Shakedown Social

Richi Jennings<a href="https://vmst.io/tags/Zuckerberg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zuckerberg</a>’s privacy pledge revealed as ineffectualMillions of websites are leaking your private information to <a href="https://vmst.io/tags/Meta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Meta</a>, the parent company of <a href="https://vmst.io/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Facebook</a>, <a href="https://vmst.io/tags/Instagram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Instagram</a>, etc. By hacking <a href="https://vmst.io/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a> browser features in ways that were never intended, Meta is tracking you all the way around the web—with no disclosure nor oversight.Incognito mode doesn’t stop it; neither does blocking 3rd-party cookies. Russian social giant <a href="https://vmst.io/tags/Yandex" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Yandex</a> is doing it too.As soon as researchers disclosed the <a href="https://vmst.io/tags/LocalMess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LocalMess</a> problem, Meta stopped it—for now. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we go live in a cave.<a href="https://securityboulevard.com/2025/06/meta-local-mess-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/06/meta-local-mess-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi Jennings<a href="https://vmst.io/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> fixes and other updates will be “orchestrated” by Redmond’s own <a href="https://vmst.io/tags/update" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#update</a> tool.<a href="https://vmst.io/tags/WindowsUpdate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WindowsUpdate</a> keeps <a href="https://vmst.io/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> updated (well, duh). It can also update some “other <a href="https://vmst.io/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> products,” if you let it. Soon, it’ll be able to do the same for other companies’ apps.But WHY must <a href="https://vmst.io/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> misuse the concept of <a href="https://vmst.io/tags/orchestration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#orchestration</a> to describe it? Messy musical metaphors aside, this seems like a good idea. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we wave a baton.@TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/05/windows-update-open-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/05/windows-update-open-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a> $MSFT

