Category: SecurityNews
-
SolarWinds Web Help Desk Vulnerability Allows Remote Code Execution
A critical vulnerability in SolarWinds Web Help Desk has been identified. It could allow attackers to execute arbitrary code on affected systems. The vulnerability tracked as CVE-2024-28988 was discovered by the Trend Micro Zero Day Initiative (ZDI) team during their investigation into a previous security flaw. CVE-2024-28988: Java Deserialization Flaw The vulnerability stems from a…
-
Updates dringend notwendig – Ivanti veröffentlicht Security Advisory für kritische Sicherheitslücken
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-ivanti-cloud-services-appliance-a-a4099c534e081d4a2668d56045d7b5cb/
-
The State of SaaS Security 2024 Report – Studie zur Sicherheit von SaaS zeigt Schwachstellen auf
First seen on security-insider.de Jump to article: www.security-insider.de/herausforderungen-loesungen-saas-sicherheit-2024-a-18e5af3e9443d64b5ef45ccd975a2aac/
-
Brand Phishing Ranking von Check Point zeigt Top 10 imitierte Marken
Check Point Research stellt Check Point Software-Kunden und der gesamten Geheimdienst-Community führende Erkenntnisse über Cyber-Bedrohungen zur Verfügung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/brand-phishing-ranking-von-check-point-zeigt-top-10-imitierte-marken/a38682/
-
Kritische Sicherheitslücke: Angreifer können Kubernetes als Root attackieren
Bestimmte Kubernetes Image Builder erzeugen VM-Images mit statischen Zugangsdaten. Admins müssen bestehende Images neu erstellen. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsupdate-Kritische-Root-Luecke-in-Kubernetes-geschlossen-9985631.html
-
500 Rechner ausgefallen: Weitreichende IT-Störungen bei der Stadt Karlsruhe
Tags: cyberattackUrsache für die Ausfälle soll ein Konflikt zwischen einem Anwenderprogramm und dem Betriebssystem sein. Einen Cyberangriff schließt die Stadt aus. First seen on golem.de Jump to article: www.golem.de/news/500-rechner-ausgefallen-weitreichende-it-stoerungen-bei-der-stadt-karlsruhe-2410-189963.html
-
Global Crackdown on Illegal Football Gambling Nets Thousands of Arrests
Tags: lawLaw enforcement agencies have revealed a massive crackdown on illegal football gambling, resulting in over 5,100 arrests and the recovery of more than USD 59 million in illicit proceeds. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/major-crackdown-on-illegal-football-gambling/
-
X wird Kundendaten an Dritte verkaufen
Das Datensammeln muss von Nutzern manuell abgeschaltet werden. Ansonsten könnten Posts und Infos für KI-Training genutzt werden. First seen on golem.de Jump to article: www.golem.de/news/datenschutz-x-wird-kundendaten-an-dritte-verkaufen-2410-189965.html
-
Intel lightly hits back at China’s accusations it bakes in NSA backdoors
Chipzilla says it obeys the law … which could mean anything First seen on theregister.com Jump to article: www.theregister.com/2024/10/18/intel_china_security_allegations/
-
Critical default credential in Kubernetes Image Builder allows SSH root access
It’s called leaving the door wide open especially in Proxmox First seen on theregister.com Jump to article: www.theregister.com/2024/10/16/critical_kubernetes_image_builder_bug/
-
Omni Family Health Data Breach Impacts 470,000 Individuals
Omni Family Health has disclosed a data breach impacting nearly 470,000 current and former patients and employees. The post Omni Family Health Data Breach Impacts 470,000 Individuals appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/omni-family-health-data-breach-impacts-470000-individuals/
-
macOS-Schwachstelle umgeht Datenschutzkontrollen im Safari-Browser
Die macOS-Schwachstelle “HM Surf” erschüttert das Vertrauen in die grundlegenden Sicherheitsmechanismen von Apple. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/macos-schwachstelle-umgeht-datenschutzkontrollen-im-safari-browser-302991.html
-
DDI-Management, Asset-Transparenz und proaktive Sicherheit – Infoblox verbessert Zusammenarbeit von NetOps, CloudOps und SecOps
Tags: unclassifiedFirst seen on security-insider.de Jump to article: www.security-insider.de/-infoblox-universal-ddi-product-suite-a-b5b2d6b1a2b0c07d277dbfd813d1d024/
-
Hacker Arrested for Invading Computers Selling Police Data
The Federal Police arrested a 33-year-old Brazilian hacker in Belo Horizonte, Minas Gerais. The suspect is accused of infiltrating the systems of the Federal Police (PF) and other international institutions to sell sensitive data. This arrest marks a critical step in addressing cybercrime that targets government and private entities worldwide. Details of the Arrest The…
-
Cyera Acquires Data Loss Prevention Firm Trail Security for $162 Million
