Author: Andy Stern
-
500 Rechner ausgefallen: Weitreichende IT-Störungen bei der Stadt Karlsruhe
Tags: cyberattackUrsache für die Ausfälle soll ein Konflikt zwischen einem Anwenderprogramm und dem Betriebssystem sein. Einen Cyberangriff schließt die Stadt aus. First seen on golem.de Jump to article: www.golem.de/news/500-rechner-ausgefallen-weitreichende-it-stoerungen-bei-der-stadt-karlsruhe-2410-189963.html
-
Kritische Sicherheitslücke: Angreifer können Kubernetes als Root attackieren
Bestimmte Kubernetes Image Builder erzeugen VM-Images mit statischen Zugangsdaten. Admins müssen bestehende Images neu erstellen. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsupdate-Kritische-Root-Luecke-in-Kubernetes-geschlossen-9985631.html
-
Brand Phishing Ranking von Check Point zeigt Top 10 imitierte Marken
Check Point Research stellt Check Point Software-Kunden und der gesamten Geheimdienst-Community führende Erkenntnisse über Cyber-Bedrohungen zur Verfügung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/brand-phishing-ranking-von-check-point-zeigt-top-10-imitierte-marken/a38682/
-
The State of SaaS Security 2024 Report – Studie zur Sicherheit von SaaS zeigt Schwachstellen auf
First seen on security-insider.de Jump to article: www.security-insider.de/herausforderungen-loesungen-saas-sicherheit-2024-a-18e5af3e9443d64b5ef45ccd975a2aac/
-
Updates dringend notwendig – Ivanti veröffentlicht Security Advisory für kritische Sicherheitslücken
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-ivanti-cloud-services-appliance-a-a4099c534e081d4a2668d56045d7b5cb/
-
SolarWinds Web Help Desk Vulnerability Allows Remote Code Execution
A critical vulnerability in SolarWinds Web Help Desk has been identified. It could allow attackers to execute arbitrary code on affected systems. The vulnerability tracked as CVE-2024-28988 was discovered by the Trend Micro Zero Day Initiative (ZDI) team during their investigation into a previous security flaw. CVE-2024-28988: Java Deserialization Flaw The vulnerability stems from a…
-
Critical default credential in Kubernetes Image Builder allows SSH root access
It’s called leaving the door wide open especially in Proxmox First seen on theregister.com Jump to article: www.theregister.com/2024/10/16/critical_kubernetes_image_builder_bug/
-
Omni Family Health Data Breach Impacts 470,000 Individuals
Omni Family Health has disclosed a data breach impacting nearly 470,000 current and former patients and employees. The post Omni Family Health Data Breach Impacts 470,000 Individuals appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/omni-family-health-data-breach-impacts-470000-individuals/
-
Critical default credential in Kubernetes Image Builder allows SSH root access
It’s called leaving the door wide open especially in Proxmox First seen on theregister.com Jump to article: www.theregister.com/2024/10/16/critical_kubernetes_image_builder_bug/
-
Intel lightly hits back at China’s accusations it bakes in NSA backdoors
Chipzilla says it obeys the law … which could mean anything First seen on theregister.com Jump to article: www.theregister.com/2024/10/18/intel_china_security_allegations/
-
Global Crackdown on Illegal Football Gambling Nets Thousands of Arrests
Tags: lawLaw enforcement agencies have revealed a massive crackdown on illegal football gambling, resulting in over 5,100 arrests and the recovery of more than USD 59 million in illicit proceeds. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/major-crackdown-on-illegal-football-gambling/
-
Cyera Acquires Data Loss Prevention Firm Trail Security for $162 Million
Data security company Cyera has acquired stealth mode startup Trail Security for its data loss prevention (DLP) technology. The post Cyera Acquires Data Loss Prevention Firm Trail Security for $162 Million appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cyera-acquires-data-loss-prevention-firm-trail-security-for-162-million/
-
Hacker Arrested for Invading Computers Selling Police Data
The Federal Police arrested a 33-year-old Brazilian hacker in Belo Horizonte, Minas Gerais. The suspect is accused of infiltrating the systems of the Federal Police (PF) and other international institutions to sell sensitive data. This arrest marks a critical step in addressing cybercrime that targets government and private entities worldwide. Details of the Arrest The…
-
DDI-Management, Asset-Transparenz und proaktive Sicherheit – Infoblox verbessert Zusammenarbeit von NetOps, CloudOps und SecOps
Tags: unclassifiedFirst seen on security-insider.de Jump to article: www.security-insider.de/-infoblox-universal-ddi-product-suite-a-b5b2d6b1a2b0c07d277dbfd813d1d024/
-
macOS-Schwachstelle umgeht Datenschutzkontrollen im Safari-Browser
