Securing the Cloud

Hot Topics

Tenable, application security, vulnerabilities, software, vulnerabilities, issues, servers, vulnerability, Linux, vulnerability management, risk-based, vulnerabilities third-party supply chain Okta endpoint security

Networking Equipment Riddled With Software Supply Chain Risks

Nathan Eddy | July 26, 2024 | CVE, IT network, IT Security, networking, router, SBOM, supply chain security, switch, vulnerability

Outdated software components often contain vulnerabilities that have been discovered and are well-understood by threat actors ...

Security Boulevard

EFF Angry as Google Keeps 3rd-Party Cookies in Chrome

Regulatory capture by stealth? Google changes its mind about third-party tracking cookies—we’re stuck with them for the foreseeable ...

Security Boulevard

A still from the 1928 animated short, “Steamboat Willie”—the first appearance of Mickey Mouse

Disney 1.2 TB Slack Hack: NullBulge Claims Leak is its Own

Richi Jennings | July 17, 2024 | Disney, hacktivism, Hacktivist, Hacktivists, hacktivity, NullBulge, SB Blogwatch, slack, Slack breach

Steamboat bloat: Hacktivist group wields infostealer Trojan, leaks 1,200 GB of mouse droppings ...

Security Boulevard

Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen)

Richi Jennings | July 16, 2024 | API exploit, blockchain, Crypto, cryptocurrencies, cryptocurrency, cryptocurrency exchange, DeFi, domain hijacking, Google Domains, imaginary money, Ponzi scheme, SB Blogwatch, smart contract, Smart Contract Security, smart contracts, Squarespace, Web3

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decentralized finance sites ...

Security Boulevard

AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again

Should’ve used MFA: $T loses yet more customer data—this time, from almost all of them ...

Security Boulevard

cloud security, extortion, Palo Alto, AWS

The Team Sport of Cloud Security: Breaking Down the Rules of the Game

Rodman Ramezanian | July 11, 2024 | cloud failure, Cloud Security, CSPs, security risks

Cloud security in 2024 is akin to playing a team sport – it requires clear communication and collaboration between technology vendors and customers ...

Security Boulevard

‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans

Richi Jennings | July 10, 2024 | blast radius, collision-based-hashing-algorithm-disclosure, CVE-2024-3596, hash, hash algorithms, hash function, hash functions, Man In The Middle, man in the middle attack, man in the middle attacks, maninthemiddleattacks, md5 hash, men-in-the-middle attack, mitm, MitM Attack, mitm attacks, RADIUS, SB Blogwatch

MD5 MITM Muddle: Ancient, widely used protocol has CVSS 9.0 vulnerability ...

Security Boulevard

Biggest Ever Password Leak — but is ObamaCare’s RockYou2024 Really NEW?

Richi Jennings | July 9, 2024 | credentials, Cybersecurity, Malware, ObamaCare, Passkeys, passwords, rockyou2021, RockYou2024, SB Blogwatch

Credential crunch: Ten billion plain-text passwords in a file—sky falling or situation normal? ...

Security Boulevard

A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Richi Jennings | July 5, 2024 | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...

Security Boulevard

Vladimir Vladimirovich Putin (or possibly a very good lookalike)

‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk

SolarWinds hackers strike again: Remote access service hacked—by APT29, says TeamViewer ...

Security Boulevard

Securing the Cloud

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On