Okta Screws Up (Yet Again) — ALL Customers’ Data Hacked, not just 1% - Security Boulevard

You had one job:

Meta Sued for Ignoring its Underage Kids Problem (Because Money) - Security Boulevard

Don’t be square:

‘LitterDrifter’ Russian USB Worm Leaks from Ukraine War Zone - Security Boulevard

FSB APT USB VBS LNK DLL: WTH?

FCC’s Got New Rules for SIM-Swap and Port-Out Fraud - Security Boulevard

Too many times:

Google to Force-Block Ad Blockers — Time to Get Firefox? - Security Boulevard

Manifest V3: Destiny.

FBI’s Warrantless Spying on US Must Continue, Says FBI - Security Boulevard

#Privacy, schmivacy:

HALT! I am Reptar! Intel CPU Bug Panics Cloud Providers - Security Boulevard

#IaaS Catch Fire:

LockBit Crashes Boeing Dark Web Data — No Ransom Paid - Security Boulevard

Seattle plane maker tries to tell us the 50GB dump is ever so boring and not worth spinning up Tor for.

World’s Biggest Bank Hacked: ICBC Walks Trades on USBs - Security Boulevard

Plan B is sneakernet:

Data Brokers Sell Sensitive Data of US Military and Veterans - Security Boulevard

Follow the money:

Atlassian Bug now a Perfect 10: Riot of Ransomware Raids - Security Boulevard

Step #1: Get it off the Internet

VICTORY: Google WEI ‘Stealth DRM’ Plan is Dead (or is it?) - Security Boulevard

WEI is dead — long live WMI:

AI Safety: 28 Nations+EU Agree to Test in Turing’s Huts - Security Boulevard

Foo, bar, #BletchleyDeclaration—signed at UK’s AI Safety Summit: Not much substance, but unity is impressive.

We Won’t Pay Ransomware Crims — 40 Nations Promise Biden’s WH - Security Boulevard

Will CRI pledge work? International Counter Ransomware Initiative hopes to pull rug from under scrotes.

SolarWinds CISO Sued for Fraud by US SEC - Security Boulevard

The password was ‘solarwinds123’:

#iLeakage: All Apple CPUs Vulnerable — No Patch in Sight - Security Boulevard

Son of Spectre: No fix for iOS, “unstable” workaround for macOS.

Don’t Be Evil: Google’s Scary ‘IP Protection’ Privacy Plan - Security Boulevard

Firefox here we come! “Free” privacy proxy for all Chrome users? What could possibly go wrong?

Okta Hacked Yet Again: 2FA Firm Failed to 2FA - Security Boulevard

You had one job: Once is happenstance, twice is coincidence, FIVE TIMES is sheer incompetence.

KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again - Security Boulevard

Mote below ķ: Not only malvertising, but also “verified by Google.”

Cisco Zero-Day: As Bad as it Gets — and No Fix 4 Weeks in - Security Boulevard

Keeping us in suspense—It doesn’t get worse than this: CVE-2023-20198 is CVSS=10.

Elon’s CSAM FAIL: Twitter Fined by Australian Govt. - Security Boulevard

Straya strikes back: Musk’s mob declines to answer questions, breaking law dunundah.

Stalking: Fear of Apple AirTag ‘Explodes’ — Lawsuit Momentum Grows - Security Boulevard

This is why we can’t have nice things: 38 victims of Apple’s “negligence” named in amended class action.

Microsoft kills Python 3.7 ¦ … and VBScript ¦ Exascaling ARM on Jupiter - DevOps.com

The moral of the story: So long, and thanks for all the fish

Google Pushes ‘Passkeys’ Plan — but it’s Too Soon for Mass Rollout - Security Boulevard

FIDO FAIL: “Killing passwords” is a worthy goal—but is coercion the best way?

Huge DNA PII Leak: 23andMe Must Share the Blame - Security Boulevard

The firm’s PR spin implies it’s the users’ fault for not using unique passwords—but is that fair? No, of course it isn’t.

iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain - Security Boulevard

Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero days (and the overheating bug)

Meta Mayhem: Hybrid Work FAIL ¦ Yet More Layoffs - DevOps.com

The moral of the story: Be where you are—otherwise you will miss your life

In this week’s #TheLongView:
1⃣ @Meta’s enforced #HybridWork plan is failing badly, and
2⃣ #Meta makes more #layoffs.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/UaQUYO9CXq #DevOps $META

— @Richi 🤓 Jennings (@RiCHi) October 4, 2023

Broken ARM: Mali Malware Pwns Phones - Security Boulevard

Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver.

Nasty bugs in #Android #GPU driver for the #ARM #Mali. Affects flagship phones such as the Samsung Galaxy S20.

There’s a patch upstream. In today’s #SBBlogwatch, we wonder if it’ll ever get delivered to our phones. At @TechstrongGroup’s @SecurityBlvd: https://t.co/1mkkvnMPbg

— @Richi 🤓 Jennings (@RiCHi) October 3, 2023

Don’t Say ‘Skynet’ — NSA’s AI Security Center is New Hub for Agency Efforts - Security Boulevard

COME WITH ME IF YOU WANT TO LIVE: Nothing suspicious to see here—move along.

The #NSA is forming a security center for #AI. Honcho @CYBERCOM_DIRNSA thinks the NSA has “unique talent and expertise” to keep AI secure.

