Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen…
Author: wordpress
[UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Linux…
[NEU] [mittel] Tenable Security Nessus Network Monitor: Mehrere Schwachstellen ermöglichen Privilegieneskalation
Ein lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um seine Privilegien zu erhöhen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Tenable Security…
Winos 4.0 Malware Masquerades as VPN and QQBrowser to Target Users
A sophisticated malware campaign deploying Winos 4.0, a memory-resident stager, has been uncovered by Rapid7, targeting users through fake installers of popular software like LetsVPN and QQBrowser. Initially detected during a February 2025 Managed Detection and Response (MDR) investigation, this…
IT Security News Hourly Summary 2025-05-23 12h : 13 posts
13 posts were published in the last hour 9:34 : Warten auf Sicherheitsupdate: Versa Concerto ist schwer verwundet 9:33 : Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt 9:32 : ViciousTrap Hackers Breaches 5,500+ Edge Devices from 50+…
TAG-110 Hackers Deploy Malicious Word Templates in Targeted Attacks
The Russia-aligned threat actor TAG-110, also linked to UAC-0063 and APT28 (BlueDelta) with medium confidence by CERT-UA, has shifted tactics to target government, educational, and research entities in Tajikistan. According to analysis by Insikt Group from Recorded Future Report, TAG-110…
Critical NETGEAR Router Vulnerability Let Attackers Gain Full Admin Access
A newly disclosed authentication bypass vulnerability has exposed thousands of NETGEAR DGND3700v2 routers to remote attacks, allowing cybercriminals to gain complete administrative control without requiring valid credentials. The flaw, tracked as CVE-2025-4978 and assigned a critical CVSS score of 9.3,…
Companies Warned of Commvault Vulnerability Exploitation
CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments. The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Companies Warned…
NETGEAR Router Flaw Allows Full Admin Access by Attackers
A severe authentication bypass vulnerability (CVE-2025-4978) has been uncovered in NETGEAR’s DGND3700v2 wireless routers, enabling unauthenticated attackers to gain full administrative control over affected devices. The flaw, rated with a critical CVSSv4 score of 9.3, stems from a hidden backdoor…
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K…
Law Enforcement Busts Initial Access Malware Used to Launch Ransomware
A new Europol-led operation has dismantled infrastructure for key initial access malware used to launch ransomware attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Law Enforcement Busts Initial Access Malware Used to Launch Ransomware
[UPDATE] [mittel] Cisco WebEx: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Cisco WebEx ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Daten zu manipulieren. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE]…
[NEU] [mittel] Grafana: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein lokaler Angreifer kann eine Schwachstelle in Grafana ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Grafana: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Scarcity signals: Are rare activities red flags?
Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones. This article has been indexed from Cisco Talos Blog Read the original article:…
Threat Brief: CVE-2025-31324 (Updated May 23)
CVE-2025-31324 impacts SAP NetWeaver’s Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. The post Threat Brief: CVE-2025-31324 (Updated May 23) appeared first on Unit 42. This article has been indexed from Unit…
Mysterious hacking group Careto was run by the Spanish government, sources say
The elusive hacking group Careto was never publicly linked to a specific government, but TechCrunch has learned researchers concluded privately that the Spanish government was behind the group. This article has been indexed from Security News | TechCrunch Read the…
Operation RapTor led to the arrest of 270 dark web vendors and buyers
Law enforcement operation codenamed ‘Operation RapTor’ led to the arrest of 270 dark web vendors and buyers across 10 countries. Police arrested 270 suspects following an international law enforcement action codenamed ‘Operation RapTor’ that targeted dark web vendors and customers…
ModSecurity Vulnerability Exposes Millions of Web Servers to Severe DoS Condition
A critical vulnerability in ModSecurity’s Apache module has been disclosed, potentially exposing millions of web servers worldwide to denial-of-service attacks. The flaw, tracked as CVE-2025-47947 and assigned a CVSS score of 7.5, affects the popular open-source web application firewall’s handling…
LockBit Data Leak Unveils Most Active Affiliates & Their Innerworkings
A significant data breach has exposed the inner workings of one of the world’s most prolific ransomware operations, providing unprecedented insight into LockBit’s affiliate structure and victim targeting strategies. The treasure trove of leaked information, published on LockBit’s hijacked leak…
Exploitable Vulnerabilities in Canon Printers Allow Attackers to Gain Admin Privileges
Canon Inc. has issued a critical security advisory warning customers about severe vulnerabilities affecting a wide range of their production printers, office multifunction printers, and laser printers. The vulnerabilities, identified as CVE-2025-3078 and CVE-2025-3079, enable malicious actors to extract sensitive…