Mastodawn

Pig-butchering scammers in Myanmar lose use of 2,500 Starlink terminals.

As we discussed earlier this year, organized crime groups are using slaves to scam people from massive #PigButchering factories. One notorious center for the grotesquely evil practice is #Myanmar.

This week, #SpaceX is crowing about how it’s blocked 2,500 #Starlink satellite internet terminals being used by these scumbags to reach their victims. In #SBBlogwatch, we wonder what took Elon so long.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/starlink-myanmar-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Elon Musk’s SpaceX ‘is Facilitating’ Scams via Starlink

Low Earth Pork: Pig-butchering scammers in Myanmar lose use of 2,500 Starlink terminals.

Security Boulevard

Richi Jennings Oct 21

Showstopper bugs with security certificates—plus failing USB keyboards and mice—cause QA questions.

#Microsoft’s #Windows security update rollup is badly buggy this month. Post-patch, the #WinRE recovery environment doesn’t work with most keyboards and mice. And a fix for a cryptography bypass bug is causing failures at several enterprises, requiring rollbacks or registry edits to resolve.

It’s leading to inevitable concerns about the #Windows dev process. In #SBBlogwatch, we grab a Linux ISO.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/patch-tuesday-fail-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc $MSFT

October Patch Tuesday Fails Hard — Windows Update Considered Harmful?

Satya fiddles while Redmond burns? Showstopper bugs with security certificates—plus failing USB keyboards and mice—cause QA questions.

Security Boulevard

Richi Jennings Oct 14

Researchers discover a new way to steal secrets from #Android apps.

Anything any Android app can display is vulnerable to the #Pixnapping attack—including #2FA codes. That’s the worrying claim from a group of researchers this week. “It’s like Rowhammer, but for the screen,” quips one wag.

Google thought it had already fixed the previously undisclosed flaw. But the group’s demo says not. In #SBBlogwatch, we blur the pels.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/pixnapping-android-attack-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

#Pixnapping: Android Timing Attack Sends Google Back to the Drawing Board

If at first you don’t succeed: Researchers discover a new way to steal secrets from Android apps.

Security Boulevard

Richi Jennings Oct 8

CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW.

#Redis (Remote Dictionary Server) and its open source fork #Valkey share a scary flaw that can give an attacker full remote code execution. It’s been assigned a maximum CVSS score of 10.0—which is something you don’t often see.

Redis shouldn’t normally be exposed to the internet, but it often is. In #SBBlogwatch, we descend a layer.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/redis-valkey-redishell-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc #RediShell

#RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln

Redis hell: CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW.

Security Boulevard

Richi Jennings Oct 3

Breaking: Big #beer brewer belatedly believes bitten by ransomware—and likely a data breach.

#Japan’s biggest producer of beer is still not producing any beer this week. #Asahi Group Holdings shut down production Monday after detecting a cyber intruder.

And today it’s confirmed fears of #ransomware. In #SBBlogwatch, we dry out.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/japan-asahi-beer-ransomware-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Richi Jennings Sep 29

Yet another security problem plaguing #SonicWall customers.

The #Akira #ransomware gang have found a way to override the multifactor authentication in #SonicWall SSL VPN appliances. These scrotes appear to be able to move laterally from the VPN boxes to deploy ransomware.

It’s worrying that they’ve broken SonicWall’s #2FA. In #SBBlogwatch, we hear customers’ anger.

https://securityboulevard.com/2025/09/sonicwall-akira-ransomware-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

‘Aggressive’ Akira Ransomware Blitz Clubs SonicWall 2FA to DEATH

Strange factors: Yet another security problem plaguing SonicWall customers.

Security Boulevard

Richi Jennings Sep 16

#JaguarLandRover woes worse than previously thought.

The iconic British brand today warned its business would stay stalled for even longer. And a loose confederation of threat actors, now calling itself Scattered Lapsus$ Hunters, has claimed responsibility for hacking the big car firm—via tedious Telegram trolling.

Yes, it’s those Salesforce vish kiddies again. In #SBBlogwatch, we drive the point home.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/09/jaguar-land-rover-troll-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Richi Jennings Sep 11

“Like an arsonist selling firefighting services,” quips this 76-year-old.

U.S. senator #RonWyden (pictured) is demanding the #FTC do something about #Microsoft already. He says Satya’s crew are to blame for some awful #ransomware attacks exploiting a vulnerability that’s more than 10 years old.

Known as #Kerberoasting, the exploit affects #ActiveDirectory installs that aren’t configured to modern specs. In #SBBlogwatch, we wonder where to point fingers: https://securityboulevard.com/2025/09/ron-wyden-microsoft-kerberoasting-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Richi Jennings Sep 9

Restaurant Brands International (RBI) “assistant” platform riddled with terrible #security flaws.

A pair of ethical hackers discovered a bunch of “catastrophic” vulns in the code running 30,000 #BurgerKing, #TimHortons, #Popeyes and #FirehouseSubs locations. Owner #RBI quickly fixed the flaws, but then its contractor #Cyble issued a sus-seeming #DMCA takedown notice.

Tale as old as time: Poor, unfortunate $8½ billion corporation vs. evil, vindictive, millennial hackers. In #SBBlogwatch, we rule.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/09/burger-king-rbi-bobdahacker-bobtheshoplifter-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Richi Jennings Sep 2

Well? Should they? Let’s ask Ian Betteridge.

Four weeks ago, #Google admitted it was hacked by #ShinyHunters and/or #ScatteredSpider—via #vishing. Sadly, this sparked a journalistic game of Telephone: Over the space of four weeks, “This #Salesforce instance got vished,” quickly became, “2.5 billion #Gmail users hacked!!1!”

Sigh. “This is entirely false,” complains Google. In #SBBlogwatch, we bait for clicks during dog days.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/09/gmail-hack-telephone-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc