DevOps
![A ballet dancer sitting with her head in her hands](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
Richi Jennings | | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
Security Boulevard
![Auditing the Ask Astro LLM Q&A app](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Auditing the Ask Astro LLM Q&A app
Today, we present the second of our open-source AI security audits: a look at security issues we found in an open-source retrieval augmented generation (RAG) application that could lead to chatbot output ...
![Alert correlation and prioritization workflow in Smart SOAR's ransomware playbook.](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Stop Ransomware in its Tracks: Suspicious File Activity
Pierre Noujeim | | Alert Prioritization, Automated Alert Enrichment, Automated Playbooks, D3 Smart SOAR, Incident Response, Ransomware, SOAR, Suspicious File Activity, Threat Isolation, Threat Mitigation
The Threat Scenario Consider a scenario where your file server, “D3Cyber-FileServer,” triggers an alert. The alert indicates an encryption attempt on “important_document.docx” by the command-line tool “cmd.exe.” This activity could signal a ...
![CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368
For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we ...
![Apple CEO Tim Cook, looking grim](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
Richi Jennings | | App Sec & Supply Chain Security, Apple, Apple iOS, AppSec & Supply Chain Security, CocoaPods, CVE-2024-38366, CVE-2024-38368, dependencies, dependency injection, Dependency Management, macos, macOS Security, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, SB Blogwatch, software dependencies, Supply-Chain Insecurity, third-party dependencies, trust dependencies
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
Security Boulevard
![Vladimir Vladimirovich Putin (or possibly a very good lookalike)](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk
Richi Jennings | | 2-factor authentication, 2fa, 2FA/MFA, APT29, Cozy Bear, CozyCar, CozyDuke, Dark Halo, enshittification, MFA, mfa protection, Midnight Blizzard, multi-factor, multi-factor authenication, Multi-Factor Authentication, Multi-Factor Authentication (MFA), multi-factor-auth, NOBELIUM, Nobeliumm, Office Monkeys, Russia, russia hacker, russia-based, russian, SB Blogwatch, SolarWinds, SolarWinds Vulnerability, solarwinds-hack, StellarParticle, SVR, TeamViewer, The Dukes, two-factor, two-factor athentication, Two-Factor Humor, two-factor-authentication.2fa, UNC2452, YTTRIUM
SolarWinds hackers strike again: Remote access service hacked—by APT29, says TeamViewer ...
Security Boulevard
![The Temu app on a smartphone screen peeking out from a pocket](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Temu is Malware — It Sells Your Info, Accuses Ark. AG
Richi Jennings | | breach of privacy, china, china espionage, Chinese, Chinese Communists, Chinese cyber espionage, chinese government, customer location, geofencing and location tracking, geolocation, Location, location access permission, location access risks, location data, Location data privacy, location history, location intelligence, location privacy, location services, location sharing location tracking, PDD Holdings, Pinduoduo, Privacy, SB Blogwatch, Temu, Whaleco
Chinese fast-fashion-cum-junk retailer “is a data-theft business.” ...
Security Boulevard
![Microsoft Skeleton Key AI jailbreak](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Skeleton Key the Latest Jailbreak Threat to AI Models: Microsoft
Microsoft details Skeleton Key, a new jailbreak technique in which a threat actor can convince an AI model to ignore its built-in safeguards and respond to requests for harmful, illegal, or offensive ...
Security Boulevard
![Finding leaked credentials in Docker images - How to secure your Docker images](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Container Security Scanning: Vulnerabilities, Risks and Tooling
Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide ...
![Introducing Azul Code Inventory](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Trash Pandas Love Enterprise Java Garbage Code
If raccoons were software engineers, they would feel at home inside many enterprise systems. These systems are often full of unused and dead code that was written, fully tested, then altered in ...