In today’s #SBBlogwatch, we’re from the government and we’re here to help. At @TechstrongGroup’s @SecurityBlvd: https://t.co/0pUY7dy3bZ

— @Richi 🤓 Jennings (@RiCHi) October 2, 2023

Raspberry Pi 5: Faster, Better, Stronger — Spendier - DevOps.com

The moral of the story: You’re not defined by your past—you’re prepared by it

In a cheeky extra #TheLongView: Everyone’s favorite single-board #ARM computer, #RaspberryPi, has a new gen. coming soon. #RPi5 has double the performance, quadruple the base RAM and far more capable I/O.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/veGdjSH0cY #DevOps

— @Richi 🤓 Jennings (@RiCHi) September 29, 2023

China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge? - Security Boulevard

TTP: IOS EEM CLI BBQ LOL—FBI, NSA, CISA join Japan’s NISC to warn of espionage group linked to Chinese Communist Party.

#China attacks #Cisco routers, installs persistent malware with sneaky backdoors. They break into IOS and drop a hidden EEM policy to manipulate a CLI result.

Clear as mud? In today’s #SBBlogwatch, we fire up the BBQ. At @TechstrongGroup’s @SecurityBlvd: https://t.co/HHRY8ioCI9

— @Richi 🤓 Jennings (@RiCHi) September 28, 2023

FCC: Net Neutrality is a ‘Thing’ Again ¦ Meta Shutters Big UK Site - DevOps.com

The moral of the story: In the long run, the sharpest weapon of all is a kind and gentle spirit

In this week’s #TheLongView:
1⃣ #NetNeutrality is back on the @FCC’s agenda, and
2⃣ unused #London office gets Zucked.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/8GDM0zf6OH #DevOps $META

— @Richi 🤓 Jennings (@RiCHi) September 27, 2023

‘All of Sony’ Hacked, Claims Ransomed.vc Group - Security Boulevard

Hackers Play in Sony’s World:

Yet another hack of @Sony: Emergent #ransomware gang #Ransomed.vc says it pwned entire #Sony group.

“We are currently investigating. … We have no further comment.” In today’s #SBBlogwatch, we’re not 100% surprised. At @TechstrongGroup’s @SecurityBlvd: https://t.co/Fh3B0TMEkM

— @Richi 🤓 Jennings (@RiCHi) September 26, 2023

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator - Security Boulevard

Apple Scrambled to Fix 3 More CVEs:

Would-be president pwned by President: #AhmedTantawy had phone hacked; #CitizenLab says Egyptian govt did it.

Fingered: @VodafoneEgypt, @Sandvine and #Cytrox itself. In today’s #SBBlogwatch, we rethink seeing pyramids. At @TechstrongGroup’s @SecurityBlvd: https://t.co/1Uu0Ii9wYL

— @Richi 🤓 Jennings (@RiCHi) September 25, 2023

Google De-Recruits 100s of Recruiters ¦ ARM Valued at $45½B in IPO - DevOps.com

The moral of the story: You only pass through this life once—you don’t come back for an encore.

In this week’s #TheLongView:
1⃣ #Google fires hundreds of #recruiters, and
2⃣ $ARM gets a sky-high #IPO valuation.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/OoxF8PAx8h #DevOps

— @Richi 🤓 Jennings (@RiCHi) September 14, 2023

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug - Security Boulevard

WebP FAIL:

After Apple’s #BLASTPASS patches, come a bunch of others. Exploits are in the wild.

The bug is in #libwebp​—a Google #WebP image library built in to many apps. In today’s #SBBlogwatch, we prepare for carpal tunnel. At @TechstrongGroup’s @SecurityBlvd: https://t.co/VB0FSMOX7u

— @Richi 🤓 Jennings (@RiCHi) September 13, 2023

What Happens in Vegas: MGM Resorts ‘Ransomware’ Attack - Security Boulevard

You’re welcome to it:

#MGMResorts has pulled the plugs—it’s come under cyberattack. Seems like another #ransomware attack.#MGM is a huge deal in #LasVegas, owning 12 properties. In today’s #SBBlogwatch, we’re not staying in #Vegas. At @TechstrongGroup’s @SecurityBlvd: https://t.co/hpuyoE63wL

— @Richi 🤓 Jennings (@RiCHi) September 12, 2023

‘BLASTPASS’ iPhone Exploit — Apple Asleep at the Switch - Security Boulevard

Zero click, zero day, zero clue:

#Apple under fire yet again for insecure software. It’s the 13th #ZeroDay of 2023—time for someone in Cupertino to wake up.

Yes, another #ZeroClick. In today’s #SBBlogwatch, we eyeroll at Apple’s claim to be secure. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ILx07kLyHv

— @Richi 🤓 Jennings (@RiCHi) September 11, 2023

Google Kills 3rd-Party Cookies — but Monopolizes AdTech - Security Boulevard

#Firefox looking good right now:

#Google says its #TopicsAPI is ready: #PrivacySandbox is shipping in #Chrome—finally. So, la $GOOG is preparing to switch off #tracking #cookies.

Sinister land grab? In today’s #SBBlogwatch, we see both sides. At @TechstrongGroup’s @SecurityBlvd: https://t.co/gJetFjDrrD

— @Richi 🤓 Jennings (@RiCHi) September 8, 2023

Oracle Bill is 5x Client’s Budget ¦ Toyota Out of Space - DevOps.com

The moral of the story: Comparison is the thief of joy

In this week’s #TheLongView:
1⃣ #Birmingham looks like the Detroit of the UK—is it #Oracle’s fault?
2⃣ Was #Toyota’s factory failure caused by running out of disk space?

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/caZCFl8rOw

— @Richi 🤓 Jennings (@RiCHi) September 7, 2023

This SUCKS: ‘Cars Are a Privacy Nightmare,’ Mozilla Fumes - Security Boulevard

IoT cars considered harmful:

All top car brands collect personal data. They probably share and/or sell it, they don’t keep it secure—and good luck opting out. The @Mozilla Foundation is horrified.

In today’s #SBBlogwatch, we drive the point home. At @TechstrongGroup’s @SecurityBlvd: https://t.co/y7Lj97oEiA

— @Richi 🤓 Jennings (@RiCHi) September 6, 2023

Sourcegraph’s Shocking Screwup: Private Secrets in Public Repo - Security Boulevard

Credentials create crisis:

#Sourcegraph’s #LLM was hacked last week. Scrotes labored for days to make it available free.

Some #PII might have leaked, too. The company isn’t sure. In today’s #SBBlogwatch, we check our GitHub repos (yet again). At @TechstrongGroup’s @SecurityBlvd: https://t.co/5vfp8qSD5s

— @Richi 🤓 Jennings (@RiCHi) September 5, 2023

BadBazaar: Chinese Spyware Shams Signal, Telegram Apps - Security Boulevard

I’m Shocked. SHOCKED!

#China accused of hiding #spyware in app stores. APT #GREF put #BadBazaar in cloned #Signal & #Telegram.#Google acted (slowly), but #Samsung failed to do anything. In today’s #SBBlogwatch, we’re all about the déjà vu. At @TechstrongGroup’s @SecurityBlvd: https://t.co/UhBg5OCyNV

— @Richi 🤓 Jennings (@RiCHi) August 31, 2023

Qakbot Cracked: FBI and Friends Hack the Hackers - Security Boulevard

Or is it just resting? Beautiful plumage.

World’s biggest loader #botnet has ceased to be. Bereft of life—thanks to @TheJusticeDept & Euro partners.#Qakbot has rung down the curtain. In today’s #SBBlogwatch, we’ve gone to join the choir invisible. At @TechstrongGroup’s @SecurityBlvd: https://t.co/mk49dhV4rT #DuckHunt

— @Richi 🤓 Jennings (@RiCHi) August 30, 2023

Did Russia Hack Poland’s Trains? MSM Says Yes, but … Well, You Decide - Security Boulevard

Train Phreaking:

#Trains all over #Poland are mysteriously slamming on the brakes. Of course, the MSM is all up in a lather.

Or was it just a modern-day #BlueBox prank? In today’s #SBBlogwatch, we grab some delicious Cap’n Crunch. At @TechstrongGroup’s @SecurityBlvd: https://t.co/iaM6voueA2

— @Richi 🤓 Jennings (@RiCHi) August 29, 2023

‘Scrum == Cancer’ ¦ Plus: Linux 6.5 Ships - DevOps.com

The moral of the story: When we strive to become better than we are, everything around us becomes better too

In this week’s #TheLongView:
1⃣ #Scrum sucks, sources say; and
2⃣ Here comes the #Linux 6.5 kernel.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Dx8Mj1xV1C #DevOps

— @Richi 🤓 Jennings (@RiCHi) August 28, 2023

Gmail Adds Extra Checks, Thwarting Sneaky Hackers - Security Boulevard

But Please Don’t Use SMS:

If hackers can silently watch your inbox, they can also break into your other accounts.

So Google’s adding #authentication to the #Gmail settings scrotes use. In today’s #SBBlogwatch, we finally sort out our #2FA. At @TechstrongGroup’s @SecurityBlvd: https://t.co/zFIsjIZ0Ze

— @Richi 🤓 Jennings (@RiCHi) August 25, 2023

Lapsus$ Jury Says Teen Duo Did Do Crimes - Security Boulevard

‘teapotuberhacker’ is not Guilty but not ‘Not Guilty’

Jury decides they committed crimes using #SocialEngineering, insider bribery and #SIMswapping—holding victims to #crypto-ransom.

It all sounded a bit too easy. In today’s #SBBlogwatch, we put the kettle on. At @TechstrongGroup’s @SecurityBlvd: https://t.co/cxkiZEl3tP #Lapsus$

— @Richi 🤓 Jennings (@RiCHi) August 24, 2023

IBM LLM AI: COBOL to Java ASAP ¦ ARM IPO is GO! - DevOps.com

The moral of the story: Life’s tough—but it’s tougher when you’re stupid

In this week’s #TheLongView:
1⃣ Translating legacy #COBOL code to a slightly more modern language, and
2⃣ @Arm will go public (again) next month.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/VJ9LY358o7 #DevOps

— @Richi 🤓 Jennings (@RiCHi) August 23, 2023

LOL WinRAR: Serious One-Click Bug (Patch NOW) - Security Boulevard

LOL WinRAR:

#WinRAR has a serious security hole. If you still have it installed, get the update (or uninstall).

