Author: Andy Stern
-
Quishing: Risikofaktor QR-Code
by
in SecurityNews
Tags: qrQR-Codes auf Verpackungen, Plakaten oder in Bars verlocken, einfach das Smartphone daran zu halten. Trotz vieler Vorteile für Unternehmen und Konsumenten ist hier höchste Vorsicht geboten und Einzelfallprüfung angeraten. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/quishing-risikofaktor-qr-code/
-
Atos, contractor for French military and intelligence agencies, dismisses ransomware attack claims
by
in SecurityNewsAtos, the company that secures communications for France’s military and intelligence services, says a ransomware group’s claims are “unfounded.”]]> First seen on therecord.media Jump to article: therecord.media/atos-dismisses-ransomware-claims
-
Time to check if you ran any of these 33 malicious Chrome extensions
by
in SecurityNewsTwo separate campaigns have been stealing credentials and browsing history for months. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/
-
US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters
by
in SecurityNewsThe United States has imposed sanctions on two groups linked to Iranian and Russian efforts to target American voters with disinformation ahead of this year’s election. The post US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/us-imposes-sanctions-on-russian-and-iranian-groups-over-disinformation-targeting-american-voters/
-
NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
by
in SecurityNewsResearchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems. First seen on hackread.com Jump to article: hackread.com/npm-package-disguised-ethereum-tool-quasar-rat/
-
FireScam Android Malware Packs Infostealer, Spyware Capabilities
by
in SecurityNewsThe FireScam Android infostealer monitors app notifications and harvests credentials and financial data and sends it to a Firebase database. The post FireScam Android Malware Packs Infostealer, Spyware Capabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/firescam-android-malware-packs-infostealer-spyware-capabilities/
-
GMF Group (Led by Matt Forssman and Gabriel Monfried) Acquires Arcadia Estates in Arcadia, Florida
by
in SecurityNews
Tags: groupGMF Group acquired Arcadia Estates in Arcadia, Florida, on January 31, 2023, for a recorded price of $3,280,000. Located at 45 SW Martin Luther King Jr. Street, Arcadia, FL 34266, the manufactured housing community includes 94 lots. Arcadia Estates offers a peaceful haven in one of Central Florida’s most charming and vibrant small towns. Welcoming…
-
Millionen Nutzer gefährdet: Schadcode in 36 Chrome-Extensions eingeschleust
Bei den betroffenen Chrome-Erweiterungen handelt es sich um KI-Tools, Passwortmanager, VPNs und mehr. Zusammen kommen sie auf 2,6 Millionen Nutzer. First seen on golem.de Jump to article: www.golem.de/news/millionen-nutzer-gefaehrdet-schadcode-in-36-chrome-extensions-eingeschleust-2501-192093.html
-
New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60%
by
in SecurityNewsCybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model’s (LLM) safety guardrails and produce potentially harmful or malicious responses.The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu,…
-
Sammelklagen nehmen zu – Datenschutz: Kostenfalle für IT-Dienstleister
by
in SecurityNews
Tags: unclassifiedFirst seen on security-insider.de Jump to article: www.security-insider.de/datenschutz-kostenfalle-fuer-it-dienstleister-a-d7f4f3d83d2f54bd70002142e86d21de/
-
Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability
by
in SecurityNewsProof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP. The post Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploit-code-published-for-potentially-dangerous-windows-ldap-vulnerability/
-
Facebook and Instagram Ads Push Gun Silencers Disguised as Car Parts
by
in SecurityNewsA network of Facebook pages has been advertising “fuel filters” that are actually meant to be used as silencers, which are heavily regulated by US law. Even US military officials are concerned. First seen on wired.com Jump to article: www.wired.com/story/fuel-filter-gun-silencer-ads-facebook-instagram/
-
DDoS Disrupts Japanese Mobile Giant Docomo
by
in SecurityNewsDocomo has revealed a DDoS attack on Thursday took down key services First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ddos-disrupts-japanese-mobile/
-
LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113
by
in SecurityNewsExperts warn of a new PoC exploit, LDAPNightmare, that targets a Windows LDAP flaw (CVE-2024-49113), causing crashes & reboots. The vulnerability CVE-2024-49113 (CVSS score of 7.5), named LDAPNightmare, is a Windows Lightweight Directory Access Protocol (LDAP) Denial of Service flaw that was discovered by the researcher Yuki Chen. An attacker can exploit the now-patched vulnerability to…
-
ASUS Critical Vulnerabilities Let Attackers Execute Arbitrary Commands
by
in SecurityNewsIn a recent security advisory, ASUS has alerted users to critical vulnerabilities affecting several of its router models. These flaws, tracked as CVE-2024-12912 and CVE-2024-13062, pose severe risks by allowing attackers to execute arbitrary commands on compromised devices. ASUS has advised users to act immediately by updating their routers to stay protected. About the Vulnerabilities The two vulnerabilities…
