John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
Federal Cyber Reality Check: Capacity, Coordination, and Confidence Are Out of Sync
Staffing gaps, fuzzy lead-agency roles, and public messaging that doesn't always match operational uncertainty -- the layers of federal cyber aren't running in sync right now.
Read More
The Next Enterprise Exposure Wave: Old Management Surfaces, New Root Paths
An unpatched telnetd with unauthenticated root RCE. Nine critical IP-KVM flaws. A Linux privilege escalation tied to systemd timing. Different CVEs, same underlying problem: forgotten management plumbing.
Read More
Breach Disclosure Lag Is Becoming the Real Story in Financial Supply Chains
The Marquis breach started with a ransomware attack. The damage is still accumulating months later -- not because of what happened technically, but because of how disclosure was handled.
Read More
iPhone Exploit Chains Are Becoming a Market, Not a One-Off
DarkSword iOS exploit capability is showing up across multiple actor sets -- state-linked groups, commercial spyware vendors, and infostealer campaigns. The old 'rare nation-state' framing doesn't hold anymore.
Read More
Zero-Day by Default: Why Cisco FMC Should Reorder This Week's Patch Queue
Interlock operators have been exploiting a Cisco FMC zero-day since January. If you're still sorting patch queues by CVSS score, that's the problem.
Read More
Ransomware Is Getting Less Profitable and More Prolific
Mandiant's latest report shows ransomware payments declining while victim counts hit record highs. The ecosystem isn't dying. It's fragmenting faster than defenders can track.
Read More