Do what you want, because you are free. In today’s #SBBlogwatch, we’re sailing away (adventure waits on every shore). At @TechstrongGroup’s @SecurityBlvd: https://t.co/iWCbhwdZH4

— @Richi 🤓 Jennings (@RiCHi) August 21, 2023

80% of Bosses ‘Regret’ Stopping WFH ¦ PSA: Disable STS! - DevOps.com

The moral of the story: Be nice to people on the way up, because you may meet them on the way down

In this week’s #TheLongView:
1⃣ Rethinking return-to-office mandates and
2⃣ A ridiculous, ancient Windows bug.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/kCtkMiU6PX #DevOps

— @Richi 🤓 Jennings (@RiCHi) August 17, 2023

Ransomware Robs Realtors — Rapattoni MLS-aaS Down: Day 8 and Counting - Security Boulevard

MLS FAIL:

A service that helps local #realtor associations manage home listings has been down for a week, thanks to #ransomware.

It’s been a long time coming. In today’s #SBBlogwatch, we smell #legacy systems. At @TechstrongGroup’s @SecurityBlvd: https://t.co/7TNuGQs1jd @Rapattoni #MLS

— @Richi 🤓 Jennings (@RiCHi) August 16, 2023

AI coding helpers get FAILing grade - ReversingLabs

Fools rush in:

#ChatGPT is wrong more than half the time—makes many conceptual errors, but sounds confident, authoritative.

So, hard to spot the errors, say researchers. In this week’s #SSBlogwatch we can’t say we’re totally surprised. For @ReversingLabs: https://t.co/egp3AdqNmJ #AI #DevOps

— @Richi 🤓 Jennings (@RiCHi) August 15, 2023

‘Sabotage the Factory’ — 16 Big Bugs in Codesys ICS/OT/SCADA Software - Security Boulevard

#CoDe16 FAIL:

See that power station, chemical plant or production line? Probably uses @CODESYS_Group software to program its industrial computers.

In today’s #SBBlogwatch, we’re crushed by the wheels of industry. At @TechstrongGroup’s @SecurityBlvd: https://t.co/kn3Smp94cF #ICS #OT #SCADA

— @Richi 🤓 Jennings (@RiCHi) August 14, 2023

Teenage Hackers Must be Stopped: US DHS’s CSRB Report - Security Boulevard

TL;DR: 2FA SMS FAIL

:@DHSgov’s report into last year’s #Lapsus$ attacks is finally public. #CSRB came to the oh-so-insightful conclusion that people shouldn’t use #SMS #2FA.

Duh. In today’s #SBBlogwatch, we waited 18 months for this? At @TechstrongGroup’s @SecurityBlvd: https://t.co/J0bVOUIayp

— @Richi 🤓 Jennings (@RiCHi) August 11, 2023

Google’s Shiny New AI Dev Environment — the ‘Experimental’ Project IDX - DevOps.com

The moral of the story: You live once and life is wonderful, so eat the damned red velvet cupcake

In this week’s #TheLongView: @Google’s full-stack, browser based development environment in the cloud. It’s not just a #Copilot clone, but aims to help you “get an app from zero to production.”

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Cp2d9LIZsA #DevOps #ProjectIDX #AI

— @Richi 🤓 Jennings (@RiCHi) August 10, 2023

Ransomware in Schools: White House Wants Action NOW - Security Boulevard

Don’t make me tap the sign:

#Ransomware scrotes attacking public schools is a huge problem. And it’s getting worse—especially in primary and secondary.

But where’s the money coming from? In today’s #SBBlogwatch, we wonder if localism works. At @TechstrongGroup’s @SecurityBlvd: https://t.co/iJmAmHHJcK

— @Richi 🤓 Jennings (@RiCHi) August 9, 2023

Listen up, devs: AI trained to overhear passwords - ReversingLabs

Sing loudly at login:

Researchers trained #DeepLearning model with keypress sounds from Apple laptops. If it can hear you type, it can predict your credentials — with scary accuracy.

Yes, even over Zoom. In this week’s #SSBlogwatch we turn up the music. For @ReversingLabs: https://t.co/r3TjsbiUWn

— @Richi 🤓 Jennings (@RiCHi) August 8, 2023

How to Get Unlimited Airline Miles: Researchers Find the Cheat Codes - Security Boulevard

Points of Interest:

Ethical hackers found huge bugs in @PointsLoyalty. The ease with which the team found them is kinda worrying.

In today’s #SBBlogwatch, we wonder what else is lurking that lets scrotes steal quasi-currency. At @TechstrongGroup’s @SecurityBlvd: https://t.co/4446lFAmxn

— @Richi 🤓 Jennings (@RiCHi) August 7, 2023

Microsoft is a “Strategic Problem in the Security Space,” Says CEO - Security Boulevard

Fist of FAIL: Amit Yoran has had enough—and he’s not gonna take it anymore.

:@AYoran says his team reported a critical @Azure bug four months ago. Has @Microsoft fixed it yet?

“Of course not,” he says.

Satya looks like he’s about to punch someone. In today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/OcTW5HxcwS

— @Richi 🤓 Jennings (@RiCHi) August 3, 2023

2024—Year of the Linux Desktop? ChromeOS Reflects its Inner Penguin ¦ GNOME Rethink - DevOps.com

The moral of the story: People of accomplishment rarely sit back and let things happen to them

In this week’s #TheLongView: Can the #Linux desktop installed base ever break the mythical 10% barrier?