Data security company Cyera has acquired stealth mode startup Trail Security for its data loss prevention (DLP) technology. The post Cyera Acquires Data Loss Prevention Firm Trail Security for $162 Million appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cyera-acquires-data-loss-prevention-firm-trail-security-for-162-million/
-
Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser
Microsoft has disclosed details about a now-patched security flaw in Apple’s Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user’s privacy preferences and access data.The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133. It was addressed by Apple as part of…
-
NIS2-Deadline naht – Software-Lieferketten im Visier: Was IT-Experten jetzt wissen müssen
First seen on security-insider.de Jump to article: www.security-insider.de/eu-nis-2-richtlinie-herausforderungen-auswirkungen-unternehmen-a-deb651a1537daea682100867a78d35f6/
-
Dieser Banking-Trojaner kann sogar deinen Smartphone-Pin stehlen
Tags: bankingFirst seen on t3n.de Jump to article: t3n.de/news/banking-trojaner-smartphone-pin-1651706/
-
Critical Vulnerability in Kubernetes Image Builder Exposes Nodes to Root Access
A new security risk has emerged in the Kubernetes Image Builder, posing a critical threat to organizations that utilize this tool for managing their containerized environments. The Kubernetes Image Builder vulnerability tracked as CVE-2024-9486, has been assigned a CVSS score of 9.8, indicating its severity. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/kubernetes-image-builder-vulnerability/
-
SafeBreach Coverage for US CERT AA24-290A (Iranian Cyber Actors)
Iranian threat actors are using brute force and other techniques to compromise critical infrastructure entities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/safebreach-coverage-for-us-cert-aa24-290a-iranian-cyber-actors/
-
Intel robustly refutes China’s accusations it bakes in NSA backdoors
Chipzilla uses WeChat post to defend record of following local laws First seen on theregister.com Jump to article: www.theregister.com/2024/10/18/intel_replies_china_security_allegations/
-
Biz hired, and fired, a fake North Korean IT worker then the ransom demands began
‘My webcam isn’t working today’ is the new ‘The dog ate my network’ First seen on theregister.com Jump to article: www.theregister.com/2024/10/18/ransom_fake_it_worker_scam/
-
Despite massive security spending, 44% of CISOs fail to detect breaches
Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/18/cisos-security-tools/
-
What to do if your iPhone or Android smartphone gets stolen?
A lost, stolen, or compromised smartphone today means we are in serious trouble. Most people have everything related to their personal and professional lives stored on their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/18/iphone-android-stolen-smartphone-minimize-damage/
-
45-Day Certs? You’ve Got No Time to Lose!
Tags: appleRemember when we were bracing ourselves for 90-day certificates? That shift felt like a game-changer, yet here we are, with a new curveball: 45-day certificates are making their way into the mix. It wasn’t too long ago that speculation around Apple’s influence hinted at the possibility of even shorter cert lifespans. Fast forward, and the……
-
New infosec products of the week: October 18, 2024
Here’s a look at the most interesting products from the past week, featuring releases from ExtraHop, GitGuardian, Nametag, Okta, Rubrik, and Sectigo. GitGuardian Visual Studio … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/18/new-infosec-products-of-the-week-october-18-2024/
-
Mastering Product-led Onboarding in B2B SaaS: A Comprehensive Guide
Dive into the world of product-led onboarding for B2B SaaS. This guide explores key strategies and best practices to create an engaging and effective onboarding experience that turns new users into power users. Learn how to optimize user journeys, reduce churn, and drive product adoption. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/mastering-product-led-onboarding-in-b2b-saas-a-comprehensive-guide/
-
Pro-Russian Threat Actors Launch Coordinated DDoS Attacks Against Japanese Organizations
Japan has become the latest target of pro-Russian hacktivists following the country’s move towards increased military cooperation with the US. According to a new report from cybersecurity researcher Marcin Nawrocki... First seen on securityonline.info Jump to article: securityonline.info/pro-russian-threat-actors-launch-coordinated-ddos-attacks-against-japanese-organizations/
-
USENIX NSDI ’24 EPVerifier: Accelerating Update Storms Verification with Edge-Predicate
Authors/Presenters:Chenyang Zhao, Yuebin Guo, Jingyu Wang, Qi Qi, Zirui Zhuang, Haifeng Sun, Lingqi Guo, Yuming Xie, Jianxin Liao Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI ’24) content, placing the organizations enduring commitment to Open Access front and center.…