Data Privacy
![A ballet dancer sitting with her head in her hands](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
Richi Jennings | | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
Security Boulevard
![Apple CEO Tim Cook, looking grim](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
Richi Jennings | | App Sec & Supply Chain Security, Apple, Apple iOS, AppSec & Supply Chain Security, CocoaPods, CVE-2024-38366, CVE-2024-38368, dependencies, dependency injection, Dependency Management, macos, macOS Security, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, SB Blogwatch, software dependencies, Supply-Chain Insecurity, third-party dependencies, trust dependencies
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
Security Boulevard
![Vladimir Vladimirovich Putin (or possibly a very good lookalike)](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk
Richi Jennings | | 2-factor authentication, 2fa, 2FA/MFA, APT29, Cozy Bear, CozyCar, CozyDuke, Dark Halo, enshittification, MFA, mfa protection, Midnight Blizzard, multi-factor, multi-factor authenication, Multi-Factor Authentication, Multi-Factor Authentication (MFA), multi-factor-auth, NOBELIUM, Nobeliumm, Office Monkeys, Russia, russia hacker, russia-based, russian, SB Blogwatch, SolarWinds, SolarWinds Vulnerability, solarwinds-hack, StellarParticle, SVR, TeamViewer, The Dukes, two-factor, two-factor athentication, Two-Factor Humor, two-factor-authentication.2fa, UNC2452, YTTRIUM
SolarWinds hackers strike again: Remote access service hacked—by APT29, says TeamViewer ...
Security Boulevard
![The Temu app on a smartphone screen peeking out from a pocket](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Temu is Malware — It Sells Your Info, Accuses Ark. AG
Richi Jennings | | breach of privacy, china, china espionage, Chinese, Chinese Communists, Chinese cyber espionage, chinese government, customer location, geofencing and location tracking, geolocation, Location, location access permission, location access risks, location data, Location data privacy, location history, location intelligence, location privacy, location services, location sharing location tracking, PDD Holdings, Pinduoduo, Privacy, SB Blogwatch, Temu, Whaleco
Chinese fast-fashion-cum-junk retailer “is a data-theft business.” ...
Security Boulevard
![A flock of ostriches (or is it a troop?)](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
WordPress Plugin Supply Chain Attack Gets Worse
Richi Jennings | | hacked WordPress, hacking wordpress, plug-in, plug-in vulnerability, plug-ins, rogue plug-in, SB Blogwatch, software supply chain, software supply chain attack, software supply chain attacks, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity, Themes and Plug-ins, wordpress, WordPress plug-in, wordpress plugin update, Wordpress Plugin Vulnerability, WordPress Plugin Vulnerability Exploitation, WordPress Plugins, WordPress Plugins and Themes
30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) ...
Security Boulevard
![MFA, cyberattacks, cybersecurity, MFA CISA multi-factor authentication](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Misconfigured MFA Increasingly Targeted by Cybercriminals
In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication (MFA) issues, according to the latest Cisco Talos report ...
Security Boulevard
![KC Green’s seminal “This Is Fine” cartoon, where a dog drinks coffee, seemingly oblivious to a fire that’s engulfing the house.](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive
Richi Jennings | | Microsoft, Microsoft Account Security, Microsoft OneDrive, Microsoft Windows, OneDrive, Privacy, SB Blogwatch, Windows, Windows 11
Copying users’ files and deleting some? Even a cartoon hound knows this isn’t fine ...
Security Boulevard
![Android Rafel RAT ransomware](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Rafel RAT Used in 120 Campaigns Targeting Android Device Users
Multiple bad actors are using the Rafel RAT malware in about 120 campaigns aimed at compromising Android devices and launching a broad array of attacks that range from stealing data and deleting ...
Security Boulevard
![Row upon row of unsold vehicles](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global
Richi Jennings | | Automotive, Automotive industry, Car Dealer, CDK Global, cloud outage, cloud Saas, Downtime and outages, outage, outages, Private Equity, Ransomware, SaaS, SaaS App Security, SB Blogwatch, Software-as-a-Service, Software-as-a-Service (SaaS)
Spend more on security! Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again) ...
Security Boulevard
![“Oh, won’t somebody please think of the children?”](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
EU Aims to Ban Math — ‘Chat Control 2.0’ Law is Paused but not Stopped
Richi Jennings | | Chat Control, Child Abuse, child exploitation, child porn, child pornography, child sexual exploitation, CSAM, CSEM, E2EE, encryption, end-to-end encryption, eu, Europe, European Compliance, european election, European Governments, European legislation, European Union, European Union (EU), SB Blogwatch, signal, WhatsApp, Won’t somebody think of the children?
Ongoing European Union quest to break end-to-end encryption (E2EE) mysteriously disappears ...
Security Boulevard