Tag: software
-
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code
by
in SecurityNewsOpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security vulnerability that could allow attackers to crash servers and potentially execute remote code under certain conditions. The flaw, identified as CVE-2025-2704, affects OpenVPN servers using specific configurations and has been addressed in the newly released version OpenVPN 2.6.14. CVE-2025-2704: Overview The vulnerability is…
-
Apache Traffic Server Flaw Allows Request Smuggling Attacks
by
in SecurityNewsA critical vulnerability has been discovered in Apache Traffic Server (ATS), an open-source caching proxy server. Identified as CVE-2024-53868, this flaw enables attackers to exploit request smuggling via malformed chunked messages. Users of Apache Traffic Server are urged to upgrade to secure versions of the software immediately to mitigate potential risks. CVE-2024-53868 Details The vulnerability was…
-
Connected cars drive into a cybersecurity crisis
by
in SecurityNewsTechnology has entered all areas of life, and our cars are no exception. They have become computers on wheels, equipped with sensors, software, and connectivity that provide … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/04/cybersecurity-risks-cars/
-
3 Leading Computer Monitoring Software for Schools
by
in SecurityNewsCybercriminals commonly target K-12 schools. 71% of UK secondary schools reported a breach or attack in the previous year alone, mirrored by schools across the U.S. This, paired with internal threats, requires schools to adopt advanced computer monitoring tools. In this article, we’ll cover key features to consider in computer monitoring software and three ……
-
Open Source vs. proprietäre Software – Nur mit Offenheit gelingt digitale Souveränität in Europa
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/open-source-vs-proprietaere-software-peter-ganten-erklaert-a-f5d165ae509d467b552c4dd5d0a58ca2/
-
Cisco Smart Licensing Utility Flaws Allowed Attackers to Gain Admin Access
by
in SecurityNewsCisco has disclosed critical vulnerabilities in its Smart Licensing Utility software, identified as CVE-2024-20439 and CVE-2024-20440, which could allow unauthenticated, remote attackers to gain administrative access or collect sensitive information from compromised systems. These flaws, rated with a severity score of 9.8 in the Common Vulnerability Scoring System (CVSS), pose significant security risks to organizations…
-
Unbefugter Zugriff bei einem Software-Unternehmen aus den USA
Oracle tells clients of second recent hack, log-in data stolen, Bloomberg News reports First seen on reuters.com Jump to article: www.reuters.com/technology/cybersecurity/oracle-tells-clients-second-recent-hack-log-in-data-stolen-bloomberg-news-2025-04-02/
-
Open-source malware doubles, data exfiltration attacks dominate
by
in SecurityNewsThere’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/open-source-malware-index-q1-2025/
-
Raw Deel: Corporate spy admits role in espionage at HR software biz Rippling
by
in SecurityNewsDouble-oh-sh… First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/deel_rippling_espionage/
-
Cyber threats against software supply chain fueled by AI
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/cyber-threats-against-software-supply-chain-fueled-by-ai
-
Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware
by
in SecurityNewsA recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the DeepSeek LLM and popular remote desktop applications to distribute the Trojan-Downloader.Win32.TookPS malware. The attackers targeted both individual users and organizations by disguising malicious software as legitimate business tools, including UltraViewer, AutoCAD, and SketchUp. Malicious Infrastructure and Infection Chain The TookPS malware…
-
Check Point Software confirms security incident but pushes back on threat actor claims
by
in SecurityNewsA malicious hacker recently offered to sell the security firm’s sensitive customer information. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/check-point-software-security-incident/744198/
-
Hacker stiehlt Kundendaten von Samsung Deutschland
by
in SecurityNewsSamsung Deutschland ist von einem Datenleck betroffen. Samsung DeutschlandBei Samsung Deutschland hat es offenbar ein massives Datenleck gegeben. Etwa 270.000 Kundendatensätze von Samsung Electronics Deutschland werden derzeit in einem Darknet-Forum angeboten. Ein krimineller Hacker mit dem Pseudonym ‘GHNA” will diese Daten kürzlich aus dem Support-System von Samsung kopiert haben.Dem Darknet-Post zufolge enthalten die geleakten Datensätze…
-
Jeder fünfte verseuchte EAnhang ist ein PDF
by
in SecurityNewsMit über 400 Milliarden geöffneten PDF-Dateien im vergangenen Jahr ist das bekannte Dateiformat das ideale Vehikel für Cyber-Kriminelle, um bösartigen Code zu verstecken. Aktuelle Erkenntnisse aus der IT-Forensik unterstreichen dies: 68 Prozent aller bösartigen Angriffe erfolgen per E-Mail, wobei PDF-Angriffe inzwischen 22 Prozent aller bösartigen E-Mail-Anhänge ausmachen. Das hat Check Point Software Technologies im Rahmen einer…
-
Python Introduces New Standard Lock File Format for Enhanced Security
by
in SecurityNewsThe Python Software Foundation (PSF) has officially announced the adoption of a new standardized lock file format, outlined in PEP 751. This development is a major milestone for the Python packaging ecosystem, aiming to make dependency management more secure, reproducible, and universally compatible across tools. The new file format, named pylock.toml, introduces a structured way to record…
