I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the…
Google Releases Open Source Library for Software Composition Analysis
Google releases OSV-SCALIBR, an open source library for software composition analysis and file system scanning. The post Google Releases Open Source Library for Software Composition Analysis appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Star Blizzard Targets WhatsApp in New Campaign
Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement This article has been indexed from www.infosecurity-magazine.com Read the original article: Star Blizzard Targets WhatsApp…
How to Negotiate Your NIS2 Fine or Completely Avoid the Risk
In the next few years, a growing number of organizations across Europe will face investigations for non-compliance with the NIS2 Directive. If they are found to have poor cybersecurity practices, they may well be forced to pay multi-million Euro fines…
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People’s Republic of Korea (DPRK) by dispatching IT workers around the world…
New ‘Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that’s capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky…
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing…
Partnerangebot: KonzeptAcht GmbH – „Risikomanagement mit dem Tool MONARC“
Im Partnerbeitrag der KonzeptAcht GmbH geht es um Risikomanagement mit dem Tool MONARC (Optimised Risk Analysis Method). MONARC, welches von nc3.lu entwickelt und unter Open Source Lizenz vertrieben wird, bietet eine Methodik für Risikoanalysen auf der Basis von ISO/IEC 27005…
ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems
Researchers detailed a now-patched vulnerability that could allow a bypass of the Secure Boot mechanism in UEFI systems. ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism…
US Announces Sanctions Against North Korean Fake IT Worker Network
The US Treasury has sanctioned two individuals and four entities involved in the North Korean fake IT worker scheme. The post US Announces Sanctions Against North Korean Fake IT Worker Network appeared first on SecurityWeek. This article has been indexed…
Daten von rund 250.000 MSI-Kunden bei Have I Been Pwned
Bei einem Cybervorfall bei MSI sind 2024 offenbar zahlreiche Kundendatensätze kopiert worden. Rund 250.000 Stück hat HIBP nun aufgenommen. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Daten von rund 250.000 MSI-Kunden bei Have I Been…
(g+) Brandolinis Gesetz: Bullshit ist schwerer widerlegt als gesagt
Brandolinis Gesetz hilft dabei, weniger Zeit aufzuwenden, um Fehlinformationen richtigzustellen – und sinnlose Diskussionen zu vermeiden. (Denkpause, Softwareentwicklung) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: (g+) Brandolinis Gesetz: Bullshit ist schwerer widerlegt als gesagt
[NEU] [niedrig] ffmpeg: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in ffmpeg ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [niedrig] ffmpeg: Schwachstelle ermöglicht Offenlegung von Informationen
New Tool Unveiled to Scan Hacking Content on Telegram
A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking AI module designed to monitor and analyze content on Telegram. Known as the Apparatus Sapiens AI module, this innovative tool can search through both open and…
FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages
Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing campaigns are delivered via Telegram and use unique URLs to route users to credential-capturing counterfeit login pages. These pages masquerade as popular services and steal…
Industry Reactions to Biden’s Cybersecurity Executive Order: Feedback Friday
Industry professionals comment on the Biden administration’s new executive order on cybersecurity. The post Industry Reactions to Biden’s Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Industry Reactions…
1touch.io’s SaaS offering delivers enterprise-grade security
In an exciting development for organizations struggling with data security, 1touch.io has announced its Sensitive Data Intelligence platform as a Software-as-a-Service (SaaS) solution. This release extends 1touch.io’s powerful Contextual AI-driven data discovery and classification capabilities to a wider range of…
Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants
AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi are accused of operating unlawful data transfers to China This article has been indexed from www.infosecurity-magazine.com Read the original article: Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants
IT Security News Hourly Summary 2025-01-17 12h : 13 posts
13 posts were published in the last hour 10:35 : [NEU] [mittel] IBM InfoSphere Information Server: Schwachstelle ermöglicht Offenlegung von Informationen 10:34 : Medusa ransomware group claims attack on UK’s Gateshead Council 10:34 : How Much of Your Business is…
[NEU] [mittel] IBM InfoSphere Information Server: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM InfoSphere Information Server ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] IBM InfoSphere Information Server:…
Medusa ransomware group claims attack on UK’s Gateshead Council
Pastes allegedly stolen documents on leak site with £600K demand Another year and yet another UK local authority has been pwned by a ransomware crew. This time it’s Gateshead Council in North East England at the hands of the Medusa…
How Much of Your Business is Exposed on the Dark Web?
The dark web is a thriving underground market where stolen data and corporate vulnerabilities are openly traded. This hidden economy poses a direct and growing threat to businesses worldwide. Recent breaches highlight the danger. The post How Much of Your…
Nvidia Treiber: Mehrere Schwachstellen
Es bestehen mehrere Schwachstellen im Nvidia-Treiber, die den GPU-Display-Treiber und die vGPU-Software betreffen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren oder einen Denial-of-Service-Zustand zu erzeugen. Dieser Artikel wurde indexiert von…
D-Trust: Cyberangriff trifft Trustcenter der Bundesdruckerei
Aus einem Antragsportal der D-Trust GmbH sind potenziell personenbezogene Daten abgeflossen. Wer hinter dem Angriff steckt, ist noch unklar. (Cybercrime, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: D-Trust: Cyberangriff trifft Trustcenter der Bundesdruckerei