Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Drupal ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder einen unspezifischen Angriff auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel:…
[UPDATE] [mittel] Roundcube: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Roundcube ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen und vertrauliche Informationen preiszugeben. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Roundcube: Mehrere…
[UPDATE] [mittel] Dell BSAFE: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Dell BSAFE ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Dell BSAFE:…
0-Day Vulnerability in Windows Storage Allow Hackers to Delete the Target Files Remotely
A newly discovered 0-day vulnerability in Windows Storage has sent shockwaves through the cybersecurity community. Identified as CVE-2025-21391, this critical flaw allows attackers to elevate privilege and remotely delete targeted files on a victim’s system without their interaction. Microsoft officially confirmed…
U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-40891 is a…
Thales unveils OneWelcome FIDO Key Management for scalable passkey security
Thales has announced the launch of OneWelcome FIDO Key Lifecycle Management, a new solution to help large organizations successfully deploy and manage FIDO security passkeys at scale. OneWelcome FIDO Key Lifecycle Management combines an interoperable management platform with Thales hardware…
Armor Nexus reduces an organization’s attack surface
Armor unveiled Nexus, a platform designed to provide transparency, proactive risk reduction, and intelligent support for large, complex organizations to ensure an adaptable, comprehensive, and unified cybersecurity strategy. With Nexus, Armor Defense reinforces its commitment of being the trusted security…
Sortieranlage mit KI-Brandschutz-System
Mit dem Einsatz von KI in einer Sortieranlage in Sollenau soll die Abfallsortierung revolutioniert werden. Falsch entsorgte Akkus und Elektrogeräte werden erkannt und damit Bränden vorgebeugt. Dieser Artikel wurde indexiert von Newsfeed Lesen Sie den originalen Artikel: Sortieranlage mit KI-Brandschutz-System
Adobe-Patchday: Schadcode-Sicherheitslücken gefährden Illustrator & Co.
Angreifer können an mehreren Sicherheitslücken in Anwendungen von Adobe ansetzen, um Computer zu kompromittieren. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Adobe-Patchday: Schadcode-Sicherheitslücken gefährden Illustrator & Co.
EchoMark’s API detects, investigates, and identifies the source of data leaks
EchoMark launched its new API. The API seamlessly integrates EchoMark’s watermarking and leak detection capabilities directly into workflows and applications, protecting sensitive information without disrupting current operations. EchoMark is the only company to watermark plain text. Having pioneered forensic watermarking…
LockBit host sanctioned, DeepSeek security, trojanized KMS
LockBit host sanctioned A peak at DeepSeek’s weak security Sandworm targeting Ukraine with trojanized KMS Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is…
Microsoft-Patchday: Angreifer attackieren Windows und löschen Daten
Es sind wichtige Sicherheitsupdates für Azure, Office, Windows und Co. erschienen. Es gibt bereits Attacken. Weitere können bevorstehen. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Microsoft-Patchday: Angreifer attackieren Windows und löschen Daten
Ivanti: Kritische Codeschmuggel-Lücken in VPN und CSA
In Ivantis VPN-Software ICS, IPS und ISAC sowie in Ivanti CSA klaffen kritische Sicherheitslecks. Angreifer können Schadcode unterjubeln. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Ivanti: Kritische Codeschmuggel-Lücken in VPN und CSA
Safer Internet Day – Getting Serious With Passwords
To celebrate Safer Internet Day (SID) and raise further awareness around promoting the safe and positive use of digital technology for the theme “Together for a better Internet,” we’ve decided to focus on a critical element within security that many…
Sandworm APT Hackers Weaponize Microsoft KMS Activation Tools To Compromise Windows
In a sophisticated cyber-espionage operation, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows users. The campaign, which began…
Ratatouille Malware Bypass UAC Control & Exploits I2P Network to Launch Cyber Attacks
A newly discovered malware, dubbed “Ratatouille” (or I2PRAT), is raising alarms in the cybersecurity community due to its sophisticated methods of bypassing User Account Control (UAC) and leveraging the Invisible Internet Project (I2P) network for anonymous Command and Control (C2)…
Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office…
Microsoft Secure Boot Security 0-Day Lets Attackers Steal The Admin Credentials
A significant security vulnerability, identified as CVE-2023-24932, has been discovered in Microsoft’s Secure Boot feature. This vulnerability allows attackers to bypass Secure Boot, potentially leading to the theft of admin credentials. The vulnerability was first disclosed on May 9, 2023,…
Scammers Exploit DeepSeek Hype: Cyber Security Today for Wednesday, February 12, 2025
Scammers Exploit DeepSeek Hype & Jailbreak OpenAI’s O3 Mini – TechNewsDay Update In this episode, we uncover how scammers are exploiting the recent hype around DeepSeek, a new AI model, by creating fake websites, counterfeit cryptocurrency tokens, and malware-laced downloads.…
IT Security News Hourly Summary 2025-02-12 09h : 8 posts
8 posts were published in the last hour 7:33 : Patchday Microsoft: Angreifer attackieren Windows und löschen Daten 7:32 : Democratizing Cybersecurity for Small IT Teams 7:32 : Hackers Can Exploit “Wormable” Windows LDAP RCE Vulnerability for Remote Attacks 7:32…
Patchday Microsoft: Angreifer attackieren Windows und löschen Daten
Es sind wichtige Sicherheitsupdates für Azure, Office, Windows und Co. erschienen. Es gibt bereits Attacken. Weitere können bevorstehen. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Patchday Microsoft: Angreifer attackieren Windows und löschen Daten
Democratizing Cybersecurity for Small IT Teams
A significant number of small businesses remain unprotected against cyber threats due to a lack of dedicated security budgets. Research indicates that 47% of businesses with fewer than 50 employees allocate no budget to cybersecurity, while 51% have no security…
Hackers Can Exploit “Wormable” Windows LDAP RCE Vulnerability for Remote Attacks
A critical new vulnerability in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP), tagged as CVE-2025-21376, has recently come to light, raising alarms across global cybersecurity circles. The flaw, which has been classified as “critical,” could allow remote attackers to execute…
Inside the Söze Syndicate: MFA Flaws, and the Battle for SMB Security
Small and medium-sized businesses are highly vulnerable to Business Email Compromise (BEC) attacks. Threat actors are evolving, exploiting human error and trust while leveraging automation tools and AI. To shed light on this evolving threat, Information Security Buzz spoke with…