Latest posts tagged with #SBBlogwatch on Bluesky
Former head of #L3Harris’s #Trenchant “offensive cyber” division admits to stealing weapons-grade exploit chain worth $35 million and then selling it for personal gain.
Raises important questions about national security risks of outsourcing such weaponry. In #SBBlogwatch, we go out with a whimper:
One notorious center for the grotesquely evil practice of #PigButchering is #Myanmar.
This week, #SpaceX is crowing about how it’s blocked 2,500 #Starlink satellite internet terminals being used by these scumbags to reach their victims. In #SBBlogwatch, we wonder what took Elon so long.
#Microsoft’s #Windows security update rollup is badly buggy this month. #WinRE recovery environment doesn’t work with most keyboards and mice. And a fix for a cryptography bypass bug is causing failures.
Leading to concerns about the #Windows dev process. In #SBBlogwatch, we grab a Linux ISO:
Anything any #Android app can display is vulnerable to #Pixnapping attack—including #2FA codes. “It’s like Rowhammer, but for the screen,” quips one wag.
Google thought it had already fixed the previously undisclosed flaw. But the group’s demo says not. In #SBBlogwatch, we blur the pels:
#Redis (Remote Dictionary Server) and its open source fork #Valkey share a scary flaw that can give an attacker full RCE. It’s been assigned a max CVSS score of 10.0—you don’t often see that.
#Redis shouldn’t normally be exposed to the internet, but it often is. In #SBBlogwatch, we descend a layer:
#Japan’s biggest producer of beer is still not producing any beer this week. #Asahi Group Holdings shut down production Monday after detecting a cyber intruder.
And today it’s confirmed fears of #ransomware. In #SBBlogwatch, we dry out.
securityboulevard.com/2025/10/japa...
The #Akira gang have found a way to override the multifactor authentication in #SonicWall SSL VPN appliances. These scrotes appear to be able to move laterally from the VPN boxes to deploy #ransomware.
It’s worrying that they’ve broken SonicWall’s #2FA. In #SBBlogwatch, we hear customers’ anger:
Iconic British brand warns it would stay stalled for longer. Loose confederation of threat actors, now calling itself Scattered Lapsus$ Hunters, claims it hacked the big car firm—via tedious Telegram trolling.
Yes, it’s those Salesforce vish kiddies again. In #SBBlogwatch, we drive the point home.
U.S. sen #RonWyden demanding #FTC do something about #Microsoft already. Says Satya’s crew to blame for some awful #ransomware attacks, via vuln 10+ years old.
#Kerberoasting exploit affects #ActiveDirectory installs not configured to modern specs. In #SBBlogwatch, we wonder where to point fingers:
Pair of ethical hackers discover “catastrophic” vulns in code running #BurgerKing, etc. sites. Owner quickly fixed flaws, but then #Cyble issued sus-seeming #DMCA takedown.
Tale as old as time: Poor, unfortunate $8½ billion corp vs. evil, vindictive, millennial hackers. In #SBBlogwatch, we rule:
Four weeks ago, #Google admitted it was hacked—via #vishing. Sadly, this sparked a journalistic game of Telephone: Over the space of four weeks, it became, “2.5 billion #Gmail users hacked!!1!”
Sigh. “This is entirely false,” complains Google. In #SBBlogwatch, we bait for clicks during dog days.
A subsidiary of Zurich Insurance (SIX:ZURN) admitted to a huge leak: More than one million customers’ data.
#FarmersGroup is the latest corporation ’fessing up to its data going AWOL via #ScatteredSpider #Salesforce vishing.
In #SBBlogwatch, we wonder what their Swiss masters will think:
Chinese web users couldn’t access websites outside the People’s Republic yesterday—with no explanation. Nobody’s sure whether it was a mistake or an ominous test of new #censorship capabilities.
But some are linking it to a recent outage in #Pakistan. In #SBBlogwatch, we shave with Hanlon’s razor.
The U.S. administration is celebrating a “mutually beneficial understanding” with the #UK, meaning #Apple won’t need to backdoor #iCloud. Tulsi Gabbard and JD Vance seem happy about it, anyway.
However, it’s not entirely clear that anything’s really changed. In #SBBlogwatch, we doctor the spin.
35 data brokers employed #DarkPatterns to discourage #Californians from exercising privacy rights. Hid legally required web pages from Google—so we can’t find them.
