In einem Hackerforum ist ein brisanter Datensatz aufgetaucht. Er enthält VPN-Zugangsdaten und Firewall-Konfigurationen von zahlreichen Unternehmen. (Datenleck, Sicherheitslücke) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Fortinet: Hacker teilen Passwörter und Configs von 15.000 Firewalls
[NEU] [mittel] Drupal: Schwachstelle ermöglicht Manipulation von Dateien
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Drupal ausnutzen, um Dateien zu manipulieren. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Drupal: Schwachstelle ermöglicht Manipulation von Dateien
[NEU] [mittel] Kubernetes: Schwachstelle ermöglicht Codeausführung
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Kubernetes ausnutzen, um beliebigen Programmcode auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Kubernetes: Schwachstelle ermöglicht Codeausführung
6 Strategic Innovations Transforming the Fintech Industry
Technology is changing the global economy, and fintech companies are at the backbone of this transformation. To keep… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: 6 Strategic Innovations…
GitHub’s Deepfake Porn Crackdown Still Isn’t Working
Over a dozen programs used by creators of nonconsensual explicit images have evaded detection on the developer platform, WIRED has found. This article has been indexed from Security Latest Read the original article: GitHub’s Deepfake Porn Crackdown Still Isn’t Working
MikroTik botnet relies on DNS misconfiguration to spread malware
Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.…
16-31 October 2024 Cyber Attacks Timeline
In the second timeline of October 2024 I collected 120 events with a threat landscape dominated by malware… This article has been indexed from HACKMAGEDDON Read the original article: 16-31 October 2024 Cyber Attacks Timeline
Data From 15,000 Fortinet Firewalls Leaked by Hackers
Hackers have leaked 15,000 Fortinet firewall configurations, which were apparently obtained as a result of exploitation of CVE-2022–40684. The post Data From 15,000 Fortinet Firewalls Leaked by Hackers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
A threat actor has leaked configuration files (aka configs) for over 15,000 Fortinet Fortigate firewalls and associated admin and user credentials. The collection has been leaked on Monday and publicized on an underground forum by the threat actor that goes…
Contrast Security AVM identifies application and API vulnerabilities in production
Contrast Security released Application Vulnerability Monitoring (AVM), a new capability of Application Detection and Response (ADR). AVM works within applications to find application and API vulnerabilities in production and correlate those vulnerabilities with attacks. Accurately identifying the issues in production…
First Bitwarden password manager update of 2025 improves password auto-fill
Bitwarden is an open source password management solution that we have mentioned and recommended several times here on this site in the past. The developers have released the first major update of […] Thank you for being a Ghacks reader.…
FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches
The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to develop and implement a comprehensive information security program. This decision comes in response to allegations that the prominent web hosting company has consistently failed to adequately…
New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware
Botnets are the networks of compromised devices that have evolved significantly since the internet’s inception. Threat actors exploit vulnerabilities to control these devices remotely by leveraging them for malicious activities. These activities range from spamming to launching devastating distributed denial-of-service…
AIRASHI Botnet Exploiting 0DAY Vulnerabilities In Large Scale DDoS Attacks
AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024 that leveraged a 0DAY vulnerability on cnPilot routers and used RC4 encryption for sample strings. After a brief pause in September, the botnet reappeared in…
The Truth of the Matter: Scammers Targeting Truth Social Users
Key Data Threat actors immediately target new Truth Social users — Netcraft received more than 30 messages within hours of creating an account. Truth Social’s structure gives threat actors easy access to target groups with more than 100,000 members. Advance…
Google Ads Under Attack: Criminals Exploit Accounts for Profit
The Great Google Ads Heist: Criminals Ransack Advertiser Accounts via Fake Google Ads In a recent cybercrime scheme,… The post Google Ads Under Attack: Criminals Exploit Accounts for Profit appeared first on Hackers Online Club. This article has been indexed…
A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More
US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AI—and takes a swipe at Microsoft’s dominance. This article has been indexed from Security Latest Read the original article:…
Infoseccer: Private security biz let guard down, exposed 120K+ files
Assist Security’s client list includes fashion icons, critical infrastructure orgs A London-based private security company allegedly left more than 120,000 files available online via an unsecured server, an infoseccer told The Register.… This article has been indexed from The Register…
2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records
In 2024 organizations informed the US government about 585 healthcare data breaches affecting a total of nearly 180 million user records. The post 2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records appeared first on SecurityWeek. This…
IT Security News Hourly Summary 2025-01-16 12h : 10 posts
10 posts were published in the last hour 10:34 : Thousands of PHP-based Web Applications Exploited to Deploy Malware 10:34 : New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) 10:12 : Fehlerquelle OAuth: Daten von Mitarbeitern gescheiterter Start-ups gefährdet 10:12…
Thousands of PHP-based Web Applications Exploited to Deploy Malware
A significant cybersecurity threat has emerged, threatening the integrity of thousands of PHP-based web applications. A report from Imperva Threat Research has unveiled a sophisticated campaign where malicious actors are exploiting vulnerabilities in these applications to deploy malware, particularly with…
New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability…
Fehlerquelle OAuth: Daten von Mitarbeitern gescheiterter Start-ups gefährdet
Fehlerquelle OAuth – wer seine Domains nicht korrekt schließt, riskiert Datenleck. Spätere Abhilfe gibt es nicht. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Fehlerquelle OAuth: Daten von Mitarbeitern gescheiterter Start-ups gefährdet
Codefinger-Ransomware verschlüsselt Amazon-S3-Buckets
Die Ransomware Codefinger verschlüsselt Daten in Amazon-S3-Buckets. Im Darknet kursieren viele AWS-Zugänge, die Tür und Tor dafür öffnen. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Codefinger-Ransomware verschlüsselt Amazon-S3-Buckets