Lesson from supply chain attacks: Beware 'dependency confusion' - TechBeacon

After Alex Birsan’s $130,000 bug-bounty haul last week, hundreds of bogus npm packages have popped up out of nowhere. They appear to have been published by copycat researchers—some of whom have less-than-pure intentions.

The moral of the story? Make sure the code you’re importing really is the code you think you’re importing.

And, of course, that means he was running his code on other people’s networks. In this week’s #SecurityBlogwatch at @TechBeaconCom, we get lost: https://t.co/r8SepQEDlY

— @Richi 😷 Jennings (@RiCHi) February 18, 2021

Internal Leak of 4,887 Users: Yandex Employee Fate Unknown - Security Boulevard

$YNDX Stays Schtum

No word on what’s happened to the scrote. In today’s #SBBlogwatch at @SecurityBlvd, we visualize them chopped up and hidden in matryoshka dolls: https://t.co/C37YigOSXu

— @Richi 😷 Jennings (@RiCHi) February 15, 2021

Hackers Sell ‘Cyberpunk 2077’ Data and Source for Millions - Security Boulevard

CDPR PR FAIL

What would Keanu do? In today’s #SBBlogwatch at @SecurityBlvd, we take the #RedPill: https://t.co/zNEcklrmnH

— @Richi 😷 Jennings (@RiCHi) February 12, 2021

There are no good app stores. Not iOS nor Android. Change my mind - TechBeacon

The moral of the story? Watch out for scam clones of your app, and for bad reviews targeting similarly named apps.

It’s all about the mighty dollar. In this week’s #SecurityBlogwatch at @TechBeaconCom, we follow the money: https://t.co/hpkpkK8EKs

— @Richi 😷 Jennings (@RiCHi) February 11, 2021

Water Supply Poisoned by Hacker in Oldsmar, Fla. - Security Boulevard

TeamViewer Vulnerability Probed

It’s another reminder of the risks of putting #SCADA/#ICS systems on the internet. In today’s #SBBlogwatch at @SecurityBlvd, we crack open a delicious Évian: https://t.co/wIAhLbkWrk

— @Richi 😷 Jennings (@RiCHi) February 9, 2021