1⃣ @Google has been refactoring #ChromeOS, and
2⃣ @GNOME is working on new #WindowManager ideas.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Gug1nV3SoZ #DevOps

— @Richi 🤓 Jennings (@RiCHi) August 3, 2023

BREAKING NEWS: You’re not Anonymous on Facebook (Duh) - Security Boulevard

Apparently this is news to some people:

#Anonymous posting in @Facebook groups isn’t a #privacy shield: You can’t just defame someone and get away with it.

Judge in Netherlands says @Meta must name anonymous user. In today’s #SBBlogwatch, we see both sides. At @TechstrongGroup’s @SecurityBlvd: https://t.co/PrXHu8Ljvz

— @Richi 🤓 Jennings (@RiCHi) August 1, 2023

Android Foils AirTag Stalkers and Thieves — While Apple Does Nothing - Security Boulevard

C’mon Cupertino:

An Apple #AirTag that’s not yours traveling with you is bad news. Now Android will alert you.

What’s Apple doing? Sitting on their hands. In today’s #SBBlogwatch, we can’t wait until Tim’s crew get with the program. At @TechstrongGroup’s @SecurityBlvd: https://t.co/1WbSTFaQio

— @Richi 🤓 Jennings (@RiCHi) July 28, 2023

Overture Maps’ Challenge to Google ¦ Frontier Model Forum’s AI Safety Shtick - DevOps.com

The moral of the story: You have two hands—one for helping yourself, the other for helping others

In this week’s #TheLongView:
1⃣ A big-tech consortium goes toe-to-toe with @GoogleMaps, and
2⃣ A big-tech consortium tries to fool #AI regulators.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/mUoIqlO36p #DevOps

— @Richi 🤓 Jennings (@RiCHi) July 27, 2023

ALERT: Google Wants to DRM your OS for ‘Web Environment Integrity’ - Security Boulevard

We Will Kill WEI:

Google calls it #WebEnvironmentIntegrity (#WEI): A super-secure service to certify your OS hasn’t been messed with.

Naturally, the “freedom to tinker” brigade are up in arms. In today’s #SBBlogwatch, we see both sides. At @TechstrongGroup’s @SecurityBlvd: https://t.co/5OeH6sT43W

— @Richi 🤓 Jennings (@RiCHi) July 26, 2023

No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’ - ReversingLabs

The future of zero trust?

Googlers will be protected from themselves. In what’s described as a pilot program, they’ll lose internet access at work and/or root privs.

The idea is to stop break-ins. In this week’s #SSBlogwatch we try not to imagine the horror. For @ReversingLabs: https://t.co/jiSig18Bn9

— @Richi 🤓 Jennings (@RiCHi) July 25, 2023

‘China’ Azure Breach: MUCH Worse Than Microsoft Said - Security Boulevard

Storm-0558 Breaks:

Nasty hack ‘by #China’ even nastier: Hackers stole a key cracking open AAD multi-tenant apps.

People are using words like “shoddy” and “fiasco.”

In today’s #SBBlogwatch, we wonder if #EntraID rebrand is connected. At @TechstrongGroup’s @SecurityBlvd: https://t.co/KXi0qjTHha

— @Richi 🤓 Jennings (@RiCHi) July 24, 2023

R.I.P. Kevin Mitnick, 1963–2023 - Security Boulevard

Kevin is Free:

#KevinMitnick lost his battle with pancreatic cancer. He leaves behind a wife, their unborn child and an entire culture he helped create.

The internet has many words to say. In today’s #SBBlogwatch, here are some. At @TechstrongGroup’s @SecurityBlvd: https://t.co/no0XF6y7pi

— @Richi 🤓 Jennings (@RiCHi) July 21, 2023

AI ‘is Getting Worse’ ¦ AI ‘Will Lose India Jobs’ (Probably Isn’t ¦ Probably Won’t)

The moral of the story: It takes 20 years to build a reputation and five minutes to ruin it

In this week’s #TheLongView, a conundrum:
1⃣ On the one hand, researchers say #ChatGPT is losing the plot
2⃣ On the other, we hear outsourced coding jobs in #India will be replaced by #AI.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/WjwMN8dEYf #DevOps

— @Richi 🤓 Jennings (@RiCHi) July 20, 2023

Biden Admin. Adds ‘Mercenary Spyware’ Firms to Ban List - Security Boulevard

Predator/ALIEN not welcome in U.S.

#Predator #spyware pushers #Intellexa & #Cytrox banned by @CommerceGov: U.S. orgs can’t do business with them—nor with any of the other firms on the #EntityList.

In today’s #SBBlogwatch, we talk transatlantic tension. At @TechstrongGroup’s @SecurityBlvd: https://t.co/roWbDcFegu

— @Richi 🤓 Jennings (@RiCHi) July 19, 2023

OPSEC FAIL: US Military Email Going to Mali — via Typo - Security Boulevard

MX Mixup:

Every week, thousands of #email messages get sent to #Mali instead of U.S. DoD addresses ending .MIL: Mali’s top-level domain is .ML and typing is hard, yo.

In today’s #SBBlogwatch, we tri tipin rite. At @TechstrongGroup’s @SecurityBlvd: https://t.co/22ceGU9ijf

— @Richi 🤓 Jennings (@RiCHi) July 17, 2023

China Breaches Microsoft Cloud — Spied on US Govt. Email - Security Boulevard

The government is greatly displeased—even U.S. spokespeople aren’t holding back:

:@Microsoft’s #SaaS email system got hacked two months ago. Redmond’s only telling us now, in part because it only found out a month later.

In today’s #SBBlogwatch, we get that special déjà vu feeling again.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/cU2fAuBjNc

— @Richi 🤓 Jennings (@RiCHi) July 13, 2023

Forking RHEL! Oracle and SUSE Join the Fight ¦ Silverman Sues AI Firms - DevOps.com

The moral of the story: There are no mistakes, only opportunities

In this week’s #TheLongView:
1⃣ @SUSE announces a @RedHat Enterprise Linux fork after @Oracle said a similar thing, and
2⃣ @SarahKSilverman says @OpenAI and @Meta have stolen her words.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/nuSPG714aV #DevOps

— @Richi 🤓 Jennings (@RiCHi) July 12, 2023

EU-US data transfers back in hotseat: Security of user data adds to privacy concerns - ReversingLabs

EU and US try yet again:

#EU says new agreement with US means it’s OK to transfer data westwards again. Third time’s a charm?

This time it’ll stick, right? In this week’s #SSBlogwatch we fear it won’t — not if @MaxSchrems has his way.

For @ReversingLabs: https://t.co/6yomrHHqZ4 #GDPR

— @Richi 🤓 Jennings (@RiCHi) July 12, 2023

StackRot: Linux Bug so bad Linus Dives Into Code to Fix It - Security Boulevard

Maple Tree Side Effects: Torvalds feels the pressure, fixes lazy locks.

Critical #vulnerability in #Linux caused #LinusTorvalds to get hands dirty. In June, patches appeared in said honcho’s name. Eyebrows raised.

Now we know why. In today’s #SBBlogwatch, we race to condition that hair. At @TechstrongGroup’s @SecurityBlvd: https://t.co/23Gf8jpNtm

— @Richi 🤓 Jennings (@RiCHi) July 10, 2023

Contec SolarView: Critical Bug Unpatched After 14 MONTHS - Security Boulevard

PV OT: VPN PDQ

An easily exploited, critical vuln in #Contec’s #SolarView #SCADA product is still live in hundreds of places—and being exploited.

In today’s #SBBlogwatch, we wonder why they’re on the internet in the first place. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ZbSsUeOltf

— @Richi 🤓 Jennings (@RiCHi) July 7, 2023

Threads: Twitter Killer or Ad-Infested Hellscape? - DevOps.com

The moral of the story: When you cease to dream you cease to live

In this week’s #TheLongView: @Meta launches its much-leaked #Threads microblogging app.

A spinoff from @Instagram, it’s already reached 30M signups at the time of writing. How is Meta’s #DevOps team making it scale?

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/lqHivV95MV

— @Richi 🤓 Jennings (@RiCHi) July 6, 2023

Fortinet Bug: RUN — Don’t Walk — to Patch Critical RCE - Security Boulevard

#Xortigate Xceptional Xploits:

:@Fortinet #FortiOS has yet another nasty bug. Is your shop one of the 300,000 that hasn’t patched #CVE202327997?

But you need to PAY to get the update. In today’s #SBBlogwatch, we’re amazed, astounded and astonished. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ABy7mTyzqr

— @Richi 🤓 Jennings (@RiCHi) July 5, 2023

Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites - ReversingLabs

It’s not rocket surgery:

:@MITREcorp’s top three are exactly the same as last year. Combined, just those three account for about half the problems.#CWE #1, #4, #7 and #17 are #MemorySafety bugs. In this week’s #SSBlogwatch we point the finger at C/C++. For @ReversingLabs: https://t.co/AaeUWf2C6R

— @Richi 🤓 Jennings (@RiCHi) July 5, 2023

‘Wagner Mercenary’ Hackers Destroy Russian Satellite Comms - Security Boulevard

Слава Україні — Героям слава!
Dozor-Teleport hack, vandalism and data breach. But is it a Ukrainian false flag op?

#SatCom provider #DozorTeleport has been hacked, knocking it off internet. Did #PMCWagner do it, or was it #Ukraine? Service known to be used by #Russian military, so either theory works.

In today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/0j4nOJLDrj

— @Richi 🤓 Jennings (@RiCHi) June 30, 2023

IBM/Red Hat Sparks Anger at GPL ‘breach’ as RHEL Source Locked Up - DevOps.com

The moral of the story: Every moment is a fresh beginning

In #TheLongView: @RedHat Enterprise #Linux (@RHEL) goes closed source. Well—not really; but @IBM’s lawyers are accused of skating so close to edge of legality that they risk violating the GNU Public License.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/bYn9jTeZSI #DevOps

— @Richi 🤓 Jennings (@RiCHi) June 29, 2023

Ironic: LetMeSpy Spyware Hackers Were Hacked (by Hackers) - Security Boulevard

Content warning: Abuse, stalking, controlling behavior, Schadenfreude, irony, doxxing.

#LetMeSpy is a hacking tool used for #stalking and spying on spouses: Abusers secretly install the app on victims’ phones.

Sadly, its central DB was leaked.

In today’s #SBBlogwatch, we hate the game _and_ the player. At @TechstrongGroup’s @SecurityBlvd: https://t.co/1Xry08U7J7

— @Richi 🤓 Jennings (@RiCHi) June 28, 2023

Hackers breached UPS data for SMS phish spree - ReversingLabs

UPS SMS oops:

Bug allowed bad actor to manipulate URLs:
💭Dev should avoid consecutive object references and add entropy.
💭Ops should detect attacks and shut ’em down or tarpit them.