Senator unhappy, accuses firms of “requiring people to navigate byzantine labyrinths.” In #SBBlogwatch, we join her trisyllabic diss.
Venerable file compression-cum-archiving tool suffers yet another exploited vuln, causing the sole developer to issue a patch. Is it time to ditch WinRAR?
Yes! Here’s why: Eugene Roshal (pictured) doesn’t believe in automatic updates. In #SBBlogwatch, we can’t believe it’s still like that in 2025.
#Google finally admitted it got socially engineered—leading to a breach of #CRM data. Yes, Google got vished.
Do scrotes have your info? We don’t know; Google’s not saying.
What’s worse is this happened a couple of MONTHS ago. In #SBBlogwatch, we wonder why it took Google so long to tell us:
The company behind the #Bee bracelet is being bought by #Amazon. It seems like Jeff Bezos (pictured) just can’t get enough of knowing everything about you and your life.
Naturally, this raises a ton of privacy questions. In #SBBlogwatch, we have more questions than answers:
#Gaskar Group, #Russian designer of drones plaguing #Ukraine skies, in utter disarray. Or, at least, so says Ukrainian military intelligence.
Hacker groups steal and delete 57 TB of critical data and backups, preventing the company from operating. In #SBBlogwatch, we peer through the fog of war.
U.S. freight trains use radio link between front/rear, designed ~40y ago. But the Flashing Rear End Device (#FRED) can be told to slam on the brakes via a weak wireless protocol.
Latest researcher to signal problem says, “You could shutdown the entire system.” In #SBBlogwatch, we get to the points:
4 youngsters are in custody today, alleged to be notorious #ScatteredSpider hackers (or at least, some of them). “Loose affiliation” of hackers is suspected of badly disrupting operations at three large retail chains since April.
In #SBBlogwatch, we channel Sir William Garrow:
British shopping titan M&S still dealing with mess caused by April’s #ransomware attack. At least three months more work ahead says firm’s chairman, Archie Norman (pictured).
But persistent rumors say M&S paid #ScatteredSpider’s ransom demand. In #SBBlogwatch, Norman will neither confirm nor deny:
A new data leak shows the dangers of secret, silent #stalkerware. An app known as #Catwatchful appears to be just as insecure as all the others.
The Catwatchful app’s user login database was vulnerable to a simple #SQLinjection attack. In #SBBlogwatch, we call for Little Bobby Tables.
U.S. Immigration and Customs Enforcement (ICE) agents are using a new phone app: #MobileFortify puts “instant, #AI powered” #FacialRecognition in their hands. What could possibly go wrong?
A major risk is inaccurate recognition. In #SBBlogwatch, the French want their statue back:
House of Representatives bans use of Meta’s #WhatsApp chat app on its managed devices. Jamie Crotts (pictured) is CAO’s CIO, tasked with denying staffers any use of WhatsApp on House devices.
Apparently, #Meta suffers from “a lack of transparency.” In #SBBlogwatch, we wonder who’ll be next:
Federal agencies have spent the past 18 months piecing together this complex #MoneyLaundering web. And now they’re ready to announce seizure of a few hundred million from industrial scale #PigButchering #scams.
You can almost hear the bacon sizzling. In #SBBlogwatch, we grab the lettuce and tomato:
#Trump reprieves #TikTok a third time, despite concerns about #security, press freedom and child safety. White House says he’ll sign yet another EO preventing enforcement of #PAFACA (Protecting Americans from Foreign Adversary Controlled Applications Act).
In #SBBlogwatch, we turn the page for you.
United Natural Foods (UNFI) had to switch off systems after a cyberattack, crippling its operations. This is a huge deal, because #UNFI is a big part of the grocery distribution network.
Once again, it looks like the work of #UNC3944, a/k/a #ScatteredSpider. In #SBBlogwatch, we hoard canned goods.
Millions of websites leaking your private information to #Meta. By hacking #Android browser features, Meta is tracking you all the way around the web—with no disclosure.
As soon as researchers disclosed the #LocalMess problem, Meta stopped it—for now. In #SBBlogwatch, we go live in a cave:
#WindowsUpdate keeps #Windows updated (well, duh). It can also update some “other #Microsoft products,” if you let it. Soon, it’ll be able to do the same for other companies’ apps.
Messy musical metaphors aside, this seems like a good idea. In #SBBlogwatch, we wave a baton:
