Author: Andy Stern
-
Neue Schwachstellen in Machine-Learning-Systemen – JFrog-Analyse zeigt Risiken auf
by
in SecurityNewsUm Risiken zu minimieren, empfiehlt das JFrog-Team, keine nicht-vertrauenswürdigen ML-Modelle zu laden auch nicht in scheinbar sicheren Formaten wie Safetensors. Unternehmen sollten ihre ML-Nutzer für die Gefahren sensibilisieren und Sicherheitsrichtlinien entsprechend anpassen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neue-schwachstellen-in-machine-learning-systemen-jfrog-analyse-zeigt-risiken-auf/a39362/
-
Fortinet Wireless Manager: Informationen zu kritischer Lücke zurückgehalten
by
in SecurityNews
Tags: fortinetAngreifer konnten Fortinet Wireless Manager attackieren und Admins-Sessions kapern. Das Netzwerkmanagementool war über mehrere Monate verwundbar. First seen on heise.de Jump to article: www.heise.de/news/Fortinet-Wireless-Manager-Informationen-zu-kritischer-Luecke-zurueckgehalten-10217204.html
-
Neue IOCONTROL-Malware bei Angriffen auf KRITIS entdeckt
by
in SecurityNewsEine neue Malware namens IOCONTROL befällt Geräte des Internet of Things (IoT) und OT/SCADA-Systeme, die von kritischen Infrastrukturen in den USA und Israel genutzt werden. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neue-iocontrol-malware-bei-angriffen-auf-kritis-entdeckt
-
Foxit PDF Editor Vulnerabilities Allows Remote Code Execution
by
in SecurityNewsFoxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF Reader and Foxit PDF Editor. The updates”, Foxit PDF Reader 2024.4 and Foxit PDF Editor 2024.4/13.1.5″, were released on December 17, 2024, to counter vulnerabilities that could leave users exposed to remote code execution (RCE) attacks. Details of the Vulnerabilities The…
-
CISA-Warnungen: Schwachstellen in Windows Kernel, Cleo etc.
by
in SecurityNewsDie US-Cybersicherheitsbehörde CISA hat ihren Schwachstellenkatalog um weitere Einträge ergänzt. So wird vor der Adobe ColdFusion Schwachstelle CVE-2024-20767 , der Windows Kernel-Schwachstelle CVE-2024-35250, oder vor Schwachstellen in der Cleo-Software gewarnt. Die Schwachstellen werden bekanntermaßen ausgenutzt. Mir ist die Warnung kürzlich … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/20/cisa-warn-vor-windows-kernel-schwachstellen-cve-2024-20767-cve-2024-35250/
-
Ransomware Attackers Target Industries with Low Downtime Tolerance
by
in SecurityNewsA Dragos report observed 23 new ransomware groups targeting industrial organizations in Q3 2024 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-industries-downtime/
-
Stay Ahead: Key Tactics in Identity Protection
by
in SecurityNewsWhy is Identity Protection a Crucial Component of Cybersecurity? As cyber threats grow increasingly complex and sophisticated, organizations face an urgent need to bolster their security architecture. One critical aspect that often gets overlooked is Non-Human Identity (NHI) management. But, why is it so important? NHI refers to machine identities used for cybersecurity purposes. These……
-
Prevent Cloud Leaks: What Steps Should You Take Now?
by
in SecurityNewsThe Blind Spot in Traditional Cloud Security Are your cloud security measures stringent enough to prevent a data leak? With the increasing reliance on cloud services, cloud security has become a significant concern for organizations. But, frequently there is a blind spot in security measures: Non-Human Identities (NHI). Understanding and managing NHIs could be the……
-
Insider Threat Indicators
by
in SecurityNewsNisos Insider Threat Indicators Security threats can come from trusted individuals within your organization or partners, contractors, and service providers with authorized access to sensitive systems and data… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/insider-threat-indicators-2/
-
Is Your Cloud Infrastructure Truly Protected?
by
in SecurityNewsCan You Confidently State Your Cloud Infrastructure is Safe? For businesses harnessing the power of the cloud, the pressing question remains: Can you claim to have absolute assurance of your cloud security? As the rapid adoption of cloud technologies continues, the need for efficient management of Non-Human Identities (NHIs) and Secrets to safeguard against the……
-
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
by
in SecurityNewsSophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions.Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of…
-
Empower Your Team with Effective Secrets Management
by
in SecurityNewsWhy is Secrets Management Crucial for Your Cybersecurity Team? Imagine this: your cybersecurity team is overwhelmed with managing countless sensitive codes, tokens, and passwords. Their efficiency is hampered, and this puts your data at a potential security risk. But what if there was a more effective way to handle this challenge? That’s where secrets management……
-
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
by
in SecurityNewsThe developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry.…
-
Master Your Secrets Management: Feel Secure and Confident
by
in SecurityNewsAre Vulnerabilities Lurking in Your Secrets Management? In today’s world of high-level cybersecurity, can your organization confidently say it has a secure secrets storage strategy in place? Are you aware of the potential risks and vulnerabilities that may be lurking in the confidentiality of your encrypted passwords, tokens, or keys? The way in which Non-Human……
-
Raccoon Infostealer operator sentenced to 60 months in prison
by
in SecurityNews
Tags: ukraineRaccoon Infostealer operator Mark Sokolovsky was sentenced to 60 months in US prison and ordered to pay over $910,000 in restitution. The US Department of Justice sentenced the Ukrainian national Mark Sokolovsky (28) for his role in the distribution of the Raccoon Infostealer malware. >>Ukrainian national Mark Sokolovsky was sentenced today to 60 months in…
-
Human Risk Management: The “Weakest Link” Emerges as Key to Cybersecurity
by
in SecurityNewsWith technology front and center in virtually all business processes, it may seem counterintuitive to suggest that today’s greatest cybersecurity risks don’t stem from technology, but from people. It’s widely recognized that people pose the greatest risk to data and security. This truth stems from the fact that human risks are much more challenging to manage..…
-
Cyber-Resilienzplattform überwacht Daten in Echtzeit – Rubrik macht Microsoft Azure Blob Storage sicherer
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/rubrik-cyber-resilienzloesung-microsoft-azure-blob-storage-a-bce992c0d7f671c0fd65b43bcfb95bb5/
-
Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access
by
in SecurityNewsMicrosoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could allow local attackers to escalate privileges to the SYSTEM level. Security researcher Alex Birnberg showcased the exploit during the renowned TyphoonPWN 2024 cybersecurity competition, securing third place for his demonstration of the flaw. TyphoonPWN, one of the premier cybersecurity competitions,…
-
Romanian Netwalker ransomware affiliate sentenced to 20 years in prison
by
in SecurityNewsDaniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/
-
Elektronische Patientenakte: Soll ich widersprechen – oder soll ich nicht?
