Author: Andy Stern
-
Sophos-Umfrage zeigt Nachholbedarf in der Absicherung von OT-Systemen
by
in SecurityNewsDie Mehrheit glaubt, dass OT-Systeme auch in Zukunft beliebte Ziele für Cyberangriffe sein werden, insbesondere im Bereich der Kritischen Infrastrukturen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-umfrage-zeigt-nachholbedarf-in-der-absicherung-von-ot-systemen/a39357/
-
Zero-Trust in Web3: Redefining Security for Decentralized Systems
by
in SecurityNews
Tags: zero-trustBy adopting zero-trust principles, we can build systems that are not only decentralized but also secure, resilient and future-proof. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/zero-trust-in-web3-redefining-security-for-decentralized-systems/
-
Fake-Konten auf Instagram können zu Reputationsschäden bei Unternehmen führen
by
in SecurityNews
Tags: unclassifiedDurch die Kombination von Überwachung, Schulung und professioneller Unterstützung können Unternehmen ihre Sicherheit auf Instagram deutlich erhöhen und ihre Marke vor Schaden schützen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/fake-konten-auf-instagram-koennen-zu-reputationsschaeden-fuer-unternehmen-fuehren/a39351/
-
Die Anforderungen des NIS2-Umsetzungsgesetzes – Das bedeutet NIS 2 für Unternehmen
by
in SecurityNews
Tags: nis-2First seen on security-insider.de Jump to article: www.security-insider.de/nis2-umsetzungsgesetz-cybersicherheit-lieferketten-schutz-a-78cc8262398cf67c48f4cfc905bb5be4/
-
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild
by
in SecurityNews
Tags: access, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, malicious, risk, tool, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. This newly uncovered flaw tracked as CVE-2024-12356, could allow attackers to execute malicious commands, posing a severe risk to global enterprises relying on these tools for secure remote access and…
-
Raspberry Robin: Vielschichtige Verschlüsselung
by
in SecurityNewsDas Zscaler ThreatLabz-Team entschlüsselte vor kurzem die umfangreichen Verschleierungstechniken von Raspberry Robin (auch bekannt als Roshtyak). Die Malware befindet sich seit 2021 im Umlauf und verbreitet sich hauptsächlich über infizierte USB-Geräte, so dass nach wie vor eine Gefahr zur Infektion von Windows-Systemen davon ausgeht. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/raspberry-robin-vielschichtige-verschluesselung
-
Kooperationstool MiCollab – Mitel patcht aber noch nicht die Zero-Day-Schwachstelle
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-zero-day-schwachstellen-micollab-a-ae0469bbd4c62020b319eafa3e30b6e0/
-
NotLockBit Previously Unknown Ransomware Attack Windows macOS
by
in SecurityNewsA new and advanced ransomware family, dubbed NotLockBit, has emerged as a significant threat in the cybersecurity landscape, closely mimicking the behavior and tactics of the notorious LockBit ransomware. NotLockBit notably distinguishes itself by being one of the first ransomware strains designed to effectively attack both macOS and Windows operating systems, showcasing powerful cross-platform capabilities.…
-
ExChef: Schönbohm gewinnt Klage gegen Böhmermann
by
in SecurityNews
Tags: bsiEx-BSI-Chef Schönbohm verklagte den ZDF-Moderator Böhmermann wegen angeblicher Falschaussagen. Das Gericht gab ihm weitgehend recht. First seen on golem.de Jump to article: www.golem.de/news/ex-bsi-chef-schoenbohm-gewinnt-klage-gegen-boehmermann-2412-191885.html
-
Navigating the New Era of AI Traffic: How to Identify and Block AI Scrapers
by
in SecurityNewsIn the not-so-distant past, webmasters faced challenges from bots like Google’s search spiders, which diligently scanned websites to index content and provide the best search results for users. Fast forward to today, and we are witnessing a new breed of bot: Large Language Models (LLMs) like ChatGPT and Claude. These AI models are not just……
-
Why cybersecurity is critical to energy modernization
by
in SecurityNewsIn this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/20/anjos-nijk-encs-energy-grid-cybersecurity/
-
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
by
in SecurityNews
Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, software, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that First…
-
AI is becoming the weapon of choice for cybercriminals
by
in SecurityNewsAI changes how organizations look at cybersecurity GenAI is compromising security while promising efficiency This article highlights key findings from 2024 reports on AI and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/20/ai-technologies-challenges-2024/
-
India’s Rapido exposed user and driver data through leaky website feedback form
by
in SecurityNewsRapido restricted access to the exposed portal soon after TechCrunch contacted the company. First seen on techcrunch.com Jump to article: techcrunch.com/2024/12/19/indias-rapido-exposed-user-and-driver-data-through-leaky-website-feedback-form/
-
Die 10 besten APITools
by
in SecurityNews
Tags: ai, api, application-security, cloud, computing, credentials, cyberattack, data, ddos, docker, github, hacker, hacking, infrastructure, injection, mobile, open-source, programming, risk, service, software, sql, tool, vulnerability, wafMithilfe von APIs können verschiedene Software-Komponenten und -Ressourcen miteinander interagieren. Foto: eamesBot shutterstock.comAnwendungsprogrammierschnittstellen (Application Programming Interfaces, APIs) sind zu einem wichtigen Bestandteil von Netzwerken, Programmen, Anwendungen, Geräten und fast allen anderen Bereichen der Computerlandschaft geworden. Dies gilt insbesondere für das Cloud Computing und das Mobile Computing. Beides könnte in der derzeitigen Form nicht existieren, wenn…
