John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
New York Just Did What the EPA Couldn't: Mandatory Cybersecurity for Water Utilities
The feds tried and failed to mandate cybersecurity for water utilities. New York got tired of waiting and did it themselves. Sound familiar?
Read More
Two Vulnerabilities, Two Patches, One Message: Critical Enterprise Flaws Need Immediate Attention
Microsoft shipped an emergency out-of-band RRAS patch days after Patch Tuesday. HPE has a switch vulnerability that lets attackers reset admin passwords with zero credentials. Both need patching now.
Read More
DOGE's Data Problem: Why America's Federal Privacy Crisis Is a Cybersecurity Story
DOGE personnel reportedly accessed federal systems holding tax returns, Social Security records, and benefits data without proper audit trails or legal authority. This isn't politics. It's a data governance failure affecting tens of millions of Americans.
Read More
The Software You Trust Is Becoming the Attack: Two Supply-Chain Strikes in One Week
GlassWorm hijacked VS Code extension dependencies. AppsFlyer's SDK got compromised to serve crypto stealers. Both attacks exploited trust, not carelessness.
Read More
Meta's Killing Instagram Encryption While Bragging About Nuking 11 Million Scam Accounts
Meta's shutting down Instagram's end-to-end encrypted chats in May while touting the removal of 10.9 million scam accounts. Both are real moves. The tension between them says a lot about what kind of security Meta actually cares about.
Read More
Your Data This Week: Starbucks Employee Breach, Loblaw Customer Data, Steam Malware, and How to Respond to Each
Three breaches hit this week through platforms people already trust. Starbucks employee data, Loblaw customer accounts, and FBI-flagged malware hiding in Steam games.
Read More