Tuesday, 31 January 2023

Another Password Manager Leak Bug: But KeePass Denies CVE - Security Boulevard

‘Nihilistic; Dismissive’
Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw.

Friday, 27 January 2023

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al - Security Boulevard

Site Seized; Russians Riled: The ransomware scrotes known as Hive got pwned this week. Their servers are no more.

Wednesday, 25 January 2023

Microsoft Outage Outrage: Was it BGP or DNS? - DevOps.com

The moral of the story: Life imposes things on you that you can’t control, but you still have the choice of how you’re going to live through this

Tuesday, 24 January 2023

Move over, npm: Trust VS Code extensions at your own risk, dev teams - ReversingLabs

VSC Marketplace FAIL: It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect.

Monday, 23 January 2023

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew - Security Boulevard

FBI TSC CSV on AWS S3: CommuteAir, a United Airlines puddle-jumper affiliate, leaked the federal government’s No-Fly and “Selectee” lists. Or, at least, a snapshot from 2019—totaling more than 1.8 million entries.

Friday, 20 January 2023

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks - Security Boulevard

Magenta Maladministration: T-Mobile US has been hacked yet again. In case you’re not keeping score, that’s the sixth time since 2018.

Thursday, 19 January 2023

8-Bit Floating Point for AI/ML? | Amazon and Microsoft Shed Tech Jobs - DevOps.com

The moral of the story: You never really learn much from hearing yourself speak

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’? - ReversingLabs

Good thing, or bad?
GitHub launches Code Brushes — a fascinating new “usable prototype” toolbox in the Copilot Labs Visual Studio Code extension. In theory, it can make your code more secure, easier to understand and more.

Monday, 16 January 2023

Another Password Manager Breach: NortonLifeLock Apes LastPass - Security Boulevard

Monkey123 See — Monkey123 Do: NortonLifeLock is warning customers their passwords are loose. First LastPass, now this?

Friday, 13 January 2023

Yikes, Control Web Panel has Critical RCE — Patch NOW - Security Boulevard

CWP RCE CVE POC BBQ: Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being exploited right now.

Thursday, 12 January 2023

FAA Ground Stop due to Technical Debt? | Don’t Do DIY Crypto! - DevOps.com

The moral of the story: Don’t settle for what life gives you—make life better and build something

Wednesday, 11 January 2023

If you don't love me now: JsonWebToken breaks the software supply chain (again) - ReversingLabs

JWT type confusion: Yes, here’s another example of the risks in uncontrolled software supply chains. This npm library is relied upon by countless apps and services — perhaps yours.

Tuesday, 10 January 2023

Digital License Plates: Stupid, Pointless, Insecure - Security Boulevard

The ‘S’ in IoT is for Security: Reviver’s Rplate digital license plates are inherently insecure: Their design seems to be riddled with privacy holes, given the apparent lack of API security, which is easily defeated.

Monday, 9 January 2023

CES 2023 FAIL: Worst in Show for Security and Privacy - Security Boulevard

This Happened in Vegas — it Should Stay in Vegas: The Consumer Electronics Show wrapped up yesterday. But some vendors faced stiff criticism over their privacy and security stances.

Thursday, 5 January 2023

Southwest Airlines: ‘Shameful’ Technical Debt Bites Back - DevOps.com

The moral of the story: I like criticism. It makes you strong.

Wednesday, 4 January 2023

PyTorch supply chain attack: Dependency confusion burns DevOps - ReversingLabs

Flaming security posture: A classic dependency confusion attack revealed itself last week. The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI.

Tuesday, 3 January 2023

‘We Must Ban TikTok!’ — Senate, House, FCC Agree - Security Boulevard

GOP: No FYP for U
TikTok’s days are numbered in the U.S.—if the GOP has its way. Because the app is “a sophisticated surveillance tool” that embodies China’s “techno-totalitarian control,” they say.