IT-Sicherheitsforscher haben sich PV-Systeme angesehen und dabei 46 Schwachstellen aufgedeckt. Sie können Stromnetze gefährden. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Neue Sicherheitslücken in Photovoltaik-Systemen aufgespürt
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 17, 2025 to March 23, 2025)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…
To Meet Compliance Challenges, Focus on Building Great Security
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: To Meet Compliance Challenges, Focus on Building Great Security
Threat Actors Use Fake Booking.com Emails to Deceive Hotel Staff and Gain System Access
A sophisticated phishing campaign targeting the hospitality industry has been uncovered, with threat actors impersonating Booking.com to gain access to hotel systems and customer data. Microsoft Threat Intelligence has attributed the ongoing attacks, which began in December 2024 and continued…
New Research Links RansomHub’s EDRKillShifter to Established Ransomware Gangs
ESET researchers have connections between the newly emerged ransomware-as-a-service (RaaS) group RansomHub and established ransomware gangs, including Play, Medusa, and BianLian. Emerging Threat Actor Connects Multiple Ransomware Operations The investigation centered on RansomHub’s custom EDR killer tool, EDRKillShifter, which has…
New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor
ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and…
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems (ICS) advisory on March 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-037-01 Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update A) CISA encourages users and…
Classiscam Actors Automate Malicious Websites To Steal Financial Data
Online marketplaces have become increasingly popular in developing countries since 2015, providing platforms for trading various goods from used electronics to brand-new items. This digitalization trend, however, has created fertile ground for sophisticated scam operations. Among these, Classiscam has emerged…
Legit’s prevention dashboard helps security teams proactively stop vulnerabilities
Legit Security launched a new Legit AppSec risk prevention dashboard. The new dashboard helps reduce the time, costs, and effort of fixing vulnerabilities by preventing issues in the first place. Legit’s prevention dashboard allows companies to go beyond “shift left”…
IT Security News Hourly Summary 2025-03-27 15h : 24 posts
24 posts were published in the last hour 13:32 : Wyze Cam adds ‘no big deal’ AI filter to cut down on your notifications 13:32 : U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known…
Wyze Cam adds ‘no big deal’ AI filter to cut down on your notifications
It’s using AI to score notifications based on importance, so mundane events like cars driving by won’t flood your phone with alerts. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Wyze Cam…
U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1,2] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV)…
Q&A: Cybersecurity in ‘The Intelligent Era’
The Gurus spoke to Robert Hann, VP of Technical Solutions at Entrust, about the future of IT and the challenges these developments pose to security teams and business leaders globally. What do you think will be the most significant changes…
SandboxAQ Strengthens Leadership in Post-Quantum Security as NIST Approves HQC Algorithm
The National Institute of Standards and Technology (NIST) has officially added HQC (Hamming Quasi-Cyclic), co-invented by SandboxAQ, to its suite of post-quantum cryptographic (PQC) standards, the company announced today. HQC becomes the fifth algorithm selected by NIST in its ongoing…
CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug
Screenshot shows company head unhappy, claiming ‘real CVE is pending’ CrushFTP’s CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer tech disclosed almost a week…
GetReal Security Raises $17.5 Million to Tackle Gen-AI Threats
GetReal Security has raised $17.5 million in series A funding to combat deepfakes, impersonation, and other AI-generated threats. The post GetReal Security Raises $17.5 Million to Tackle Gen-AI Threats appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Cybercrime-Tool Atlantis AIO soll automatisierte Passwort-Attacken optimieren
Leider schläft die organisierte Onlinekriminalität nicht: Sicherheitsforscher sind mit Atlantis AIO auf ein mächtiges Werkzeug zum Kapern von Accounts gestoßen. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Cybercrime-Tool Atlantis AIO soll automatisierte Passwort-Attacken optimieren
[UPDATE] [hoch] Oracle MySQL: Mehrere Schwachstellen
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE]…
[UPDATE] [hoch] Red Hat OpenShift Container Platform: Mehrere Schwachstellen
Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Container Platform ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen, Dateien und Daten zu manipulieren oder Sicherheitsmaßnahmen zu umgehen.…
[UPDATE] [mittel] Red Hat OpenShift: Schwachstelle ermöglicht Offenlegung von Informationen
Ein lokaler Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Red Hat OpenShift: Schwachstelle ermöglicht Offenlegung…
Is Someone Lurking in The Background Waiting To Impersonate You?
Are you confident someone isn’t lurking in the background on your computer right now, gathering information and preparing to impersonate you? The era of confidently sending e-mails securely or answering… The post Is Someone Lurking in The Background Waiting To…
Former Intel CEO Pat Gelsinger Joins Venture Capital Firm
After being ‘retired’ by Intel’s board of directors, ex-CEO Pat Gelsinger has joined a VC firm, as well as board of chip tool startup This article has been indexed from Silicon UK Read the original article: Former Intel CEO Pat…
G2 Names INE 2025 Cybersecurity Training Leader
Cary, North Carolina, 27th March 2025, CyberNewsWire The post G2 Names INE 2025 Cybersecurity Training Leader first appeared on Cybersecurity Insiders. The post G2 Names INE 2025 Cybersecurity Training Leader appeared first on Cybersecurity Insiders. This article has been indexed…
PlayBoy Locker Ransomware Targets Windows, NAS, and ESXi Systems
A new ransomware strain, PlayBoy LOCKER, has been identified targeting Windows, NAS, and ESXi systems. First discovered in September 2024 as a Ransomware-as-a-Service (RaaS) offering, the malware later had its full source code put up for sale in November, potentially…