John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
The Switchboard Strike: Why CISA is Scrambling to Secure SD-WAN
CISA just issued an emergency order for federal agencies to hunt for Cisco SD-WAN exploits. It turns out a shadow campaign has been hijacking enterprise network switchboards since 2023. If you run a distributed network, the hunt is on.
Read More
Knock at the Door: Why Industrial Cyber Just Went Kinetic
German police are physically visiting factories to warn about software bugs while Swedish power plants dodge pro-Russian sabotage attempts. Industrial cybersecurity is no longer an IT issue, it is a national security emergency.
Read More
The Checkbook Crisis: How Small-Town Cyber-Heists Hit Your Property Tax
A cyberthief tricked a small New Jersey town out of millions with just a phone call. Now, the homeowners are paying for it on their tax bills. This is what happens when cybersecurity becomes a line item on your property assessment.
Read More
Antivirus as a Weapon: The Defender Trilogy No One Can Patch
A single researcher has spent April taking Windows Defender apart. The results are a set of three zero-days that turn your antivirus into a malware delivery system and then blind it so it can't see the damage.
Read More
The Visible Hand: How AI is Already Breaking the Security Model
Central banks are panicking over unreleased AI models while hackers are already using them to backdoor Hugging Face and close $100k crypto heists. The weaponized AI era is officially here.
Read More
Your Banking Session Just Phoned Temu. Your CSP Allowed It.
A Taboola pixel on authenticated banking pages was redirecting session data to Temu via a single 302. The CSP didn't catch it. It wasn't supposed to.
Read More