Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Shibboleth Identity Provider ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Shibboleth Identity Provider: Schwachstelle ermöglicht…
Malicious Snow White Movie Download Targets Viewers with New Malware
As the latest adaptation of Snow White hits theaters with lukewarm reception, the absence of streaming options on platforms like Disney+ has led many viewers to seek pirated versions online. This trend is not new; every major movie release without…
VanHelsing Ransomware: What You Need To Know
What is the VanHelsing ransomware? First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation. Oh, so it’s a relatively new player on the malware scene, then. Why the concern? At least three victims of VanHelsing have already…
AIs as Trusted Third Parties
This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of…
New Issuance Requirements Improve HTTPS Certificate Validation
HTTPS certificate issuance now requires Multi-Perspective Issuance Corroboration and linting to improve validation. The post New Issuance Requirements Improve HTTPS Certificate Validation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: New Issuance Requirements…
Cloudflare open sources OPKSSH to bring Single Sign-On to SSH
OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access. By tightly integrating with identity providers (IdPs) and avoiding any…
Morphing Meerkat PhaaS Platform Spoofs 100+ Brands
A PhaaS platform, dubbed ‘Morphing Meerkat,’ uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel This article has been indexed from www.infosecurity-magazine.com Read the original article: Morphing Meerkat PhaaS Platform Spoofs 100+…
Sicherheitslücken Gitlab: Heruntergestufte Admins behalten weitreichende Rechte
Mehrere Schwachstellen bedrohen die Softwareentwicklungsplattform Gitlab. Gegen mögliche Attacken gerüstete Versionen stehen zum Download. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Sicherheitslücken Gitlab: Heruntergestufte Admins behalten weitreichende Rechte
[NEU] [mittel] JetBrains TeamCity: Mehrere Schwachstellen
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in JetBrains TeamCity ausnutzen, um Informationen offenzulegen und einen Cross-Site-Scripting-Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] JetBrains TeamCity:…
[UPDATE] [hoch] CrushFTP: Schwachstelle ermöglicht das Umgehen der Authentisierung
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in CrushFTP ausnutzen, um die Authentisierung zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [hoch] CrushFTP: Schwachstelle ermöglicht das Umgehen…
Generative AI providers rewriting the rules of automated traffic – F5 report
Over half of page requests for web content are now automated as LLM scrapers take over Over a third of login attempts for the Technology industry are account takeover attacks Healthcare and Hospitality were the most targeted industries on web,…
GLPI ITSM Tool Flaw Allows Attackers to Inject Malicious SQL Queries
A critical SQL injection vulnerability, tracked as CVE-2025-24799, has been identified in GLPI, a widely used open-source IT Service Management (ITSM) tool. The flaw, if exploited, enables remote, unauthenticated attackers to manipulate database queries, potentially leading to severe consequences such as data…
Hackers Exploit MailChimp Email Marketing Platform Using Phishing and Social Engineering Tactics
Cybercriminals are increasingly targeting MailChimp, a popular email marketing platform, through sophisticated phishing and social engineering attacks. Recent incidents reveal compromised accounts being used to exfiltrate subscriber lists, impersonate trusted brands, and launch secondary attacks. Attackers bypass multi-factor authentication (MFA)…
Keeper Unveils Latest WearOS App for Android
Keeper Security has unveiled its latest improvements to the Keeper WearOS app that accompanies their flagship password management solution. The upscaled app enhances security and ease for smartwatch users. The update aligns with Google’s latest Android guidelines, providing a more intuitive…
Redcurl Actors New Ransomware Exclusively Attacking Hyper-V Servers
A new ransomware strain has been discovered targeting virtualized environments, specifically Microsoft Hyper-V servers. This targeted approach marks a significant evolution in ransomware tactics, as the malware focuses exclusively on hypervisors rather than encrypting all endpoint devices, creating maximum damage…
Blacklock Ransomware Infrastructure Intruded to Uncover Their Planned Attacks
Blacklock ransomware, also known as “El Dorado” or “Eldorado,” emerged as one of the most aggressive ransomware-as-a-service (RaaS) operations in early 2025. The group rapidly accelerated attacks across multiple sectors including electronics, academia, religious organizations, defense, healthcare, technology, and government…
Cloudflare Announces OpenPubkey SSH to Integrate Single-Sign-on With SSH
Cloudflare announced the open-sourcing of OPKSSH (OpenPubkey SSH) on March 25, 2025. This technology integrates single sign-on (SSO) with SSH authentication, eliminating the need for manual SSH key management. Previously owned by BastionZero (acquired by Cloudflare), the code has been…
Meta AI Will Begin Rolling Out Across 41 European Countries
After nearly a year of regulatory hurdles, Meta has finally begun deploying its conversational AI assistant across the European Union and neighboring countries this week. The rollout, which covers 41 European countries and 21 overseas territories, marks Meta’s largest global…
GLPI Open-source ITSM Tool Vulnerability Let Attackers Inject Malicious SQL Queries
A critical vulnerability in GLPI, a widely-used open-source IT Service Management (ITSM) platform tracked as CVE-2025-24799, enables unauthenticated attackers to perform SQL injection attacks through the inventory endpoint. This flaw can lead to remote code execution (RCE), potentially resulting in…
Morphing Meerkat Phishing Kits Target Over 100 Brands
A threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages. The post Morphing Meerkat Phishing Kits Target Over 100 Brands appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857)…
Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and…
IT Security News Hourly Summary 2025-03-28 12h : 10 posts
10 posts were published in the last hour 10:39 : Safeguarding Patient Data and Embracing Emerging Technologies 10:39 : Mozilla fixed critical Firefox vulnerability CVE-2025-2857 10:39 : Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe 10:10 : Risiko für…
Safeguarding Patient Data and Embracing Emerging Technologies
The healthcare industry is particularly vulnerable to cybersecurity threats due to the valuable data it processes; Protected Health Information (PHI) is among the most sensitive and valuable data in existence. As the past few years have shown, the consequences of…