Google hat zwei Fehler behoben, durch die die E-Mail-Adressen aller Youtube-Nutzer unbemerkt abrufbar waren. Zwei Forscher demonstrieren den Angriff. (Youtube, Google) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Google-API ausgetrickst: Über Youtube zu den…
Clop Ransomware lurks within the network, exploiting it for extended periods
In most cases, thieves disappear after successfully stealing money, goods, or valuable data. However, in the world of cybercrime, particularly with ransomware attacks, the scenario is quite different. Unlike traditional theft where the criminal takes the stolen items and vanishes,…
RedNote App Security Flaw Exposes User Files on iOS and Android Devices
Serious security vulnerabilities have been uncovered in the popular social media and content-sharing app, RedNote, compromising the privacy and security of millions of users globally. Researchers revealed critical flaws allowing attackers to intercept sensitive user data, access device files, and…
New Malware Exploiting Outlook as a Communication Channel via the Microsoft Graph API
A newly discovered malware, named FINALDRAFT, has been identified leveraging Microsoft Outlook as a command-and-control (C2) communication channel through the Microsoft Graph API. This sophisticated malware was uncovered by Elastic Security Labs during an investigation targeting a foreign ministry. The…
Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability
Google has released a Chrome 133 update to address four high-severity vulnerabilities reported by external researchers. The post Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software
Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1…
IT Security News Hourly Summary 2025-02-13 12h : 20 posts
20 posts were published in the last hour 10:32 : Elon Musk’s X To Pay Donald Trump $10m To Settle Lawsuit 10:32 : I tested 10 AI content detectors – and these 3 correctly identified AI text every time 10:32…
Elon Musk’s X To Pay Donald Trump $10m To Settle Lawsuit
X agrees settlement with Donald Trump, after his lawsuit over account suspension for his role in 6 January 2021 attack on US Capitol This article has been indexed from Silicon UK Read the original article: Elon Musk’s X To Pay…
I tested 10 AI content detectors – and these 3 correctly identified AI text every time
Some detectors are better at spotting AI-written text than others. Here’s why these mixed results matter. This article has been indexed from Latest stories for ZDNET in Security Read the original article: I tested 10 AI content detectors – and…
IIoT Security Threats Reshape Factory Protection Strategies
Modern factories are increasingly relying on Industrial Internet of Things (IIoT) solutions. This shift is beneficial in many regards, including higher efficiency and transparency, but it also introduces unique cybersecurity concerns. Better vulnerability management for IIoT systems is essential if…
New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API
A new family of malware has been discovered that leverages Microsoft Outlook as a communication channel via the Microsoft Graph API. This sophisticated malware includes a custom loader and backdoor, known as PATHLOADER and FINALDRAFT, respectively. The malware is part…
North Korea Targets Crypto Devs Through NPM Packages
SecurityScorecard has uncovered a sophisticated campaign linked to North Korea’s Lazarus Group, distributing crypto-stealing malware This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korea Targets Crypto Devs Through NPM Packages
Google Chrome: Mehrere Schwachstellen
Es bestehen mehrere Schwachstellen in Google Chrome. Ein Angreifer kann diese Schwachstellen ausnutzen, um Systeme zum Absturz zu bringen, Schadcode auszuführen, Daten zu ändern, Nutzer zu täuschen oder Informationen zu stehlen. Einige der Schwachstellen erfordern die Interaktion des Nutzers, um…
Neue Video-KI von Bytedance: Was Goku kann und wie es sich im Vergleich mit OpenAIs Sora schlägt
OpenAI könnte jetzt auch Konkurrenz vom Tiktok-Konzern Bytedance bekommen. Das Unternehmen hat ein neues KI-Modell namens Goku veröffentlicht, das realistische Bilder und Videos generieren soll. Die ersten Ergebnisse zeigen wir euch hier. Dieser Artikel wurde indexiert von t3n.de – Software…
Wie große Menschenmengen in einen Strudel geraten: KI-Modell sagt Bewegungsmuster voraus
Je größer die Menschenmenge, desto unberechenbarer ist sie. Doch eine neue Studie zeigt, dass es offenbar eine kritische Schwelle gibt, an der die Menschen in einen unbewussten Strudel geraten. Diese Erkenntnis könnte helfen, vorab Warnungen bei Veranstaltungen zu geben. Dieser…
OpenAI will mit GPT-5 die Abo-Struktur ändern – warum das für Gratis-Nutzer eine gute Nachricht ist
OpenAI-CEO Sam Altman will die Nutzung von ChatGPT vereinfachen. Künftig soll der Chatbot alle unterschiedlichen KI-Modelle des Unternehmens in sich vereinen. Auch Gratis-User:innen sollen unbegrenzten Zugang darauf bekommen. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie…
Patchday: Intel schließt Sicherheitslücken in CPUs und Grafiktreibern
Es sind wichtige Updates für verschiedene Produkte von Intel erschienen. Admins sollten sie zeitnah installieren. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Patchday: Intel schließt Sicherheitslücken in CPUs und Grafiktreibern
[NEU] [UNGEPATCHT] [hoch] D-LINK Router: Schwachstelle ermöglicht Codeausführung
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in D-LINK Router ausnutzen, um beliebigen Programmcode auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [UNGEPATCHT] [hoch] D-LINK Router: Schwachstelle ermöglicht…
[NEU] [hoch] Google Chrome: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, Daten zu manipulieren, Spoofing-Angriffe durchzuführen, vertrauliche Informationen preiszugeben und andere nicht spezifizierte Auswirkungen zu verursachen. Dieser Artikel wurde indexiert von BSI Warn-…
Threat Actors Exploiting DeepSeek’s Popularity to Deploy Malware
The meteoric rise of DeepSeek, a Chinese AI startup, has not only disrupted the AI sector but also attracted the attention of cybercriminals. Following the release of its open-source model, DeepSeek-R1, on January 20, 2025, the platform experienced exponential growth,…
Winnti Hackers Attacking Japanese Organisations with New Malware
The China-based Advanced Persistent Threat (APT) group known as the Winnti Group, also referred to as APT41, has launched a new cyberattack campaign targeting Japanese organizations in the manufacturing, materials, and energy sectors. Dubbed “RevivalStone,” this campaign employs a novel…
China’s Salt Typhoon hackers continue to breach telecom firms despite US sanctions
Threat intelligence firm Recorded Future said it had observed Salt Typhoon breaching 5 telcos between December 2024 and January 2025. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch…
KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques
Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors. Dubbed “SysBumps,” this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed to protect kernel memory from…
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource
Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs). Dubbed the “whoAMI” attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized code execution within AWS accounts. …