In this week’s #SSBlogwatch we ask what Brown can do for us? For @ReversingLabs: https://t.co/6vbRBvEbWK

— @Richi 🤓 Jennings (@RiCHi) July 4, 2023

GDPR FAIL: US Firm ‘Profiles Half the World’ — it’s Max Schrems Again - Security Boulevard

NYOB accuses Telesign, Proximus and BICS of misusing phone users’ private data:

Firms secretly track millions, without permission. Discovering alleged crime is @MaxSchrems/@NYOBeu.

Again points to “illegally” sending #EU citizens’ data to US. In today’s #SBBlogwatch, we feel a touch of déjà vu. At @TechstrongGroup’s @SecurityBlvd: https://t.co/YcNc7PuLry

— @Richi 🤓 Jennings (@RiCHi) June 26, 2023

Apple Fixes 0-Days — Russia Says US Used for Spying - Security Boulevard

‘#Triangulation’ spyware said to use backdoor Apple gave to NSA:

#Kremlin iPhones riddled with “#NSA” spyware for years, complains #Russia. You might recall this first blowing up three weeks ago.

Now #Apple finally fixed the bugs.

In today’s #SBBlogwatch, we ponder useful idiocy. At @TechstrongGroup’s @SecurityBlvd: https://t.co/0TayqgCnPE

— @Richi 🤓 Jennings (@RiCHi) June 23, 2023

Google Calls Microsoft Azure Anti-Competitive ¦ Gen-Z Can’t Email - DevOps.com

The moral of the story: The longer I live, the more beautiful life becomes

In this week’s #TheLongView:
1⃣ @Google complains to the @FTC about @Microsoft market abuses, and
2⃣ new graduates don’t know how to office.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/WXOpmNpH84 #DevOps #GenZ

— @Richi 🤓 Jennings (@RiCHi) June 22, 2023

Passkeys standard: Time to add it to your dev plans? - ReversingLabs

Momentum is building:

#Passkeys looks almost ready for prime time. Apple and Google are supporting it — and being interoperable.

Isn’t it time your dev team did, too? In this week’s #SSBlogwatch we get below the surface blather. For @ReversingLabs: https://t.co/9wb7qBJZNF

— @Richi 🤓 Jennings (@RiCHi) June 21, 2023

Microsoft Repeatedly Burned in ‘Layer 7’ DDoS - Security Boulevard

Unlucky Number:

#Microsoft confirms that a group has thwarted it again and again with #DDoS attacks on its cloud properties.

Redmond said it was a #Layer7 attack—i.e., $MSFT’s own software was vulnerable.

Today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/DEH8CjTlUU

— @Richi 🤓 Jennings (@RiCHi) June 20, 2023

Reddit Ransomware Raid Redux: BlackCat/ALPHV Demands $4.5M - Security Boulevard

And Now, This:

#BlackCat #ransomware crew wants @Reddit to pay up, or it’ll release internal data stolen four months ago. The scrotes also want #Reddit to volte-face on its controversial #API pricing policy.

Today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/xfKcTe2CUc

— @Richi 🤓 Jennings (@RiCHi) June 19, 2023

CISA Warning: MOVEit Has Yet Another Zero-Day SQL Injection RCE Bug - Security Boulevard

Alt. Angle: Russia-Russia-Russia Cl1p Clop

THIRD #SQLi flaw in #MOVEit—and being exploited.@ProgressSW MOVEd quickly to patch, but at this point it seems like a hapless game of Whac-A-Mole: Clearly a systemic lack of input sanitation.

In today’s #SBBlogwatch at @TechstrongGroup’s @SecurityBlvd: https://t.co/ZEFdpwilP2

— @Richi 🤓 Jennings (@RiCHi) June 16, 2023

92% of Devs Use AI, Survey Says ¦ Intel One Mono Font

The moral of the story: Live as if you were to die tomorrow—learn as if you were to live forever

In this week’s #TheLongView:
1⃣ @GitHub touts unbelievable #AI stats, and
2⃣ @Intel’s beautiful #OpenSource #font.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/tcwJtusV8h #DevOps

— @Richi 🤓 Jennings (@RiCHi) June 15, 2023

Your Personal Data Sold to US Intelligence Agencies - Security Boulevard

What Price 4th Amendment? Warrant not needed if info bought from brokers:

Secret report “raises significant issues related to privacy and civil liberties.”

There have been “profound changes in the scope and sensitivity” of YOUR info available from data brokers.

Today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/UbsfL7l12p

— @Richi 🤓 Jennings (@RiCHi) June 14, 2023

What a Mess: Barracuda Swaps Countless Appliances — Malware Can’t be Removed - Security Boulevard

ESG FAIL:

#Barracuda on hook to exchange thousands of email security appliances: Pwned so hard they can’t be patched.

Scrotes exploited a @Barracuda #ZeroDay for SEVEN months. In today’s #SBBlogwatch, we can’t quite believe. At @TechstrongGroup’s @SecurityBlvd: https://t.co/8DK6bswgaq

— @Richi 🤓 Jennings (@RiCHi) June 12, 2023

Pics AND it Didn’t Happen: Sex Deepfake FBI Alert - Security Boulevard

Fake Pr0n Hint:

:@FBI warning of uptick in #sextortion: Scrotes targeting victims by feeding headshots into #deepfake apps, shaking them down. #GenerativeAI is now making horrifically lifelike videos & images.

