Ein Angreifer kann mehrere Schwachstellen in Apache Cassandra ausnutzen, um Informationen offenzulegen, oder seine Rechte zu erhöhen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Apache Cassandra: Mehrere…
[UPDATE] [hoch] libxml2: Schwachstelle ermöglicht remote Code Execution
Ein lokaler Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Code auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [hoch] libxml2: Schwachstelle ermöglicht remote Code Execution
[UPDATE] [mittel] OpenSSL: Schwachstelle ermöglicht Offenlegung von Informationen
Ein lokaler Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] OpenSSL: Schwachstelle ermöglicht Offenlegung von Informationen
[UPDATE] [mittel] Red Hat Enterprise Linux (Jinja): Mehrere Schwachstellen ermöglichen Codeausführung
Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux, Red Hat Ansible Automation Platform und Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie…
SpyCloud Pioneers the Shift to Holistic Identity Threat Protection
Austin, TX, USA, 4th February 2025, CyberNewsWire The post SpyCloud Pioneers the Shift to Holistic Identity Threat Protection appeared first on Cybersecurity Insiders. This article has been indexed from Cybersecurity Insiders Read the original article: SpyCloud Pioneers the Shift to…
Cybercriminals Exploiting HTTP Client Tools to Hijack Microsoft 365 Accounts
A recent report by Proofpoint has revealed an alarming trend of cybercriminals exploiting HTTP client tools to target Microsoft 365 accounts. These tools, originally designed for legitimate use, are now being repurposed for large-scale account takeover (ATO) attacks, employing tactics…
New FUD Malware Targets MacOS, Evading Antivirus and Security Tools
A new strain of Fully Undetectable (FUD) macOS malware, dubbed “Tiny FUD,” has emerged, showcasing sophisticated evasion techniques capable of bypassing antivirus and macOS security frameworks, including Gatekeeper and System Integrity Protection (SIP). The malware employs advanced methods, such as…
Beware of SmartApeSG Campaigns that Deliver NetSupport RAT
SmartApeSG, a FakeUpdate cyber threat, has emerged as a significant vector for delivering NetSupport RAT, a maliciously exploited remote administration tool. The campaign ensnares victims by tricking them into downloading fake browser updates, ultimately enabling attackers to gain unauthorized access…
Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Threat actors target Brazilian users by stealing…
Tangerine Turkey: Cryptocurrency Mining Worm Unveiled in Global Campaign
A new threat actor, dubbed Tangerine Turkey by Red Canary’s intelligence team, is attracting attention thanks to its sophisticated use of a Visual Basic Script (VBScript) worm that delivers a crypto mining payload. First seen in November last year, Tangerine…
Smiths Group Discloses Security Breach
Smiths Group, a multinational engineering business, has disclosed a data breach. The company, which is based in London but employees more than 15,000 people in over 50 countries, published a filing to the London Stock Exchange (LSE) on Tuesday saying…
Threat Actors Exploit DeepSeek’s Popularity to Distribute Infostealers on PyPI
Malicious actors have exploited the rising popularity of DeepSeek AI to distribute two malicious infostealer packages through the Python Package Index (PyPI), impersonating legitimate developer tools for the AI platform. Researchers at Positive Technologies discovered and reported the campaign, which…
How to Root Out Malicious Employees
Malicious employees and insider threats pose one of the biggest security risks to organizations, as these users have more access and permissions than cybercriminals attacking the organization externally. The post How to Root Out Malicious Employees appeared first on Security…
Massive Data Leak Exposes 1.5 Billion Records from Chinese Platforms and Government
One of the largest data leaks in recent history has exposed a staggering 1.5 billion records, affecting major Chinese platforms, financial institutions, and even government-related entities. The unprotected dataset, discovered by Cybernews […] Thank you for being a Ghacks reader.…
Jetzt bei HaveIBeenPwned: Daten von fast 100 Millionen Glücksspielern geleakt
Bei dem Wettanbieter 1win sind Nutzerdaten abgeflossen. Anwender können jetzt prüfen, ob sie betroffen sind – und das sind nicht wenige. (Datenleck, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Jetzt bei HaveIBeenPwned: Daten…
[NEU] [mittel] Xerox WorkCentre: Mehrere Schwachstellen
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Xerox WorkCentre ausnutzen, um Informationen offenzulegen oder Daten zu manipulieren. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Xerox WorkCentre:…
N. Korean ‘FlexibleFerret’ Malware Hits macOS with Fake Zoom, Job Scams
N. Korean ‘FlexibleFerret’ malware targets macOS with fake Zoom apps, job scams, and bug report comments, deceiving users… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: N. Korean ‘FlexibleFerret’…
Deepfakes and the 2024 US Election
Interesting analysis: We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project (source for our analysis), which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide. In…
Google Patched Linux Kernel RCE Vulnerability In Android Allow Attackers Gain Read/Write Access
Google has released its February 2025 Android Security Bulletin, which addresses 47 vulnerabilities impacting Android devices. A notable issue is a patched Linux kernel vulnerability (CVE-2024-53104) that could enable attackers to execute remote code (RCE), granting unauthorized read/write access to affected systems.…
Abandoned AWS S3 Buckets Can be Reused to Hijack Global Software Supply Chain
Researchers at WatchTowr Labs have uncovered a critical security vulnerability in abandoned Amazon Web Services (AWS) S3 buckets that could enable attackers to hijack the global software supply chain. The research highlights how these neglected cloud storage resources could facilitate…
Personal Information Compromised in GrubHub Data Breach
Food delivery firm GrubHub has disclosed a data breach impacting the personal information of drivers and customers. The post Personal Information Compromised in GrubHub Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Nymi Band 4 delivers passwordless MFA to deskless workers in OT environments
Nymi launched next-generation wearable authenticator, the Nymi Band 4, which introduces design upgrades and expanded passwordless use cases for regulated industries, while retaining its core authentication functionality. This latest development from Nymi offers industries with complex operations a handsfree solution…
Samsung Android: Mehrere Schwachstellen
Es bestehen mehrere Schwachstellen in Samsung Android. Ein lokaler Angreifer kann diese Schwachstelle in Samsung Android ausnutzen, um mehr Rechte zu erlangen, schädlichen Code einzuschleusen, das Gerät zum Absturz zu bringen oder Daten zu verändern. Einige der Schwachstellen erfordern höhere…
Jetzt bei HaveIBeenPwned: Daten von fast 100 Millionen 1win-Nutzern geleakt
Bei dem Wettanbieter 1win sind Nutzerdaten abgeflossen. Anwender können jetzt prüfen, ob sie betroffen sind – und das sind nicht wenige. (Datenleck, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Jetzt bei HaveIBeenPwned: Daten…