Die macOS-Schwachstelle “HM Surf” erschüttert das Vertrauen in die grundlegenden Sicherheitsmechanismen von Apple. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/macos-schwachstelle-umgeht-datenschutzkontrollen-im-safari-browser-302991.html
-
Dieser Banking-Trojaner kann sogar deinen Smartphone-Pin stehlen
Tags: bankingFirst seen on t3n.de Jump to article: t3n.de/news/banking-trojaner-smartphone-pin-1651706/
-
NIS2-Deadline naht – Software-Lieferketten im Visier: Was IT-Experten jetzt wissen müssen
First seen on security-insider.de Jump to article: www.security-insider.de/eu-nis-2-richtlinie-herausforderungen-auswirkungen-unternehmen-a-deb651a1537daea682100867a78d35f6/
-
Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser
Microsoft has disclosed details about a now-patched security flaw in Apple’s Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user’s privacy preferences and access data.The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133. It was addressed by Apple as part of…
-
SafeBreach Coverage for US CERT AA24-290A (Iranian Cyber Actors)
Iranian threat actors are using brute force and other techniques to compromise critical infrastructure entities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/safebreach-coverage-for-us-cert-aa24-290a-iranian-cyber-actors/
-
Critical Vulnerability in Kubernetes Image Builder Exposes Nodes to Root Access
A new security risk has emerged in the Kubernetes Image Builder, posing a critical threat to organizations that utilize this tool for managing their containerized environments. The Kubernetes Image Builder vulnerability tracked as CVE-2024-9486, has been assigned a CVSS score of 9.8, indicating its severity. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/kubernetes-image-builder-vulnerability/
-
Intel robustly refutes China’s accusations it bakes in NSA backdoors
Chipzilla uses WeChat post to defend record of following local laws First seen on theregister.com Jump to article: www.theregister.com/2024/10/18/intel_replies_china_security_allegations/
-
45-Day Certs? You’ve Got No Time to Lose!
Tags: appleRemember when we were bracing ourselves for 90-day certificates? That shift felt like a game-changer, yet here we are, with a new curveball: 45-day certificates are making their way into the mix. It wasn’t too long ago that speculation around Apple’s influence hinted at the possibility of even shorter cert lifespans. Fast forward, and the……
-
What to do if your iPhone or Android smartphone gets stolen?
A lost, stolen, or compromised smartphone today means we are in serious trouble. Most people have everything related to their personal and professional lives stored on their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/18/iphone-android-stolen-smartphone-minimize-damage/
-
Despite massive security spending, 44% of CISOs fail to detect breaches
Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/18/cisos-security-tools/
-
Biz hired, and fired, a fake North Korean IT worker then the ransom demands began
‘My webcam isn’t working today’ is the new ‘The dog ate my network’ First seen on theregister.com Jump to article: www.theregister.com/2024/10/18/ransom_fake_it_worker_scam/
-
New infosec products of the week: October 18, 2024
Here’s a look at the most interesting products from the past week, featuring releases from ExtraHop, GitGuardian, Nametag, Okta, Rubrik, and Sectigo. GitGuardian Visual Studio … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/18/new-infosec-products-of-the-week-october-18-2024/
-
USENIX NSDI ’24 EPVerifier: Accelerating Update Storms Verification with Edge-Predicate
Authors/Presenters:Chenyang Zhao, Yuebin Guo, Jingyu Wang, Qi Qi, Zirui Zhuang, Haifeng Sun, Lingqi Guo, Yuming Xie, Jianxin Liao Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI ’24) content, placing the organizations enduring commitment to Open Access front and center.…
-
Mastering Product-led Onboarding in B2B SaaS: A Comprehensive Guide
Dive into the world of product-led onboarding for B2B SaaS. This guide explores key strategies and best practices to create an engaging and effective onboarding experience that turns new users into power users. Learn how to optimize user journeys, reduce churn, and drive product adoption. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/mastering-product-led-onboarding-in-b2b-saas-a-comprehensive-guide/
-
CVE-2024-9381 Ivanti CSA Security Vulnerability October 2024
A critical vulnerability (CVE-2024-9381) in Ivanti’s Cloud Services Appliance allows attackers to bypass security measures and execute arbitrary code. Affected Platform CVE-2024-9381 impacts Ivanti’s Cloud Services Appliance (CSA), a critical component used in secure remote access for enterprise environments, affecting CSA versions prior to the latest patch. Ivanti CSA provides a secure bridge for cloud……