Es sind wichtige Sicherheitsupdates für Azure, Office, Windows und Co. erschienen. Es gibt bereits Attacken. Weitere können bevorstehen. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Microsoft-Patchday: Angreifer attackieren Windows und löschen Daten
Ivanti: Kritische Codeschmuggel-Lücken in VPN und CSA
In Ivantis VPN-Software ICS, IPS und ISAC sowie in Ivanti CSA klaffen kritische Sicherheitslecks. Angreifer können Schadcode unterjubeln. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Ivanti: Kritische Codeschmuggel-Lücken in VPN und CSA
Safer Internet Day – Getting Serious With Passwords
To celebrate Safer Internet Day (SID) and raise further awareness around promoting the safe and positive use of digital technology for the theme “Together for a better Internet,” we’ve decided to focus on a critical element within security that many…
Sandworm APT Hackers Weaponize Microsoft KMS Activation Tools To Compromise Windows
In a sophisticated cyber-espionage operation, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows users. The campaign, which began…
Ratatouille Malware Bypass UAC Control & Exploits I2P Network to Launch Cyber Attacks
A newly discovered malware, dubbed “Ratatouille” (or I2PRAT), is raising alarms in the cybersecurity community due to its sophisticated methods of bypassing User Account Control (UAC) and leveraging the Invisible Internet Project (I2P) network for anonymous Command and Control (C2)…
Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office…
Microsoft Secure Boot Security 0-Day Lets Attackers Steal The Admin Credentials
A significant security vulnerability, identified as CVE-2023-24932, has been discovered in Microsoft’s Secure Boot feature. This vulnerability allows attackers to bypass Secure Boot, potentially leading to the theft of admin credentials. The vulnerability was first disclosed on May 9, 2023,…
Scammers Exploit DeepSeek Hype: Cyber Security Today for Wednesday, February 12, 2025
Scammers Exploit DeepSeek Hype & Jailbreak OpenAI’s O3 Mini – TechNewsDay Update In this episode, we uncover how scammers are exploiting the recent hype around DeepSeek, a new AI model, by creating fake websites, counterfeit cryptocurrency tokens, and malware-laced downloads.…
IT Security News Hourly Summary 2025-02-12 09h : 8 posts
8 posts were published in the last hour 7:33 : Patchday Microsoft: Angreifer attackieren Windows und löschen Daten 7:32 : Democratizing Cybersecurity for Small IT Teams 7:32 : Hackers Can Exploit “Wormable” Windows LDAP RCE Vulnerability for Remote Attacks 7:32…
Patchday Microsoft: Angreifer attackieren Windows und löschen Daten
Es sind wichtige Sicherheitsupdates für Azure, Office, Windows und Co. erschienen. Es gibt bereits Attacken. Weitere können bevorstehen. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Patchday Microsoft: Angreifer attackieren Windows und löschen Daten
Democratizing Cybersecurity for Small IT Teams
A significant number of small businesses remain unprotected against cyber threats due to a lack of dedicated security budgets. Research indicates that 47% of businesses with fewer than 50 employees allocate no budget to cybersecurity, while 51% have no security…
Hackers Can Exploit “Wormable” Windows LDAP RCE Vulnerability for Remote Attacks
A critical new vulnerability in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP), tagged as CVE-2025-21376, has recently come to light, raising alarms across global cybersecurity circles. The flaw, which has been classified as “critical,” could allow remote attackers to execute…
Inside the Söze Syndicate: MFA Flaws, and the Battle for SMB Security
Small and medium-sized businesses are highly vulnerable to Business Email Compromise (BEC) attacks. Threat actors are evolving, exploiting human error and trust while leveraging automation tools and AI. To shed light on this evolving threat, Information Security Buzz spoke with…
DeepSeek: Große Sicherheitsbedenken gegen chinesische KI
Die chinesische KI DeepSeek zählt zu den populären Anwendungen in den App Stores. Sicherheitsbehörden, Datenschützer und IT-Fachleute sehen erhebliche Risiken. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: DeepSeek: Große Sicherheitsbedenken gegen chinesische KI
Google Chrome’s Safe Browsing Now Protects 1 Billion Users Worldwide
Google’s Safe Browsing technology now ensures enhanced protection for over 1 billion Chrome users worldwide. Launched in 2005, Safe Browsing is a robust system designed to safeguard users from phishing, malware, scams, and other cyber threats. By leveraging advanced artificial…
DeepSeek-R1: A Smorgasbord of Security Risks
In the short time since its debut, DeepSeek has made waves in the AI industry, garnering praise as well as scrutiny. The model’s meteoric rise has fueled debate over its claimed efficiency, intellectual property worries, and its general reliability and…
Ransomware Payments Fall 35%
Ransomware payments decreased by 35.82% year-over-year (YoY) in 2024, research from Chainalysis has revealed. The blockchain analytics company attributes much of this decrease to increased law enforcement actions, improved international collaboration, and a growing refusal of victims to pay. While,…
California students DOGE data privacy Lawsuit and sanctions on Russian Zservers
California Students File Lawsuit Against DOGE Over Data Privacy Concerns A group of students affiliated with the U.S. Department of Education has filed a lawsuit against the newly established Department of Government Efficiency (DOGE), alleging the agency unlawfully accessed their…
Tactics to take up implied cyber threat hunting- proactive strategies to smartly thrwat hidden cyber risks
In the ever-evolving landscape of cybersecurity, detecting and responding to threats has become more complex. One of the more advanced techniques gaining traction is implied cyber threat hunting. Unlike traditional threat hunting, which often involves reacting to known threats and…
UK and US refuse to sign international AI declaration
The UK and the US have opted not to sign an international agreement on artificial intelligence (AI) at a global summit held in Paris. The declaration—endorsed by multiple countries including France, China, and India—commits to an “open,” “inclusive,” and “ethical”…
8Base: Vier Festnahmen und 17 Server in Deutschland beschlagnahmt
Strafverfolgungsbehörden aus 14 Ländern haben vier Anführer der Ransomware-Gruppe 8Base festgenommen. Weltweit hat die Gruppe hohe Lösegeldsummen erpresst. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: 8Base: Vier Festnahmen und 17 Server in Deutschland beschlagnahmt
“Passwort” Folge 25: Staatlich sanktionierte Schnüffelsoftware
Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware – und das in staatlichem Auftrag. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: “Passwort” Folge 25: Staatlich sanktionierte Schnüffelsoftware
Anzeige: BSI-Vorfall-Experte werden – jetzt mit 15 Prozent Rabatt
Der Workshop der Golem Karrierewelt bereitet IT-Sicherheitsprofis gezielt auf die Rolle als BSI-Vorfall-Experte im Cyber-Sicherheitsnetzwerk vor – inklusive praxisnaher Übungen und Fallstudien. Jetzt zum Aktionspreis. (Golem Karrierewelt, Sicherheitslücke) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen…
Critical Ivanti CSA Vulnerability Allows Attackers Remote Code Execution to Gain Restricted Access
A critical vulnerability has been discovered in the Ivanti Cloud Services Application (CSA), potentially allowing attackers to execute remote code and access restricted functionality. Ivanti has released an urgent security update to address the issues, tracked as CVE-2024-47908 and CVE-2024-11771,…