-
10 best practices for vulnerability management according to CISOs
by
in SecurityNews
Tags: api, attack, automation, best-practice, business, ceo, cio, ciso, control, cybersecurity, data, detection, framework, group, incident response, metric, mitre, penetration-testing, programming, ransomware, risk, risk-management, service, software, strategy, technology, threat, tool, update, vulnerability, vulnerability-management1. Culture Achieving a successful vulnerability management program starts with establishing a cybersecurity-minded culture across the organization. Many CISOs admitted to facing historical cultural problems, with one summing it up well. “Our cybersecurity culture was pretty laissez-faire until we got hit with Log4J and then a ransomware attack,” he told CSO. “These events were an…
-
Das gehört in Ihr Security-Toolset
by
in SecurityNews
Tags: access, ai, antivirus, authentication, backup, breach, business, cloud, compliance, control, cyberattack, cybersecurity, data, data-breach, defense, detection, edr, firewall, gartner, governance, iam, identity, incident response, intelligence, iot, malware, mfa, ml, mobile, network, password, ransomware, risk, saas, service, software, spyware, threat, tool, update, vulnerability, vulnerability-managementLesen Sie, welche Werkzeuge essenziell sind, um Unternehmen gegen Cybergefahren abzusichern.Sicherheitsentscheider sind mit einer sich kontinuierlich verändernden Bedrohungslandschaft, einem zunehmend strengeren, regulatorischen Umfeld und immer komplexeren IT-Infrastrukturen konfrontiert. Auch deshalb wird die Qualität ihrer Sicherheits-Toolsets immer wichtiger.Das Problem ist nur, dass die Bandbreite der heute verfügbaren Cybersecurity-Lösungen überwältigend ist. Für zusätzliche Verwirrung sorgen dabei nicht…
-
Ransomware Threatens 93% of Industries”, Resilience Is Critical
by
in SecurityNews
Tags: breach, business, cyber, data, data-breach, malicious, ransomware, resilience, software, threatRansomware continues to be one of the most disruptive cyber threats, with recent data revealing that it affects 93% of industries globally. According to Verizon’s 2024 Data Breach Investigations Report, ransomware is implicated in one-third of all data breaches, underscoring its widespread impact across sectors. This malicious software encrypts critical business data and demands payment…
-
AI and the Future of Cybersecurity: Opportunities and Risks
by
in SecurityNewsAlthough once just a staple of science fiction, AI-powered tools are now a pillar of modern security compliance management services. No mere chatbots, these headline features enhance systems’ cybersecurity by detecting threats, predicting vulnerabilities, and responding to incidents in real time. But as this software garners more attention, we must separate the hype from the”¦…
-
Plantronics Hub Flaw Allows Attackers to Gain Elevated Privileges
by
in SecurityNewsA critical vulnerability has been identified in the Plantronics Hub software, a client application commonly used to configure Plantronics audio devices such as headsets. The flaw, classified as an unquoted search path vulnerability, allows attackers to execute arbitrary files and escalate privileges to administrative levels under certain conditions. This issue is particularly concerning as the…
-
Critical vulnerability in CrushFTP file transfer software under attack
by
in SecurityNewsQuestions and confusion surround the authentication bypass vulnerability, which was privately disclosed to customers on March 21. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-vulnerability-crushftp-under-attack/744078/
-
Altgeräte bedrohen Sicherheit in Unternehmen
by
in SecurityNews
Tags: access, apache, authentication, botnet, bug, cisco, cloud, cve, cyberattack, dns, endpoint, firewall, Hardware, intelligence, Internet, ivanti, lazarus, linux, macOS, network, open-source, password, radius, ransomware, risk, router, sans, service, software, supply-chain, threat, update, vulnerabilitySchwachstellen in alten Netzwerkgeräten stellen ein erhebliches Sicherheitsrisiko für Unternehmen dar.Eine Analyse von Ciscos Threat-Intelligence-Team Talos zeigt, zwei der drei häufigsten Schwachstellen, auf die es Angreifer im Jahr 2024 abgesehen hatten, waren in alten Netzwerkgeräten zu finden. Das Problem ist, dass Hersteller dazu keine Patches mehr herausgeben.’Dies unterstreicht, wie wichtig es ist, veraltete Komponenten des…
-
Top 10 Most-Used RDP Passwords Are Not Complex Enough
by
in SecurityNewsNew research from Specops Software shows attackers successfully attack and gain access to RDP with the most basic passwords. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/top-10-rdp-passwords-not-complex
-
Critical auth bypass bug in CrushFTP now exploited in attacks
by
in SecurityNewsAttackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-auth-bypass-bug-in-crushftp-now-exploited-in-attacks/
-
Top 10 Most Used RDP Passwords Are Not Complex Enough
by
in SecurityNewsNew research from Specops Software shows attackers successfully attack and gain access to RDP with the most basic passwords. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/top-10-rdp-passwords-not-complex
-
World Backup Day 2025: Warum lokale Software-Hersteller die bessere Wahl sind – Backup mit Weitblick
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/backup-mit-weitblick-a-f1b5ee0acfd7054fd0fda33d32f7d943/