are finished.
3/ And what of the unintended consequences?
— @Richi 🤓 Jennings (@RiCHi) February 1, 2023
In today’s #SBBlogwatch, we prepare for all-out economic warfare.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/SzokqDZBIc
Tuesday, 31 January 2023
Google's open source team layoffs: Your software supply chain security is at risk - ReversingLabs
Patronage from firms such as Google was key to security-critical open source projects — e.g., #BoringSSL, #Samba and @KubernetesIO.
— @Richi 🤓 Jennings (@RiCHi) February 1, 2023
In this week’s #SSBlogwatch will the last to leave please turn off the lights?
For @ReversingLabs’ @SecuredSoftware: https://t.co/YkwlxdPbG5
Another Password Manager Leak Bug: But KeePass Denies CVE - Security Boulevard
Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw.
3/ This strikes many as dangerous.
— @Richi 🤓 Jennings (@RiCHi) January 31, 2023
However, Reichl blames the victim, saying an exploit would be the notional user’s fault for using an insecure device.
In today’s #SBBlogwatch, we dig in.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/dAe0UIjlZ0
Friday, 27 January 2023
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al - Security Boulevard
3/ Six months of secret work has paid off, we’re told.
— @Richi 🤓 Jennings (@RiCHi) January 27, 2023
In today’s #SBBlogwatch, мы заняты пчелы.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/y8oFdBlzVo
Wednesday, 25 January 2023
Microsoft Outage Outrage: Was it BGP or DNS? - DevOps.com
#TheLongView: All of @Microsoft’s cloud services go down, everywhere. Redmond’s IaaS, PaaS and SaaS—incl @GitHub—were dead for hours, and are still running unreliably—despite Microsoft saying it’s fixed.
— @Richi 🤓 Jennings (@RiCHi) January 25, 2023
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/BQfV23PBtU #DevOps
Tuesday, 24 January 2023
Move over, npm: Trust VS Code extensions at your own risk, dev teams - ReversingLabs
3/ It may also be present in @VisualStudio and @AzureDevOps.
— @Richi 🤓 Jennings (@RiCHi) January 24, 2023
In this week’s #SSBlogwatch we run and hide.
For @ReversingLabs’ @SecuredSoftware: https://t.co/fo19rhLAoX
Monday, 23 January 2023
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew - Security Boulevard
3/ I’m amazed it hasn’t happened before.
— @Richi 🤓 Jennings (@RiCHi) January 23, 2023
In today’s #SBBlogwatch, we say hello to our old friend maia arson crimew—@_nyancrimew.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/WgrpNc5vxd #CommuteAir
Friday, 20 January 2023
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks - Security Boulevard
CEO @MikeSievert (pictured) should be un-happy.
— @Richi 🤓 Jennings (@RiCHi) January 20, 2023
In today’s #SBBlogwatch, we wonder if he might become un-CEO.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/xeh5a3HqTe
Thursday, 19 January 2023
8-Bit Floating Point for AI/ML? | Amazon and Microsoft Shed Tech Jobs - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) January 19, 2023
1⃣ New ideas bring low-power #ML inference, and
2⃣ more big-tech #jobs are going.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/z4wAPEsoif #DevOps $MSFT $AMZN
GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’? - ReversingLabs
GitHub launches Code Brushes — a fascinating new “usable prototype” toolbox in the Copilot Labs Visual Studio Code extension. In theory, it can make your code more secure, easier to understand and more.
3/ But is it art?
— @Richi 🤓 Jennings (@RiCHi) January 19, 2023
In this week’s #SSBlogwatch we miss @BobRossOfficial’s amazing hair.
For @ReversingLabs’ @SecuredSoftware: https://t.co/Smd4JAgMQF
Monday, 16 January 2023
Another Password Manager Breach: NortonLifeLock Apes LastPass - Security Boulevard
3/ These things come in threes.
— @Richi 🤓 Jennings (@RiCHi) January 16, 2023
In today’s #SBBlogwatch, we wonder who’s next.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/VkX0g6vG9Q
Friday, 13 January 2023
Yikes, Control Web Panel has Critical RCE — Patch NOW - Security Boulevard
It’s a 9.8 on the 10-point #CVSS scale.
— @Richi 🤓 Jennings (@RiCHi) January 13, 2023
In today’s #SBBlogwatch, we’re surprised it’s not a perfect 10.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/1SAdehYj9Z
Thursday, 12 January 2023
FAA Ground Stop due to Technical Debt? | Don’t Do DIY Crypto! - DevOps.com
In this week’s #TheLongView:
— @Richi 🤓 Jennings (@RiCHi) January 12, 2023
1⃣ The @FAANews’s #NOTAM database gets corrupted, and
2⃣ @ThreemaApp shows why DIY #cryptography is bad.
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/3rMIcrbWTg #DevOps #crypto #TechicalDebt
Wednesday, 11 January 2023
If you don't love me now: JsonWebToken breaks the software supply chain (again) - ReversingLabs
3/ The bug’s been fixed by @Auth0, after the #vulnerability was disclosed responsibly by @Unit42_intel.
— @Richi 🤓 Jennings (@RiCHi) January 11, 2023
In this week’s #SSBlogwatch we worry for people who don’t update.
For @ReversingLabs’ @SecuredSoftware: https://t.co/iBhPMnKOPO
Tuesday, 10 January 2023
Digital License Plates: Stupid, Pointless, Insecure - Security Boulevard
3/ It’s another silly #SiliconValley digitalization disaster.
— @Richi 🤓 Jennings (@RiCHi) January 10, 2023
In today’s #SBBlogwatch, we pity the fool.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/N7hzzSzUUZ #IoT #Rplate
Monday, 9 January 2023
CES 2023 FAIL: Worst in Show for Security and Privacy - Security Boulevard
3/ This is the way.
— @Richi 🤓 Jennings (@RiCHi) January 9, 2023
In today’s #SBBlogwatch, we feel #fabulous.
At @TechstrongGroup’s @SecurityBlvd: https://t.co/D6tS8QhzMo
Thursday, 5 January 2023
Southwest Airlines: ‘Shameful’ Technical Debt Bites Back - DevOps.com
The débâcle of canceled flights was caused by decades of #TechnicalDebt. That’s the analysis of @Columbia prof @Zeynep. A lack of scalability in #SkySolver, $LUV’s crew sched. system, led to days of paralysis.
— @Richi 🤓 Jennings (@RiCHi) January 5, 2023
At @TechstrongGroup’s @DevOpsDotCom: https://t.co/y6XcUbuNMi #DevOps