-
Apple Agrees $95M Settlement Over Siri Privacy Violations
by
in SecurityNewsApple has agreed to a $95m settlement in a class action lawsuit alleging Siri privacy violations, with eligible users receiving up to $20 per Siri-enabled device First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apple-95m-settlement-siri-privacy/
-
New York Hospital Says Ransomware Attack Data Breach Impacts 670,000
by
in SecurityNewsRichmond University Medical Center has been investigating a ransomware attack since May 2023 and it recently determined that it affects 670,000 people. The post New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-york-hospital-says-ransomware-attack-data-breach-impacts-670000/
-
Web3 Attacks Result in $2.3Bn in Cryptocurrency Losses
by
in SecurityNewsThe amount of crypto stolen in the Web3 ecosystem rose by 31.6% compared to 2023, with phishing the most costly attack vector First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/web3-attacks-cryptocurrency-losses/
-
Risikomanagement – Was CISOs über KI-Security-Tools wissen müssen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/ki-optimierung-it-security-risikomanagement-a-cda345944a55188589c686e4879fd039/
-
US Confirms Russian GenAI Disinformation Op Targeted Election
by
in SecurityNewsThe US government has sanctioned Russian state-affiliated entity CGE, which used a vast GenAI infrastructure to spread disinformation during the US Presidential election First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-russian-genai-disinformation-op/
-
Nuklearunternehmen im Visier von Lazarus
by
in SecurityNewsDie APT-Gruppe Lazarus hat im Zuge ihrer ‘Operation DreamJob” eine raffinierte Kampagne initiiert, die gezielt Mitarbeiter einer Einrichtung aus dem Bereich der Nukleartechnik ins Visier nahm. In einem besonders ausgeklügelten Täuschungsmanöver tarnte die Gruppe eine neuartige modulare Schadsoftware namens ‘CookiePlus” als vermeintlich harmloses Open-Source-Plugin. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/kritis/nuklearunternehmen-im-visier-von-lazarus/
-
Around 3.3 million POP3 and IMAP mail servers lack TLS encryption
by
in SecurityNewsOver 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol) are two protocols used to retrieve…
-
Verizon Business unterstützt EBARA Corporation mit Cybersecurity-Überwachung
by
in SecurityNewsDer MSIEM-Service von Verizon überwacht kontinuierlich Sicherheitsbedrohungen und hilft den Netzwerk- und Sicherheitsexperten von EBARA, proaktiv auf potenzielle Angriffe zu reagieren First seen on infopoint-security.de Jump to article: www.infopoint-security.de/verizon-business-unterstuetzt-ebara-corporation-mit-cybersecurity-ueberwachung/a39391/
-
KI-Tool für die Finanzbranche – Deloitte hilft bei der Einhaltung von DORA-Anforderungen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/deloitte-ki-unterstuetzung-finanzinstitute-dora-anforderungen-a-c4263d008af16e5e9f7929d4525343da/
-
Halbwegs sicher unterwegs: Sensible Daten auf Reisen besser schützen
by
in SecurityNews
Tags: unclassifiedWer kennt das nicht? Im Zug telefoniert jemand laut mit einem Kunden oder mit Kolleginnen und Kollegen. Zahlen und Firmennamen sind deutlich zu hören und auf dem geöffneten Laptop ist die Präsentation für alle sichtbar. Datenschutz ist auf Geschäftsreisen nicht immer leicht umzusetzen. Viele sind unterwegs nachlässig und schützen sensible Daten nicht mit der gleichen……
-
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
by
in SecurityNewsA proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition.The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 ( First seen…
-
Deutschland auf Platz 2: Millionen EServer kommunizieren unverschlüsselt
by
in SecurityNewsEtwa 3,3 Millionen über das Internet erreichbare POP3- und IMAP-Dienste verzichten auf TLS. Mehr als eine halbe Million davon aus Deutschland. First seen on golem.de Jump to article: www.golem.de/news/deutschland-auf-platz-2-millionen-e-mail-server-kommunizieren-unverschluesselt-2501-192087.html
-
The Critical Risk of Using Dummy Email Domains in Payment Gateways
by
in SecurityNewsDuring our recent security assessments across multiple clients, we discovered a concerning pattern: many companies are unknowingly exposing their customers’ sensitive payment information through a simple yet critical misconfiguration in… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/the-critical-risk-of-using-dummy-email-domains-in-payment-gateways/
-
Authentifizierung von IBM Db2 unter Cloud Pak for Data umgehbar
by
in SecurityNewsIBMs Datenbanksysteme Db2 und Db2 Warehouse sind unter der Daten- und KI-Plattform Cloud Pak for Data attackierbar. First seen on heise.de Jump to article: www.heise.de/news/Authentifizierung-von-IBM-Db2-unter-Cloud-Pak-for-Data-umgehbar-10223865.html
-
3,1 Millionen bösartige Fake-Sterne auf GitHub entdeckt Tendenz steigend
by
in SecurityNews
Tags: githubIn einer umfassenden Studie ist ein US-Forschungsteam auf Millionen Fake-Sterne bei GitHub gestoßen und warnt vor einem rasant steigenden Trend. First seen on heise.de Jump to article: www.heise.de/news/3-1-Millionen-boesartige-Fake-Sterne-auf-GitHub-entdeckt-Tendenz-steigend-10223115.html