Saturday Security: FIFA Security Flaw Could Have Hijacked World Cup Broadcasts

 

This week's story proves that cyber risk isn't always a sophisticated nation-state attack — sometimes it's a simple security mistake hiding in plain sight. Ethical hacker 'BobDaHacker' discovered that FIFA's World Cup systems could be accessed using nothing more than a simple account created through its football agent platform. Because access controls were properly enforced on the front-end website but not on the back end, the researcher reportedly gained access to World Cup broadcast systems, match management platforms, and other critical operational infrastructure. In theory, an attacker exploiting this same flaw could have: * Interrupted live matches * Altered real-time game information * Replaced broadcasts entirely with different video content The good news — the issue was reportedly disclosed responsibly and quickly fixed. This week's big takeaway: If your security only checks permissions in the user interface, you don't actually have access control — you have a suggestion. Real security has to be enforced on the server side, every single time. https://www.darkreading.com/application-security/fifa-bug-world-cup-streams-remote-takeover 🗓️ Week ending June 20th, 2026 👤 Hosted by Peter 00:00:00 - Intro: A Simple Mistake, Not a Sophisticated Attack 00:00:37 - What an Attacker Could Have Done 00:01:00 - Takeaway: UI Permissions Are Not Access Control 00:01:05 - Sign-Off

Saturday Security: CISA's New 72-Hour Patch Rule

 

For years the mantra in IT security has been simple — patch everything. But in the age of AI that's no longer realistic. And this week CISA made it official with a new approach that changes the game for federal agencies and sets a precedent for the entire industry. CISA's new risk-based patching framework requires federal agencies to patch the most dangerous vulnerabilities within just 72 hours. The reason? AI is now helping attackers discover and exploit software flaws faster than ever — making the old "patch everything eventually" approach dangerously outdated. Under the new rules, priorities are clear: Top priority — Internet-facing vulnerabilities that are actively being exploited AND can be automated Everything else — Ranked and addressed based on actual risk level This week's big takeaway: Cybersecurity isn't about patching everything anymore — it's about patching smarter. When attackers can use AI to scale their efforts at machine speed, defenders have to laser-focus on what matters most and move fast. Speed now beats volume. https://www.cisa.gov/news-events/news/patch-smarter-not-harder https://www.cisa.gov/news-events/news/cisa-issues-new-directive-improving-how-federal-agencies-prioritize-mitigation-cyber-vulnerabilities 🗓️ Week ending June 13th, 2026 👤 Hosted by Peter 00:00:00 - Intro: The End of Patch Everything 00:00:35 - CISA's New 72-Hour Rule Explained 00:00:50 - How AI Is Accelerating Attacks 00:00:58 - Takeaway: Speed Beats Volume 00:01:02 - Sign-Off

Saturday Security: Threat Actors Are Targeting Fuel Tank Gauges

 

This week's story is a reminder that any connected device can become a cyber target — even something as unglamorous as a fuel gauge. CISA, the FBI, and the NSA are all warning that attackers are actively targeting internet-exposed automatic tank gauges — the systems used to monitor fuel and chemical storage tanks at gas stations, airports, military installations, and industrial facilities. If compromised, attackers could manipulate fuel readings, disable safety alerts, or interfere with critical safety systems — with potentially dangerous real-world consequences. The good news? Exposed devices have dropped significantly — from nearly 6,000 a decade ago to just under 1,000 today. Progress, but still too many. This week's big takeaway: If it doesn't need to be on the internet — don't put it there. We've been saying this for 25 years and it still needs repeating. Sometimes the biggest cyber risks are hiding in the equipment nobody thinks about. 🗓️ Week ending June 6th, 2026 👤 Hosted by Peter https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us