Die Produkte der Marken Avast, AVG, Avira und Norton von Gen Digital bringen Dienste mit, in den Sicherheitslecks klaffen. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: TuneUp und Dienste in Avast, AVG, Avira und…
Als Proxy missbraucht: 20 Jahre altes Router-Botnetz zerschlagen
Ein Botnetz aus Tausenden von Routern soll den Betreibern mehr als 46 Millionen US-Dollar eingebracht haben. Doch damit ist jetzt Schluss. (Botnet, Malware) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Als Proxy missbraucht: 20…
[NEU] [mittel] Apache Commons Configuration: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons Configuration ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Apache…
Japanese Account Hijackers Make $2bn+ of Illegal Trades
Hackers have compromised Japanese trading accounts in an apparent attempt to manipulate the stock market This article has been indexed from www.infosecurity-magazine.com Read the original article: Japanese Account Hijackers Make $2bn+ of Illegal Trades
[NEU] [mittel] IBM Storage Scale: Mehrere Schwachstellen
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM Storage Scale ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial-of-Service auszulösen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel]…
Google Researchers Use Mach IPC to Uncover Sandbox Escape Vulnerabilities
Google Project Zero researchers have uncovered new sandbox escape vulnerabilities in macOS using an innovative approach that leverages Mach Interprocess Communication (IPC) mechanisms-core components of Apple’s operating system. Their public research details how low-level message passing between privileged and sandboxed…
A Subtle Form of Siege: DDoS Smokescreens as a Cover for Quiet Data Breaches
DDoS attacks have long been dismissed as blunt instruments, favored by script kiddies and hacktivists for their ability to overwhelm and disrupt. But in today’s fragmented, hybrid-cloud environments, they’ve evolved into something far more cunning: a smokescreen. What looks like…
Assessment Frameworks for NIS Directive Compliance
According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across the EU and enhance the overall level of security of operators providing essential services…
PoC Exploit Released For Linux Kernel’s nftables Subsystem Vulnerability
A critical Proof-of-Concept (PoC) exploit has been released for a significant vulnerability in the Linux kernel’s nftables subsystem, tracked as CVE-2024-26809. This flaw, rooted in the kernel’s netfilter infrastructure, exposes affected systems to local privilege escalation through a sophisticated double-free…
New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis
Cybersecurity experts have identified a sophisticated phishing technique that exploits blob URIs (Uniform Resource Identifiers) to evade detection by Secure Email Gateways (SEGs) and security analysis tools. This emerging attack method leverages the unique properties of blob URIs, which are…
US Announces Botnet Takedown, Charges Against Russian Administrators
Anyproxy and 5socks, websites offering proxy services through devices ensnared by a botnet, have been disrupted in a law enforcement operation. The post US Announces Botnet Takedown, Charges Against Russian Administrators appeared first on SecurityWeek. This article has been indexed…
So schützt du deine Social-Media-Konten vor SIM-Swapping-Angriffen | Offizieller Blog von Kaspersky
Wie kapern Betrüger Social-Media-Konten? Und was kannst du dagegen tun? Dieser Artikel wurde indexiert von Offizieller Blog von Kaspersky Lesen Sie den originalen Artikel: So schützt du deine Social-Media-Konten vor SIM-Swapping-Angriffen | Offizieller Blog von Kaspersky
[NEU] [hoch] Kong Insomnia: Schwachstelle ermöglicht Codeausführung
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Kong Insomnia ausnutzen, um beliebigen Programmcode auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [hoch] Kong Insomnia: Schwachstelle ermöglicht Codeausführung
[NEU] [UNGEPATCHT] [mittel] Grub: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein lokaler Angreifer kann eine Schwachstelle in Grub ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [UNGEPATCHT] [mittel] Grub: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Hackers Exploit Legacy Protocols in Microsoft Entra ID to Bypass MFA and Conditional Access
A sophisticated and highly coordinated cyberattack campaign came to light, as tracked by Guardz Research. This operation zeroed in on legacy authentication protocols within Microsoft Entra ID, exploiting outdated methods to sidestep modern security measures like Multi-Factor Authentication (MFA) and…
Cybercriminals Hide Undetectable Ransomware Inside JPG Images
A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image files to deliver fully undetectable (FUD) ransomware, according to a recent disclosure by cybersecurity researchers. This technique, which bypasses traditional antivirus systems, highlights an alarming evolution in…
Unending ransomware attacks are a symptom, not the sickness
We need to make taking IT systems ‘off the books’ a problem for corporate types Opinion It’s been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due…
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. “Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms…
German Police Shutter “eXch” Money Laundering Service
Germany’s BKA has seized the infrastructure behind the crypto swapping service eXch This article has been indexed from www.infosecurity-magazine.com Read the original article: German Police Shutter “eXch” Money Laundering Service
Microsoft 365: Support für Office-Apps unter Windows 10 plötzlich erweitert
Entgegen früheren Angaben will Microsoft Windows-10-Nutzer nun doch noch weiter mit Sicherheitsupdates für Office-Anwendungen versorgen. (Microsoft 365, Microsoft) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Microsoft 365: Support für Office-Apps unter Windows 10 plötzlich…
Mitel SIP Phone Flaws Allow Attackers to Inject Malicious Commands
A pair of vulnerabilities in Mitel’s 6800 Series, 6900 Series, and 6900w Series SIP Phones-including the 6970 Conference Unit-could enable attackers to execute arbitrary commands or upload malicious files to compromised devices, posing significant risks to enterprise communication systems. The…
Defendnot: A Tool That Disables Windows Defender by Registering as Antivirus
Cybersecurity developers have released a new tool called “defendnot,” a successor to the previously DMCA-takedown-affected “no-defender” project. This innovative utility leverages undocumented Windows Security Center APIs to disable Windows Defender by registering itself as a third-party antivirus solution. The developer…
IT Security News Hourly Summary 2025-05-12 09h : 5 posts
5 posts were published in the last hour 7:5 : German police seized eXch crypto exchange 7:5 : When Visibility Meets Action in NHS Cybersecurity 7:4 : Bluetooth 6.1 released, enhances privacy and power efficiency 6:33 : [UPDATE] [mittel] Apache…
Hackers Abuse Copilot AI in SharePoint to Steal Passwords and Sensitive Data
Microsoft’s Copilot for SharePoint, designed to streamline enterprise collaboration through generative AI, has become an unexpected weapon for cybercriminals targeting organizational secrets. Recent findings from cybersecurity researchers reveal that attackers are exploiting AI agents embedded in SharePoint sites to bypass…