Today’s #SBBlogwatch, at @TechstrongGroup’s @SecurityBlvd: https://t.co/kIFFoSuzQ8

— @Richi 🤓 Jennings (@RiCHi) June 8, 2023

Microsoft’s 9th Outage in 2023 ¦ RISE of RISC-V ¦ Meta Ends WFH - DevOps.com

The moral of the story: Every human has a finite number of heartbeats—I don’t intend to waste any of mine

In this week’s #TheLongView:
1⃣ Redmond #SaaS keeps failing,
2⃣ @RISC_V is #RISE’ing, and
3⃣ @Meta is enforcing #HybridWork.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/lFuPD3Aws5 #DevOps $MSFT $META

— @Richi 🤓 Jennings (@RiCHi) June 7, 2023

PyPI hackers code sneaky new tactic. Researchers caught 'em red handed - ReversingLabs

AST/SCA FAIL — RL FTW:

:@PyPI attackers used compiled code to evade detection. Possibly first attack to take advantage of .PYC files.@ReversingLabs’ reverse engineering team led by Karlo Zanki (pictured) spotted the tactic. In this week’s #SSBlogwatch we round up reax right: https://t.co/N2oLtWkGCn

— @Richi 🤓 Jennings (@RiCHi) June 6, 2023

Chrome Extensions Warning — Millions of Users Infected - Security Boulevard

Perhaps as many as 87 million victims—maybe more:

:@Google under fire again for lax @GoogleChrome Web Store management. Researchers discover 34 malicious #extensions.

And Google’s been ignoring reports since 2021. In today’s #SBBlogwatch, we ask: What price #SecOps? At @TechstrongGroup’s @SecurityBlvd: https://t.co/rCE6bcEKlU

— @Richi 🤓 Jennings (@RiCHi) June 5, 2023

Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research - Security Boulevard

Tit-For-Tat #Triangulation Trojan Talk:

#NSA inserted #backdoors into #iOS, says #FSB, allowing @NSAGov to spy on #Russian officials and foreign diplomats.@Kaspersky dubbed it #Triangulation. In today’s #SBBlogwatch, we wonder why it took 4 YEARS to find. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ZoojilKI7M

— @Richi 🤓 Jennings (@RiCHi) June 2, 2023

Dev Jobs are Dead: ‘Everyone’s a Programmer’ With AI ¦ Intel VPUs - DevOps.com

The moral of the story: Too many of us are not living our dreams because we are living our fears

In this week’s #TheLongView:
1⃣ @Nvidia’s CEO grabs headlines by saying your career is toast, and
2⃣ @Intel is still fighting.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Ym8m7piEbD #DevOps $NVDA $INTC

— @Richi 🤓 Jennings (@RiCHi) June 1, 2023

‘Extinction risk’: Could AI wipe out humans via software backdoors? - ReversingLabs

Generative, schmenerative:

Industry warns of doom unless #AI tamed. Today’s #GenerativeAI models are writing semi-decent code—shouldn’t we worry we’re prepping ground for Skynet?

In this week’s #SSBlogwatch we need your clothes, your boots and your motorcycle. For @ReversingLabs: https://t.co/A0B3AP8Et7

— @Richi 🤓 Jennings (@RiCHi) May 31, 2023

‘Predator’ — Nasty Android Spyware Revealed - Security Boulevard

‘Alien’ Technology:

#Malware used by nation-states to target journos, activists and opposition pols gets deconstructed. Its fast, silent attack is frightening.#Predator runs on #iOS and #Android. In today’s #SBBlogwatch, we unpick it. At @TechstrongGroup’s @SecurityBlvd: https://t.co/mP7WeUHZXy

— @Richi 🤓 Jennings (@RiCHi) May 30, 2023

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT - Security Boulevard

IEC 60870-5-104 ‘insecure by design’:

New #malware that disrupts #electricity #grid​s. The threat, dubbed #COSMICENERGY, shares DNA with other nasties.

And, yes, it appears to come from #Russia. In today’s #SBBlogwatch, we беспокоимся о будущем. At @TechstrongGroup’s @SecurityBlvd: https://t.co/60TFPSqTH6 #ICS

— @Richi 🤓 Jennings (@RiCHi) May 26, 2023

US DoJ Makes PyPI Give Up User Data ¦ Tape Storage: Not Dead - DevOps.com

The moral of the story: The report of my death has been grossly exaggerated

In this week’s #TheLongView:
1⃣ @PyPI complies with a “string of subpoenas,” and
2⃣ #LTO continues to grow, despite predictions of its demise.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/a9wWCbJgCv #DevOps

— @Richi 🤓 Jennings (@RiCHi) May 25, 2023

‘BrutePrint’ Unlocks Android Phones — Chinese Researchers - Security Boulevard

SPI/TEE MITM FAIL:

A brace of 0-days allow them to unlock @Android phones with a fake #fingerprint. They’ve dubbed it #BrutePrint.

Check your #ThreatModel for broken #biometrics. In today’s #SBBlogwatch, we touch on all the issues.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/iGrXGStaae

— @Richi 🤓 Jennings (@RiCHi) May 24, 2023