-
Randall Munroe’s XKCD ‘Linear Sort’
by
in SecurityNews
Tags: datavia the comic humor & dry wit of Randall Munroe, creator of XKCD Permalink First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2024/12/randall-munroes-xkcd-linear-sort/
-
Romanian National Sentenced to 20 Years for NetWalker Ransomware Attacks
by
in SecurityNewsA Romanian man has been sentenced to 20 years in prison for his role in the devastating NetWalker ransomware attacks. Daniel Christian Hulea, 30, was also ordered to forfeit over... First seen on securityonline.info Jump to article: securityonline.info/romanian-national-sentenced-to-20-years-for-netwalker-ransomware-attacks/
-
Cybersicherheit 2025: Der Schutz industrieller Systeme ist entscheidend
by
in SecurityNewsIm Jahr 2025 wird die OT-Cybersicherheit (Operational Technology) eine Schlüsselrolle beim Schutz industrieller Umgebungen und kritischer Infrastrukturen spielen. Phil Tonkin, Field CTO von Dragos warnt: »Die zunehmende Vernetzung durch die digitale Transformation legt Sicherheitslücken in OT-Systemen offen, die oft ohne Berücksichtigung moderner Bedrohungen entwickelt wurden.« Wachsende Bedrohungen für OT-Systeme Bedrohungen wie die FrostyGoop-Malware, die… First…
-
Earth Koshchei’s Rogue RDP Campaign: A Sophisticated APT Attack Targets Governments and Enterprises
by
in SecurityNewsTrend Micro has unveiled a large-scale rogue remote desktop protocol (RDP) campaign conducted by the threat group Earth Koshchei. Known for their espionage operations, Earth Koshchei leveraged spear-phishing emails and... First seen on securityonline.info Jump to article: securityonline.info/earth-koshcheis-rogue-rdp-campaign-a-sophisticated-apt-attack-targets-governments-and-enterprises/
-
TA397 Leverages Sophisticated Spearphishing Techniques to Deploy Malware in Defense Sector
by
in SecurityNewsProofpoint researchers have identified a new spearphishing campaign by TA397, a South Asia-based advanced persistent threat (APT) group also known as Bitter. The campaign, observed on November 18, 2024, targets... First seen on securityonline.info Jump to article: securityonline.info/ta397-leverages-sophisticated-spearphishing-techniques-to-deploy-malware-in-defense-sector/
-
Phishing Campaign Targets European Companies with Fake HubSpot and DocuSign Forms
by
in SecurityNews
Tags: phishingA recent report by Unit 42 researchers has uncovered an extensive phishing campaign targeting European companies, with the automotive, chemical, and industrial compound manufacturing sectors among the hardest hit. The... First seen on securityonline.info Jump to article: securityonline.info/phishing-campaign-targets-european-companies-with-fake-hubspot-and-docusign-forms/
-
CISO Challenges for 2025: Overcoming Cybersecurity Complexities
by
in SecurityNewsAs organizations recognize the immense value and criticality of your data and systems, cybersecurity has become intrinsically linked to business strategy. Chief Information Security Officers (CISOs) are increasingly expected to play a central role in shaping business decisions, assessing and mitigating risks, and ensuring that security strategies align with overall business objectives. This requires a……
-
Weaponized Hacktivism: How Countries Use Activists for Cyber Warfare
by
in SecurityNewsThe intersection of hacking and activism, commonly known as hacktivism, has transformed into a formidable force in the digital era. Trellix’s latest report explores how these groups are increasingly intertwined... First seen on securityonline.info Jump to article: securityonline.info/weaponized-hacktivism-how-countries-use-activists-for-cyber-warfare/
-
New infosec products of the week: December 20, 2024
by
in SecurityNews
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from Appdome, GitGuardian, RunSafe Security, Stairwell, and Netwrix. GitGuardian launches … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/20/new-infosec-products-of-the-week-december-20-2024/
-
46% of financial institutions had a data breach in the past 24 months
by
in SecurityNewsAs the financial industry is the most targeted sector for data breaches in 2024, it’s now more important than ever to strengthen the industry moving into 2025, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/20/financial-industry-data-breaches/
-
LockBit ransomware gang teases February 2025 return
by
in SecurityNewsAn individual associated with the LockBit ransomware gang has broken cover to tease details of a new phase of the cyber criminal operation’s activity, that they claim is set to begin in February 2025 First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366617379/LockBit-ransomware-gang-teases-February-2025-return
-
Play Ransomware Claims Krispy Kreme Breach, Threatens Data Leak
by
in SecurityNewsKEY SUMMARY POINTS Krispy Kreme, the beloved doughnut chain, disclosed a data breach on December 11, 2024, in… First seen on hackread.com Jump to article: hackread.com/play-ransomware-krispy-kreme-breach-data-leak/
-
How Infoblox Streamlines Operations Across Hybrid Settings
by
in SecurityNewsInfoblox CEO Scott Harrell Pushes Unified Strategy Amid Hybrid Cloud Convergence. Scott Harrell, CEO of Infoblox, explores the convergence of network operations, security operations and cloud operations to tackle hybrid infrastructure complexities. He introduces Universal DDI and emphasizes a shift toward proactive threat management to counter AI-driven malware. First seen on govinfosecurity.com Jump to article:…