Ein Pufferüberlauf in Microsoft Office lässt Angreifer Schadcode einschleusen. Patches stehen bereit. Die lohnen sich auch wegen anderer Lücken. (Sicherheitslücke, Microsoft) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Jetzt patchen: Schadcode-Lücke gefährdet unzählige Office-Nutzer
CISA Warns of Exploitable Fast FAT Vulnerability in Microsoft Windows
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in the Microsoft Windows Fast FAT File System Driver. This vulnerability, identified as CVE-2025-24985, poses a significant threat as it involves an integer overflow or…
PowerSchool Portal Compromised Months Before Massive Data Breach
Hackers used compromised credentials to access PowerSchool’s PowerSource portal months before the December 2024 data breach. The post PowerSchool Portal Compromised Months Before Massive Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
NIST selects HQC as backup algorithm for post-quantum encryption
Last year, NIST standardized a set of encryption algorithms that can keep data secure from a cyberattack by a future quantum computer. Now, NIST has selected a backup algorithm that can provide a second line of defense for the task…
Pentesters: Is AI Coming for Your Role?
We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers…
[NEU] [mittel] Ivanti Neurons for MDM: Schwachstelle ermöglicht Umgehung von Sicherheitsvorkehrungen
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Ivanti Neurons for MDM ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Ivanti Neurons for…
[NEU] [hoch] Microsoft Azure: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Microsoft Azure und Microsoft Azure CLI ausnutzen, um erhöhte Privilegien zu erlangen oder beliebigen Programmcode auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel:…
The Rising Threat of API Attacks: How to Secure Your APIs in 2025
API attacks are constantly on the rise, with a recent alarming study showing that 59% of organizations give… This article has been indexed from Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News Read the original article: The Rising…
CISA Warns of Microsoft Windows Win32 Kernel Subsystem Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) highlighted a critical vulnerability affecting the Microsoft Windows Win32 kernel subsystem. Identified as CVE-2025-24983, this use-after-free vulnerability in the Win32k component could potentially allow an authorized attacker to locally elevate privileges. The vulnerability…
China, Russia, Iran, and North Korea Intelligence Sharing
Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op: Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have…
Webinar Today: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks
How hyper agenda-driven threat actors, cybercriminals, and nation-states integrate digital, narrative, and physical attacks to target organizations through their executives. The post Webinar Today: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks appeared first on SecurityWeek. This article…
Viele Unternehmen nicht auf KI-gestützte Cyberangriffe vorbereitet
Deutsche Unternehmen sehen KI-basierte Cyberangriffe zwar als große Gefahr, aber hinken in der Vorbereitung noch hinterher. Dieser Artikel wurde indexiert von IT-News Cybersicherheit – silicon.de Lesen Sie den originalen Artikel: Viele Unternehmen nicht auf KI-gestützte Cyberangriffe vorbereitet
March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days
Microsoft’s March 2025 Patch Tuesday fixes six actively exploited zero-day vulnerabilities, including critical RCE and privilege escalation flaws. Learn how these vulnerabilities impact Windows systems and why immediate patching is essential. This article has been indexed from Hackread – Latest…
Microsoft Patch Tuesday March 2025 – 6 Actively Exploited Zero-Days & 57 Vulnerabilities Are Fixed
Microsoft has rolled out its March 2025 Patch Tuesday update, addressing a total of 57 vulnerabilities across its software ecosystem, including 6 actively exploited Zero-day vulnerabilities. This release includes fixes for: Issued on the second Tuesday of each month, this…
Java Axios Package Vulnerability Threatens Millions of Servers with SSRF Exploit
A critical security issue has been identified in the Axios package for JavaScript, which poses significant risks to millions of servers due to server-side request forgery (SSRF) and credential leakage. This vulnerability occurs when absolute URLs are used in Axios…
DCRat Malware Spreading via YouTube to Steal Login Credentials
Cybersecurity researchers have identified a renewed wave of attacks involving the Dark Crystal RAT (DCRat), a dangerous remote access Trojan that has resurfaced through a Malware-as-a-Service (MaaS) model. Attackers are actively targeting gamers by distributing malicious software disguised as gaming…
Fully Undetected Anubis Malware Enables Hackers to Execute Remote Commands
A recent alert has highlighted the emergence of the AnubisBackdoor, a Python-based backdoor attributed to the Savage Ladybug group, which is reportedly linked to the notorious FIN7 cybercrime gang. This malware is designed to provide remote access, execute commands, and…
Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account
A disturbing trend of sophisticated attacks recently detected by researchers specifically designed to evade multi-factor authentication (MFA) protections. These advanced techniques, which exploit vulnerabilities in authentication workflows rather than the authentication factors themselves, have enabled attackers to gain unauthorized access…
Android devices track you before you even sign in
Google spies on Android device users, starting from even before they have logged in to their Google account. This article has been indexed from Malwarebytes Read the original article: Android devices track you before you even sign in
Industry Moves for the week of March 10, 2025 – SecurityWeek
Explore industry moves and significant changes in the industry for the week of March 10, 2025. Stay updated with the latest industry trends and shifts. This article has been indexed from SecurityWeek Read the original article: Industry Moves for the…
US Hasn’t Determined Who Was Behind Cyberattack That Caused Outage on Musk’s X
US officials have not determined who was behind an apparent cyberattack on the social media site X that limited access to the platform for thousands of users. The post US Hasn’t Determined Who Was Behind Cyberattack That Caused Outage on…
IT Security News Hourly Summary 2025-03-12 12h : 12 posts
12 posts were published in the last hour 10:36 : Webkit / Apple : Schwachstelle ermöglicht Umgehung von Sicherheitsmechanismen 10:36 : Windows-Systeme gefährdet: Remotedesktopdienste anfällig für Schadcodeattacken 10:36 : [UPDATE] [mittel] OpenSC: Schwachstelle ermöglicht Offenlegung von Informationen 10:36 : [UPDATE]…
Webkit / Apple : Schwachstelle ermöglicht Umgehung von Sicherheitsmechanismen
In Apple-Geräten gibt es eine Sicherheitslücke im WebKit, das für das Anzeigen von Webseiten zuständig ist. Durch diesen Fehler kann eine manipulierte Webseite Schutzmechanismen umgehen und auf Bereiche des Systems zugreifen, die eigentlich abgesichert sein sollten. Ein Angreifer kann diese…
Windows-Systeme gefährdet: Remotedesktopdienste anfällig für Schadcodeattacken
Ein erfolgreicher Angriff erfordert keinerlei Nutzerinteraktion auf dem Zielsystem. Betroffen sind Windows 10 und 11 sowie alle Server-Varianten. (Sicherheitslücke, Microsoft) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Windows-Systeme gefährdet: Remotedesktopdienste anfällig für Schadcodeattacken