OPSEC FAIL: US Military Email Going to Mali — via Typo
Richi Jennings | | defense department, Department of Defense, DoD, E-mail, email, Johannes Zuurbier, Mali, military, Military Communications, mxrecords, pentagon, Russia, SB Blogwatch, U.S. Department of Defense, U.S. military, United States Department of Defense, US DOD, US Military
MX Mixup: Russian-allied government can intercept “highly sensitive information”—because there’s no “I” in .ML ... Read More
China Breaches Microsoft Cloud — Spied on US Govt. Email
Richi Jennings | | Active Directory, Authentication, Azure Active Directory, Azure AD, Exchange, Microsoft, Outlook.com, SB Blogwatch, Storm-0558
Storm-0558 Brewing: Multiple Microsoft failures cause data leaks at State and Commerce depts., plus 23 other orgs ... Read More
Contec SolarView: Critical Bug Unpatched After 14 MONTHS
Richi Jennings | | Contec, CVE-2022-29303, CVE-2022-44354, CVE-2023-23333, ICS, ICS/SCADA, iot, Mirai, Mirai botnet, OT, SB Blogwatch, SCADA, SolarView
PV OT: VPN PDQ! 9.8 CVSS known since May 2022—but still exploitable on 400+ net-connected OT/ICS/SCADA systems ... Read More
Digital ‘Birth Certificates’ for Vehicular Cybersecurity
There's a growing likelihood for catastrophic cyberattacks on vehicles that could disable brakes, take over steering and even steal personal information ... Read More
Fortinet Bug: RUN — Don’t Walk — to Patch Critical RCE
Richi Jennings | | CVE-2023-27997, Fortigate, FortiNAC, Fortinet, Fortinet VPN, Fortiphyd, FortiSIEM, Heap Overflow, rce, SB Blogwatch
Or just get it off the internet, stat ... Read More
Ironic: LetMeSpy Spyware Hackers Were Hacked (by Hackers)
Richi Jennings | | android spyware, cyberstalking, Data breach, Data Leaks, iOS spyware, LetMeSpy, maia arson crimew, Malware Spyware, Parental Control, parental controls, Privacy, SB Blogwatch, spyware, Stalkerware, Stalking, Stalkware
Content warning: Abuse, stalking, controlling behavior, Schadenfreude, irony, doxxing ... Read More
GDPR FAIL: US Firm ‘Profiles Half the World’ — it’s Max Schrems Again
Richi Jennings | | Belgium, BICS, Data Privacy, EEA, eu, EU GDPR, EU Privacy Shield, EU-US Privacy Shield, Europe, Europe Regulation, European Compliance, European Court of Human Rights, European Digital Rights, European Union, European Union (EU), GDPR, GDPR compliance, gdpr eu, GDPR fine, GDPR violations, Privacy, Privacy Shield, Proximus, risk scoring, safe harbor, SB Blogwatch, Schrems, Schrems II, Scoring, social credit scores, TeleSign, Trans-Atlantic Data Privacy Framework
NYOB accuses TeleSign, Proximus and BICS of misusing phone users’ private data. Reputation scoring = privacy violation? ... Read More
Reddit Ransomware Raid Redux: BlackCat/ALPHV Demands $4.5M
Richi Jennings | | ALPHV ransomware, Blackcat, BlackCat ransomware, Breach, Privacy, Ransomware, reddit, Reddit breach, SB Blogwatch
And now, this: John-Oliver-pics protest won’t change Reddit policy, but will ransom demand work? ... Read More
PharMerica Breach: The Lure of Health Care Data
Two months after noticing suspicious activity in its systems, PharMerica disclosed that nearly six million patients had their health care data stolen by threat actors. The large pharmacy services company, which has more than 2,500 locations in the U.S., filed a data breach notification in May 2023. PharMerica noted that ... Read More
CISA Warning: MOVEit Has Yet Another Zero-Day SQL Injection RCE Bug [updated]
Richi Jennings | | CL0P, Cl0p Ransomware, clop, clop-ransomware, CVE-2023-34362, CVE-2023-35036, CVE-2023-35708, MOVEit Cloud, MOVEit Transfer, MOVEit Transfer Zero Day, Progress Software, Ransomware, SB Blogwatch, sql injection, SQL injection attack, SQL injection attacks, sql injection prevention, SQL Injection Vulnerabilities, SQL injections
Once is happenstance. Twice is coincidence. Three times is sheer incompetence ... Read More