Softwarelieferketten in der öffentlichen Verwaltung sollen über die Open-Source-Plattform openCode automatisch abgesichert werden. Das planen BSI und ZenDiS. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: BSI und ZenDiS: Mehr Sicherheit für digitale Infrastrukturen mit…
Apache Roller Vulnerability Allows Hackers to Bypass Access Controls
A newly disclosed vulnerability in Apache Roller, the popular open-source blog server, could allow attackers to bypass critical access controls and retain unauthorized access to accounts even after password changes. The flaw, tracked as CVE-2025-24859, was announced by the Apache Roller…
Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs
A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest. The attack, which began surfacing in March 2025 and primarily targets the finance and professional…
Online Services Again Abused to Exfiltrate Data, (Tue, Apr 15th)
If Attackers can abuse free online services, they will do for sure! Why spend time to deploy a C2 infrastructure if you have plenty of ways to use “official” services. Not only, they don't cost any money but the traffic…
China accuses NSA for launching advanced Cyber Attacks on its infrastructure
Just days after the United States was implicated in launching a series of cyberattacks on the telecom sector under the guise of the “Volt Typhoon” campaign, China has leveled direct accusations against the U.S. National Security Agency (NSA) for conducting…
Why Shutting Down Systems After a Cyberattack is Not Recommended
In the wake of a cyberattack, many organizations instinctively believe that shutting down their systems is the quickest and most effective way to minimize damage. While this response may seem logical, it can, in fact, complicate recovery efforts and lead…
Why shorter SSL/TLS certificate lifespans matter
Digital certificates are the unsung heroes of the internet, silently verifying that the websites, apps, and services you use are legit and your data is safe. For years, we’ve leaned on certificates with maximum validity term stretching for months and,…
Cybercriminal groups embrace corporate structures to scale, sustain operations
In this Help Net Security interview, Sandy Kronenberg, CEO of Netarx, discusses how cybercriminal groups are adopting corporate structures and employee incentives to scale operations, retain talent, and evade detection. He covers the strategic collaborations behind major attacks, business-like parallels,…
Galaxy S24 Vulnerability Poses Risk of Unauthorized File Access
A security flaw in Samsung’s Quick Share feature for the Galaxy S24 series has been disclosed, enabling attackers to create arbitrary files on vulnerable devices. Tracked as CVE-2024-49421, the vulnerability highlights risks in the popular file-sharing tool preinstalled on Samsung’s flagship…
Third-Party Risk Management – How to Build a Strong TPRM Program
In today’s interconnected business environment, organizations increasingly rely on third-party vendors, suppliers, and partners to deliver critical services and functions. While these relationships drive efficiency and innovation, they also introduce significant risks ranging from data breaches and operational disruptions to…
94% of firms say pentesting is essential, but few are doing it right
Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix pentest issues 94% of firms view pentesting as essential to their program.…
Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval
Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns…
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of…
The Growing Threat of Zero-Click Spyware: Why Organizations Must Rethink Smartphone Security
The Rise of Zero-Click Spyware Recent revelations about a zero-click exploit targeting WhatsApp users underscore the growing threat of sophisticated spyware campaigns. Unlike traditional cyberattacks that require user interaction – such as clicking a malicious link or downloading a compromised…
Top 10 Best Zero Trust Solutions 2025
Zero Trust Solutions is a modern cybersecurity framework built on the principle of “never trust, always verify.” Unlike traditional perimeter-based security models, Zero Trust assumes that threats can originate both inside and outside an organization’s network. It enforces strict access…
Colleges and Schools Now Top Targets for Online Threat Actors
Across the globe, a new kind of threat is targeting the very institutions dedicated to shaping the future: schools, colleges, and universities. In 2024, experts warn that educational organizations have become prime targets for online threat actors, including nation-state-backed hackers…
IT Security News Hourly Summary 2025-04-15 06h : 2 posts
2 posts were published in the last hour 3:36 : Trump Revenge Tour Targets Cyber Leaders, Elections 3:36 : Hackers Leveraging Teams Messages to Execute Malware on Windows Systems
The Future of GRC – Integrating ESG, Cyber, and Regulatory Risk
The landscape of Governance, Risk, and Compliance (GRC) is undergoing a profound transformation as organizations face mounting pressures from regulatory bodies, evolving cyber threats, and the growing importance of Environmental, Social, and Governance (ESG) factors. In 2025, the convergence of…
Cybersecurity for Startups – What Early-Stage CISOs Must Prioritize
Early-stage startups face unique cybersecurity challenges that established enterprises have already addressed through years of investment and experience. For Chief Information Security Officers (CISOs) stepping into leadership roles at young companies, the landscape presents both opportunity and complexity. With limited…
Cybersecurity jobs available right now: April 15, 2025
CISO Department of Justice | Australia | On-site – View job details As a CISO, you will be responsible for developing and implementing a cyber security strategy as well as establishing and maintaining the organisation’s strategic enterprise-wide information and cyber…
Chief Legal Officers step up in cybersecurity oversight
In this Help Net Security video, Jennifer Chen, Executive Director of the Association of Corporate Counsel (ACC) Foundation, discusses how globally, Chief Legal Officers (CLOs) are becoming integral leaders in cybersecurity strategy, holding leadership positions, and frequently reporting cybersecurity strategies…
Trump Revenge Tour Targets Cyber Leaders, Elections
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House…
Hackers Leveraging Teams Messages to Execute Malware on Windows Systems
A new sophisticated attack campaign where cybercriminals are exploiting Microsoft Teams to deliver malware and maintain persistent access to corporate networks. The attacks, which represent an evolution in social engineering tactics, specifically target Windows systems through a novel technique that…
ISC Stormcast For Tuesday, April 15th, 2025 https://isc.sans.edu/podcastdetail/9408, (Tue, Apr 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, April 15th, 2025…