Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Ethernet Controller ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Intel Ethernet…
[UPDATE] [hoch] ffmpeg: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ffmpeg ausnutzen, um einen Denial of Service Angriff durchzuführen, vertrauliche Informationen offenzulegen oder beliebigen Code auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den…
Fernzugriff: Ivanti Secure Access Client als Einfallstor für Angreifer
Ein Sicherheitsupdate schließt unter Windows eine Lücke in Ivanti Secure Access Client. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Fernzugriff: Ivanti Secure Access Client als Einfallstor für Angreifer
KB5053598: Windows-11-Update verärgert wieder einmal Nutzer
Das jüngste Update für Windows 11 24H2 macht erneut Probleme. Nutzer beklagen Installationsfehler, Bluescreens und RDP-Verbindungsabbrüche. (Windows 11, Microsoft) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: KB5053598: Windows-11-Update verärgert wieder einmal Nutzer
Corero Network Security expands AI capabilities across its portfolio
Corero Network Security announced the strategic advancement of AI capabilities across its product portfolio and operations—building on a long-standing legacy of intelligent, adaptive security solutions. For years, Corero’s SmartWall ONE platform has delivered automated, real-time DDoS protection powered by advanced…
Cloud im Zutrittsmanagement: Anspruch versus Realität
Cloudbasierte Zutrittslösungen stellen ein zentrales Thema für die Sicherheit von Gebäuden dar. Klassische Systeme stoßen hier häufig an ihre Grenzen stoßen. Ein Kommentar von Michael Stuer von Portier. Dieser Artikel wurde indexiert von Newsfeed Lesen Sie den originalen Artikel: Cloud…
Sicherheitsupdates: Zoom-Apps können Angreifern als Sprungbrett dienen
Zoom Rooms Controller, Workplace & Co. sind unter verschiedenen Betriebssystemen angreifbar. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Sicherheitsupdates: Zoom-Apps können Angreifern als Sprungbrett dienen
Wie speichert man Kryptowährung nach dem Bybit-Hack? | Offizieller Blog von Kaspersky
Warum sich Kryptobörsen nur schwer vor gezielten Angriffen schützen können, und wie man Kryptowährungen sicher speichert. Dieser Artikel wurde indexiert von Offizieller Blog von Kaspersky Lesen Sie den originalen Artikel: Wie speichert man Kryptowährung nach dem Bybit-Hack? | Offizieller Blog…
Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware
A cybersecurity researcher has successfully broken the encryption used by the Linux/ESXI variant of the Akira ransomware, enabling data recovery without paying the ransom demand. The breakthrough exploits a critical weakness in the ransomware’s encryption methodology. According to the researcher,…
U.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown
The U.S. Department of Justice has charged Rostislav Panev, a dual Russian and Israeli national, for his role as a developer of the notorious LockBit ransomware group. Panev, 51, was arrested in Israel in August following a U.S. provisional arrest…
IT Security News Hourly Summary 2025-03-14 09h : 4 posts
4 posts were published in the last hour 7:35 : CISA Releases Security Advisory on 13 Industrial Control System Threats 7:34 : New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions 7:34 : Medusa ransoms infrastructure, Google breakup sought, more…
CISA Releases Security Advisory on 13 Industrial Control System Threats
CISA issued thirteen Industrial Control Systems (ICS) advisories, highlighting current security issues and vulnerabilities in various systems. These advisories are crucial for maintaining the security and integrity of industrial operations. The affected products primarily include several Siemens systems, along with…
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware (as coined by Microsoft) that’s designed…
Medusa ransoms infrastructure, Google breakup sought, more Booking.com phishing
Medusa ransomware continues to attack infrastructure DoJ seeks to break up Google Another phishing campaign hits Booking.com Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time…
Cyber Security Madness In The US Government: Cyber Security Today for March 14, 2025
Cybersecurity Madness: Halting Operations, Google Gemini, and Fake Captchas In this episode, host Jim Love delves into controversial cybersecurity decisions and the latest trends. The US government’s directive to halt offensive cyber operations against Russia sparks debate about national security.…
Anzeige: Effektives IT-Störungsmanagement bei Cybervorfällen
Die Auswirkungen von Cyberattacken lassen sich durch ein gezieltes Erstreaktionsmanagement erheblich mindern. Ein Intensiv-Workshop vermittelt, wie IT-Forensik, Schadensanalysen und Risikobewertung eingesetzt werden. (Golem Karrierewelt, Sicherheitslücke) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Anzeige: Effektives…
New Microsoft 365 Attack Leverages OAuth Redirection for Credential Theft
Threat researchers at Proofpoint are currently tracking two sophisticated and highly targeted cyber-attack campaigns that are utilizing OAuth redirection mechanisms to compromise user credentials. These attacks combine advanced brand impersonation techniques with malware proliferation, focusing on Microsoft 365-themed credential phishing…
DeepSeek Can Be Abused to Create Malware
In a recent investigation, Tenable researchers explored how DeepSeek, a large language model (LLM) built by a Chinese company, can be exploited to generate malware, including keyloggers and ransomware, despite its initial refusal to engage in harmful activities. Unlike popular…
Microsoft Uncovers New XCSSET macOS Malware Variant Targeting Xcode Projects
Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that targets Xcode projects. The malware was found in the wild during routine threat hunting and is the first known XCSSET variant to surface since…
SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware
Between late January and early March 2025, cybersecurity researchers at Forescout’s Vedere Labs uncovered a series of sophisticated intrusions leveraging critical Fortinet vulnerabilities. The attacks, attributed to a newly identified threat actor tracked as “Mora_001,” culminated in the deployment of…
No, there isn’t a world ending Apache Camel vulnerability
Posts have been circulating publicly on the internet for several days about a “critical”, end of the world “zero day” in Apache Camel, CVE-2025–27636. Many of the posts explained in specific detail about how to exploit the vulnerability — despite the fact…
FBI alerts Gmail users over Medusa Ransomware
The FBI, America’s federal law enforcement agency, has issued an urgent warning to all Gmail users about an ongoing hacking campaign carried out by the operators of Medusa Ransomware. According to the FBI, this cybercriminal group is notorious for encrypting…
Decrypting Akira Ransomware on Linux/ESXi Without Paying Hackers
A team successfully decrypted an instance of the Akira ransomware on Linux/ESXi systems without succumbing to the hackers’ demands. This achievement not only underscores the ingenuity of cybersecurity experts but also serves as a powerful message to those who rely…
Volt Typhoon Found Inside Massachusetts Electric Utility for Nearly a Year
Industrial cybersecurity firm Dragos has revealed that a small electric and water utility in Massachusetts was breached by a sophisticated Chinese Advanced Persistent Threat (APT) group for over 300 days. The attack targeted Littleton Electric Light and Water Departments (LELWD),…