In late 2023, the online jewellery store GLAMIRA suffered a data breach they attributed to "an unauthorised individual [who] briefly accessed one of our servers". The data was subsequently published on a popular hacking forum and included 875k email addresses,…
The Critical Risk of Using Dummy Email Domains in Payment Gateways
During our recent security assessments across multiple clients, we discovered a concerning pattern: many companies are unknowingly exposing their customers’ sensitive payment information through a simple yet critical misconfiguration in… The post The Critical Risk of Using Dummy Email Domains…
Neu bei Whatsapp: Mit diesen 4 Funktionen holst du mehr aus dem Messenger heraus
Whatsapp legt stetig neue Funktionen nach. Da kann man schon einmal den Überblick verlieren. Wir zeigen euch die aktuellen Neuheiten. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen Artikel: Neu bei Whatsapp: Mit diesen…
Drogenkriminalität bekämpfen: Europas Häfen kooperieren
Die Zusammenarbeit europäischer Häfen im Kampf gegen Drogenkriminalität wird intensiviert. Das wurde beim „Three Ports Summit“ beschlossen. Was bedeutet das konkret und welche Rolle spielt die EU-Kommission? Dieser Artikel wurde indexiert von Newsfeed Lesen Sie den originalen Artikel: Drogenkriminalität bekämpfen:…
Authentifizierung von IBM Db2 unter Cloud Pak for Data umgehbar
IBMs Datenbanksysteme Db2 und Db2 Warehouse sind unter der Daten- und KI-Plattform Cloud Pak for Data attackierbar. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Authentifizierung von IBM Db2 unter Cloud Pak for Data umgehbar
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed…
China hacks Treasury, Russian tanker sabotage, Lumen ejects Typhoon
Beijing-linked hackers penetrated U.S. Treasury systems Russian tanker suspected of undersea data cable sabotage Lumen says it has locked the Salt Typhoon group out of its network Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks…
IT Security News Hourly Summary 2025-01-03 09h : 8 posts
8 posts were published in the last hour 8:5 : 3,1 Millionen bösartige Fake-Sterne auf GitHub entdeckt – Tendenz steigend 8:4 : TotalAV VPN vs Surfshark: Which VPN Should You Choose? 7:33 : Critical Deadline: Update Old .NET Domains Before…
3,1 Millionen bösartige Fake-Sterne auf GitHub entdeckt – Tendenz steigend
In einer umfassenden Studie ist ein US-Forschungsteam auf Millionen Fake-Sterne bei GitHub gestoßen und warnt vor einem rasant steigenden Trend. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: 3,1 Millionen bösartige Fake-Sterne auf GitHub entdeckt –…
TotalAV VPN vs Surfshark: Which VPN Should You Choose?
TotalAV combines a simple VPN with antivirus software, while Surfshark offers a standalone VPN with better features and faster speeds. This article has been indexed from Security | TechRepublic Read the original article: TotalAV VPN vs Surfshark: Which VPN Should…
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. “We expect that most users will not be directly affected, however, it is…
Vergleich wegen Datenschutzverletzung: Apple zahlt 95 Millionen Dollar wegen illegaler Siri-Aufnahmen
Apple hat eine Vergleichsvereinbarung über 95 Millionen US-Dollar wegen nicht autorisierter Sprachaufzeichnungen durch Siri erzielt. (Apple, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Vergleich wegen Datenschutzverletzung: Apple zahlt 95 Millionen Dollar wegen illegaler…
SwaetRAT Delivery Through Python, (Fri, Jan 3rd)
We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior[1] and a low Virustotal score (7/61). It targets Microsoft Windows hosts because it starts by loading all libraries required…
Apple accused of collecting user data from Siri queries
Virtual assistants have become indispensable in our daily lives, transforming how we interact with technology. By simply speaking a few words or phrases, we can access vast amounts of information, schedule appointments, or even get personalized recommendations. One of the…
Apple Agrees to $95M Settlement Over Siri Privacy Lawsuit
Apple Inc. has agreed to pay $95 million to settle a proposed class-action lawsuit alleging that its Siri voice assistant infringed on users’ privacy by recording private conversations without their consent. The preliminary settlement, filed in federal court in Oakland,…
NTT Docomo Hit by DDoS Attack, Services Disrupted for 11 Hours
NTT Docomo, one of Japan’s leading telecommunications and IT service providers, experienced a massive disruption on January 2, 2025, after a Distributed Denial of Service (DDoS) attack targeted its network infrastructure. The attack resulted in widespread service irregularities affecting customers…
Anzeige: So funktioniert Penetration Testing
Penetration Testing wird eingesetzt, um IT-Systeme effektiv abzusichern. Eine praxisorientierte Einführung in die Methoden und Techniken zum Aufspüren und Schließen von Sicherheitslücken bietet ein zweitägiger Workshop. (Golem Karrierewelt, Sicherheitslücke) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den…
Diving into Azure Lateral Movement with Pass-the-PRT
One of the most concerning attack methods I’ve come across recently is ‘Pass-the-PRT.’ It’s not the most likely of cyberattacks, but if successful – your organization’s security is in trouble. And that’s precisely what makes it dangerous—it leverages legitimate authentication…
Hackers Use Russian Domains for Phishing Attacks
The latest research has found a sharp rise in suspicious email activities and a change in attack tactics. If you are someone who communicates via email regularly, keep a lookout for malicious or unusual activities, it might be a scam.…
iTerm2 Emulator Vulnerability Let Attackers Access Sensitive User Data
A critical vulnerability discovered in the popular macOS terminal emulator iTerm2 has raised concerns among cybersecurity experts and software users. The flaw, which could allow malicious attackers to access sensitive user data, underscores the importance of timely updates and vigilant…
Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations
Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users’ privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based…
Cloudflare’s VPN app among half-dozen pulled from Indian app stores
More than half-a-dozen VPN apps, including Cloudflare’s widely-used 1.1.1.1, have been pulled from India’s Apple App Store and Google Play Store following intervention from government authorities, TechCrunch has learned. The Indian Ministry of Home Affairs issued removal orders for the…
The modern CISO is a cornerstone of organizational success
The chief information security officer (CISO) role has undergone a remarkable transformation, evolving from a purely technical position to a role that bridges business strategy, operational efficiency, and cybersecurity. The post The modern CISO is a cornerstone of organizational success…
2024 Year in Review (Part 2)
July AT&T announced (in a financial filing) the discovery of a data breach dating back to 2023 that affects almost every AT&T customer. “The stolen data also includes call records of customers with phone service from other cell carriers that…