26 posts were published in the last hour 10:39 : [NEU] [niedrig] Kubernetes: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 10:38 : [NEU] [mittel] Tenable Security Nessus Agent: Schwachstelle ermöglicht Privilegieneskalation 10:38 : [NEU] [mittel] Liferay Portal und Liferay DXP: Schwachstelle ermöglicht…
[NEU] [niedrig] Kubernetes: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in Kubernetes ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [niedrig] Kubernetes: Schwachstelle ermöglicht Umgehen…
[NEU] [mittel] Tenable Security Nessus Agent: Schwachstelle ermöglicht Privilegieneskalation
Ein lokaler Angreifer kann eine Schwachstelle in Tenable Security Nessus ausnutzen, um seine Privilegien zu erhöhen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Tenable Security Nessus Agent:…
[NEU] [mittel] Liferay Portal und Liferay DXP: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Liferay Portal und Liferay DXP ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Liferay Portal und…
[NEU] [mittel] IBM Security Guardium: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um Sicherheitsbeschränkungen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen und vertrauliche Informationen preiszugeben. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den…
Schneider Electric EcoStruxure™
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure™ Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a local privilege escalation, which…
Cisco Smart Licensing Utility flaws actively exploited in the wild
Experts warn of the active exploitation of two recently patched security vulnerabilities affecting Cisco Smart Licensing Utility. Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, a static credential backdoor, and CVE-2024-20440, an information disclosure flaw. Attackers can exploit…
Threat landscape for industrial automation systems in Q4 2024
The report contains statistics on malware, initial infection vectors and other threats to industrial automation systems in Q4 2024. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems in Q4 2024
Imperva Named a Leader in Forrester Wave™: Web Application Firewall (WAF) Solutions: A Continued Legacy of Excellence
In today’s digital-first environment, protecting web applications and APIs is a critical priority for businesses. Organisations seek trusted solutions that balance robust protection, scalability, and ease of use. It’s no surprise that Imperva has been named a Leader in the…
Cloudflare to Close All HTTP Ports for APIs, Enforces HTTPS Connection
Cloudflare announced today that it has closed all HTTP ports on api.cloudflare.com, taking a significant step toward eliminating the security risks associated with cleartext HTTP traffic. The change, effective immediately, prevents sensitive information such as API tokens from being transmitted…
Hellcat Ransomware Group Hacked Ascom Technical Ticketing System
Swiss telecommunications solutions provider Ascom has fallen victim to a cyberattack by the notorious Hellcat ransomware group, which compromised the company’s technical ticketing system on March 16, 2025. The attack represents the latest in a global hacking spree targeting Jira…
Infosys Agrees to $17.5 Million Settlement Following 2023 Data Breach
Indian technology giant Infosys Limited has agreed to pay $17.5 million to settle six class action lawsuits from a significant data breach at its U.S. subsidiary, Infosys McCamish Systems LLC (McCamish). The settlement, announced on March 14, 2025, resolves allegations…
MEDUSA Ransomware Using Malicious ABYSSWORKER Driver to Disable EDR
MEDUSA ransomware operation has been observed leveraging a sophisticated malicious driver called ABYSSWORKER to disable endpoint detection and response (EDR) systems. This dangerous capability allows the ransomware to operate undetected, significantly increasing the threat to organizations’ security infrastructure. The ABYSSWORKER…
Hackers Exploiting Checkpoint’s Driver in BYOVD Attack to Bypass Windows Security
A sophisticated attack where threat actors exploited vulnerabilities in vsdatant.sys, a kernel-level driver used by Checkpoint’s ZoneAlarm antivirus software. Originally released in 2016, this driver became the target of a Bring Your Own Vulnerable Driver (BYOVD) attack, allowing attackers to…
Former NFL, Michigan Assistant Coach Matt Weiss Charged With Hacking for Athletes’ Intimate Photos
Former NFL and University of Michigan assistant football coach Matt Weiss hacked into the computer accounts of thousands of college athletes seeking intimate photos and videos. The post Former NFL, Michigan Assistant Coach Matt Weiss Charged With Hacking for Athletes’…
Interview: Warum das BSI vor Fake-Captchas warnt und worauf man achten sollte
Anfang März hatte das BSI vor Fake-Captcha gewarnt. Worauf man achten sollte, erklärt Benedict Padberg von Friendly Captcha. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Interview: Warum das BSI vor Fake-Captchas warnt und worauf…
Angreifer machen sich an Hintertür in Cisco Smart Licensing Utility zu schaffen
Jetzt patchen! Angreifer verschaffen sich Adminzugriff auf Cisco Smart Licensing Utility. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Angreifer machen sich an Hintertür in Cisco Smart Licensing Utility zu schaffen
US-Richterin stoppt Doge: Keine sensiblen Daten für Musk-Behörde
Eine US-Bundesrichterin hat vorläufig Doges Zugriff auf persönliche Daten bei der Sozialversicherungsbehörde eingeschränkt. (Doge, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: US-Richterin stoppt Doge: Keine sensiblen Daten für Musk-Behörde
[NEU] [mittel] OpenBSD: Schwachstelle ermöglicht Denial of Service
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in OpenBSD ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] OpenBSD: Schwachstelle ermöglicht…
Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations
Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation. This article has been indexed from Trend Micro Research,…
I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
In a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to…
VanHelsing Ransomware Targets Windows Systems with New Evasion Tactics and File Extension
The cybersecurity landscape has been recently disrupted by the emergence of the VanHelsing ransomware, a sophisticated strain identified by the CYFIRMA Research and Advisory Team. This ransomware targets Windows systems, employing advanced encryption techniques and appending a unique “.vanhelsing” extension…
Schneider Electric EcoStruxure™
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure™ Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a local privilege escalation, which…
Imperva Named a Leader in Forrester Wave™: Web Application Firewall (WAF) Solutions: A Continued Legacy of Excellence
In today’s digital-first environment, protecting web applications and APIs is a critical priority for businesses. Organisations seek trusted solutions that balance robust protection, scalability, and ease of use. It’s no surprise that Imperva has been named a Leader in the…