by
in SecurityNews
Tags: unclassifiedUm die Nutzung der elektronischen Patientenakte ist ein Glaubenskrieg entbrannt. Dabei geht es um weit mehr als nur Datenschutz und Privatsphäre. First seen on golem.de Jump to article: www.golem.de/news/elektronische-patientenakte-soll-ich-widersprechen-oder-soll-ich-nicht-2412-191842.html
-
NetWalker Ransomware Operator Sentenced to 20 Years in Prison
by
in SecurityNewsA Romanian man has been sentenced to 20 years in prison for his involvement in the notorious NetWalker ransomware attacks. The sentencing, which took place in the Middle District of Florida, also included a forfeiture order of $21.5 million in illicit proceeds, as well as restitution payments totaling $14,991,580.01. Daniel Christian Hulea, 30, of Jucu…
-
Nutzerbeschwerden: Zahlreiche Discord-Accounts über Nacht unerwartet gesperrt
by
in SecurityNews
Tags: passwordDiscord hat in der Nacht auf Freitag unzählige deutsche Nutzer gesperrt. Die genaue Ursache ist unklar. Ein Passwort-Reset schafft Abhilfe. First seen on golem.de Jump to article: www.golem.de/news/nutzerbeschwerden-zahlreiche-discord-accounts-ueber-nacht-unerwartet-gesperrt-2412-191887.html
-
Juniper warns of Mirai botnet scanning for Session Smart routers
Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/juniper-warns-of-mirai-botnet-scanning-for-session-smart-routers/
-
How Data Classification Reduces Insider Threats
by
in SecurityNewsCompanies can significantly reduce insider threat risks with a suitable data classification strategy that adequately manages and protects sensitive information. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/how-data-classification-reduces-insider-threats/
-
Zero-Trust in Web3: Redefining Security for Decentralized Systems
by
in SecurityNews
Tags: zero-trustBy adopting zero-trust principles, we can build systems that are not only decentralized but also secure, resilient and future-proof. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/zero-trust-in-web3-redefining-security-for-decentralized-systems/
-
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild
by
in SecurityNews
Tags: access, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, malicious, risk, tool, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. This newly uncovered flaw tracked as CVE-2024-12356, could allow attackers to execute malicious commands, posing a severe risk to global enterprises relying on these tools for secure remote access and…
-
Sophos-Umfrage zeigt Nachholbedarf in der Absicherung von OT-Systemen
by
in SecurityNewsDie Mehrheit glaubt, dass OT-Systeme auch in Zukunft beliebte Ziele für Cyberangriffe sein werden, insbesondere im Bereich der Kritischen Infrastrukturen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-umfrage-zeigt-nachholbedarf-in-der-absicherung-von-ot-systemen/a39357/
-
Fake-Konten auf Instagram können zu Reputationsschäden bei Unternehmen führen
by
in SecurityNews
Tags: unclassifiedDurch die Kombination von Überwachung, Schulung und professioneller Unterstützung können Unternehmen ihre Sicherheit auf Instagram deutlich erhöhen und ihre Marke vor Schaden schützen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/fake-konten-auf-instagram-koennen-zu-reputationsschaeden-fuer-unternehmen-fuehren/a39351/
-
Die Anforderungen des NIS2-Umsetzungsgesetzes – Das bedeutet NIS 2 für Unternehmen
by
in SecurityNews
Tags: nis-2First seen on security-insider.de Jump to article: www.security-insider.de/nis2-umsetzungsgesetz-cybersicherheit-lieferketten-schutz-a-78cc8262398cf67c48f4cfc905bb5be4/
-
Wo Europas größte IT-Bedrohungen liegen
by
in SecurityNewsEin neuer Bericht hat einen beunruhigenden Anstieg von Cyberangriffen in Europa enthüllt. KI-Phishing, Ransomware und Lieferkettenschwachstellen dominieren. Organisationen stehen vor der Herausforderung, ihre Abwehrstrategien zu modernisieren, um diesen raffinierten Bedrohungen zu begegnen. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/europas-groesste-it-bedrohungen/