Richi JenningsResearchers find we’ll need 20 times fewer qubits to break conventional encryption than previously believed.A new paper puts a fire under DevOps, IT teams and anyone else using modern RSA—or similar public-key cryptosystems. Factoring big primes now seems much, much easier for <a href="https://vmst.io/tags/QuantumComputers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#QuantumComputers</a> than we thought even a few years ago.Of course, the Devil is in the details. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we never shy away from detail.@TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/05/quantum-rsa-20x-gidney-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/05/quantum-rsa-20x-gidney-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi JenningsPrivacy-first messenger blocks <a href="https://vmst.io/tags/MicrosoftRecall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MicrosoftRecall</a><a href="https://vmst.io/tags/Recall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Recall</a>, <a href="https://vmst.io/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a>’s “magical” AI tool that watches everything you do, is back. But the team behind private messaging app <a href="https://vmst.io/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> aren’t happy about it—they’ve added a feature to stop Recall taking screenshots of your chats.As you might recall, Recall was initially dubbed a “<a href="https://vmst.io/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> disaster,” before being “delayed indefinitely.” But Microsoft tweaked and relaunched it. And in <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, people aren’t entirely happy about that.@TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/05/signal-recall-drm-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/05/signal-recall-drm-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi JenningsEU Vulnerability Database (<a href="https://vmst.io/tags/EUVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EUVD</a>) launches this week. And not a moment too soon.The EU Agency for Cybersecurity (<a href="https://vmst.io/tags/ENISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ENISA</a>) has brought EUVD out of beta. Born from a 2022 EU law, EUVD will work alongside MITRE’s Common Vulnerabilities and Exposures database (<a href="https://vmst.io/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a>)—the future of which is still hazy after last month’s last-minute funding reprieve.ENISA executive director Juhan Lepassaar (pictured) is keen to get on with the job. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we take this kiss throughout the world.@TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/05/euvd-launch-cve-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/05/euvd-launch-cve-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi Jennings21 million screenshots in one open bucket.Workplace surveillance system <a href="https://vmst.io/tags/WorkComposer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WorkComposer</a> is under fire this week, for storing sensitive data with ZERO <a href="https://vmst.io/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>. The hapless firm saved more than 21 million screenshots from 200,000 users’ work PC screens—and popped them in an open <a href="https://vmst.io/tags/AmazonWebServices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AmazonWebServices</a> <a href="https://vmst.io/tags/S3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#S3</a> bucket.Hackers could have easily stolen company secrets—and personal ones, too. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we can’t quite believe it.@TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/04/21m-screenshots-open-s3-bucket-workcomposer-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/04/21m-screenshots-open-s3-bucket-workcomposer-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi Jennings<a href="https://vmst.io/tags/PigButchering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PigButchering</a> and other serious scams still thriving, despite crackdowns in Dubai and MyanmarOrganized crime groups use hundreds of thousands of slaves to scam tens of billions of dollars from victims. That’s the stark warning from the <a href="https://vmst.io/tags/UnitedNations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnitedNations</a> this week, pointing to massive fraud factories moving into “vulnerable” parts of Asia.The UN researchers say we’ve reached a tipping point in the scale of such serious scams. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we wallow in glorious mud.@TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/04/un-scam-warning-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/04/un-scam-warning-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi JenningsU.S. government funding for the Common Vulnerabilities and Exposures program expires April 16.The security industry is panicking over the potential loss of the <a href="https://vmst.io/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> program. Run by the <a href="https://vmst.io/tags/MITRE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MITRE</a> non-profit, the CVE database is a critical tool for tracking the status of vulnerabilities.<a href="https://vmst.io/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> just announced a temporary reprieve, but the dangers are obvious. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we look for the opportunities.@TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/04/mitre-cve-funding-crisis-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/04/mitre-cve-funding-crisis-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi JenningsLarry’s PR angels desperately dance on the head of a pin.<a href="https://vmst.io/tags/Oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Oracle</a> is now admitting that, yes, an <a href="https://vmst.io/tags/OracleCloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OracleCloud</a> service was breached—or so we’re told by deep throat sources. This is, of course, despite last week’s vehement denials.Yet it’s still not official. And Oracle seems to be justifying its previous denial with a semantic sleight-of-hand worthy of Bill Clinton. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we see men tic.@TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/04/oracle-cloud-breach-redux-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/04/oracle-cloud-breach-redux-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi JenningsChinese firm banned by U.S. is shady entity behind a clutch of free VPN apps—with over 1M downloads.Apple and Google are under fire for failing to vet the ownership of at least 20 <a href="https://vmst.io/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VPN</a> apps. Researchers have fingered <a href="https://vmst.io/tags/Qihoo360" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Qihoo360</a> as the entity behind at least five of them—the company is banned from the U.S. for its links to the Chinese military. The other 15 are also China owned, but keep it a secret.<a href="https://vmst.io/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apple</a> is getting the worst of the criticism, thanks to its infamous privacy promise. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we don’t think it’s worth the paper it’s printed on. @TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/04/app-stores-oked-vpns-run-by-china-pla/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/04/app-stores-oked-vpns-run-by-china-pla/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi JenningsLarry Ellison’s PR pukes desperately follow the script.A hacker claims to have breached <a href="https://vmst.io/tags/OracleCloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OracleCloud</a> Infrastructure (OCI), stealing 6,000,000 records. But <a href="https://vmst.io/tags/Oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Oracle</a> Corp. says that’s not true.However, many customers confirmed the data is genuine. Several researchers point to a four-year-old critical vulnerability as the hacker’s entry point. But still Oracle keeps up the pretense.“There has been no breach,” the PR flaks cry. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we cry too. @TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/03/oracle-cloud-breach-deny-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/03/oracle-cloud-breach-deny-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi Jennings‘Ban These Chinese Routers NOW,’ Cries House Committee TP-Link in crosshairs, along with other brands.<a href="https://vmst.io/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chinese</a> consumer-grade networking gear is a dangerous <a href="https://vmst.io/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> threat, argue these fine gentlemen. Rep. Raja Krishnamoorthi (D-Illinois), Rob Joyce (former NSA director of cybersecurity) and Rep. John Moolenaar (R-Michigan) have hatched a plan to eradicate TP-Link routers and other plastic pigs from our homes.<a href="https://vmst.io/tags/TPLINK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TPLINK</a> on the other hand, is spitting feathers, arguing it’s not been a “Chinese” company for years. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we get familiar with <a href="https://vmst.io/tags/OpenWRT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenWRT</a>. <a href="https://securityboulevard.com/2025/03/krishnamoorthi-joyce-moolenaar-tp-link-china-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/03/krishnamoorthi-joyce-moolenaar-tp-link-china-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi Jennings<a href="https://vmst.io/tags/Cariad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cariad</a>, VW Group’s software arm, made this classic error.Personal data from hundreds of thousands of cars sat unsecured for about six months. <a href="https://vmst.io/tags/Volkswagen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Volkswagen</a> was keeping it in an Amazon cloud storage instance, but didn’t secure the keys.The big German firm ist sehr verlegen. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we hope for a safer 2025. At @TechstrongGroup⁠’s @SecurityBlvd: <a href="https://securityboulevard.com/2024/12/vw-cariad-ccc-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2024/12/vw-cariad-ccc-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi JenningsBeleaguered security firm issues initial post-mortem on Friday’s faux pas.As you’ll recall, millions of PCs and servers bluescreened last week. The cause was a corrupt <a href="https://vmst.io/tags/CrowdStrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CrowdStrike</a> security update that caused the machines to access illegal memory from within the Windows kernel itself.Today, we learned two incredible things: That this type of rapid update isn’t tested by people; and that <a href="https://vmst.io/tags/CrowdStrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CrowdStrike</a> doesn’t dogfood them, nor do staged, “canary” deployment. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we sit slack jawed in horror. At @TechstrongGroup’s @SecurityBlvd: <a href="https://securityboulevard.com/2024/07/crowdstrike-pir-canary-bsod-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2024/07/crowdstrike-pir-canary-bsod-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi JenningsThe Federal Communications Commission is finally minded to do something about decades-old vulnerabilities.Dusty, moldy, prehistoric protocols from the 1980s and ’90s still underpin our phone networks. Full of security holes, <a href="https://vmst.io/tags/SS7" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SS7</a> and <a href="https://vmst.io/tags/Diameter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Diameter</a> allow scrotes to track our locations—whether mobile or wired (ask your parents). The <a href="https://vmst.io/tags/FCC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FCC</a> is asking the industry to do something about it.We’ve known about the problems since the mid-1990s. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we ask, “Why now?” At @TechstrongGroup’s @SecurityBlvd: <a href="https://securityboulevard.com/2024/04/fcc-ss7-diameter-richixbw-2/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2024/04/fcc-ss7-diameter-richixbw-2/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Richi JenningsStop reusing <a href="https://vmst.io/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwords</a>, already. Here’s what else you should do.Almost 71 million sets of unique <a href="https://vmst.io/tags/credentials" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#credentials</a> have leaked, via an unnamed firm’s bug bounty program. Nicknamed Naz.API, the leak is making waves. After importing them into @HaveIBeenPwned.com, it turns out that 24 million are fresh.The site’s majordomo, @TroyHunt (pictured), sounds astounded. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we ran a scan. At @TechstrongGroup’s @SecurityBlvd: <a href="https://securityboulevard.com/2024/01/naz-api-troy-hunt-haveibeenpwned-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2024/01/naz-api-troy-hunt-haveibeenpwned-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

Recent searches

Search options

Administered by:

Server stats:

#sbblogwatch