Sicherheitsinfos

Heise Sicherheits NewsAuf der Black-Hat-Konferenz demonstrierten Forscher drei Angriffsstrategien auf WhatsApp. Die Verschlüsselung des Messengers ist aber weiterhin intakt....

Heise Sicherheits NewsCisco hat wichtige Sicherheitspatches für verschiedene Produkte wie Adaptive Security Appliance und Webex Network Recording Player veröffentlicht....

Heise Sicherheits NewsWichtige Sicherheitsupdates schließen Lücken in Office, Windows & Co. Besonders gefährlich sind kritische Lücken in Remote Desktop Services von Windows....

Heise Sicherheits NewsAdobe hat verschiedene Anwendungen wie Creative Cloud, Experience Manager und Photoshop abgesichert....

Heise Sicherheits NewsEin Jahr lang haben die Entwickler vor allem an der Verbesserung der Paketerfassungs-Bibliothek Npcap gearbeitet....

Wie schützt man sich vor Phishing? Eine Vorsichtsmaßnahme ist ein Blick in die Adresszeile des Browsers: Nur, wenn dort die bekannte Domain zu sehen ist, handelt es sich um die echte Website. Leider gibt es aber auch hier einen Phishing-Trick.

Unicode-Feature in Browsern als Sicherheitsrisiko

Der Blogger Xudong Zheng hat jedoch ein Sicherheitsrisiko in mehreren Browsern entdeckt, durch das leider auch diese Vorsichtsmaßnahme nicht genügt: Mehrere Browser – Chrome, Firefox und Opera – bieten das eigentlich praktische Feature, Unicode-Zeichen auch in der Adresszeile als solche anzuzeigen. So ist es beispielsweise möglich, chinesische Schriftzeichen für die URL chinesischer Websites anzuzeigen. Der Browser „übersetzt“ eine ASCII-Zeichenfolge also in die nicht-lateinische Schrift.

Nun gibt es aber Unicode-Zeichen, die zumindest in gängigen Schriftarten genauso aussehen wie lateinische Buchstaben –beispielsweise kyrillische Buchstaben. Zheng nennt das kyrillische а (U+0430) als Beispiel, das wie das normale „a“ aussieht. Über einen so genannten „Homographischen Angriff“ ist es mit Hilfe dieser Zeichen möglich, die Adresszeile im Browser genau so aussehen zu lassen, als bestehe eine Verbindung zu einer bekannten Website.

Als Demonstration hat sich Zheng die Domain „xn--80ak6aa92e.com“ gesichert. Wer diese mit den genannten Browsern aufruft, sieht in der Adresszeile eine sichere HTTPS-Verbindung zum Server „apple.com“.

TheHackersNewsWhat could be more horrifying than knowing that a hacker can trick the plane's electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control? Of course, the attacker would never wish to be on the same flight, so in this article, we are going to talk about a potential loophole that could allow an attacker to exploit a vulnerability with...

TheHackersNewsCisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies. It's believed to be the first payout on a 'False Claims Act' case over failure to meet cybersecurity standards. The lawsuit began eight years ago, in the year 2011,...

TheHackersNewsThe same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords. WPA, or WiFi Protected Access, is a WiFi security standard that has been designed to authenticate wireless devices using...

securitymagazine.comIn a world where devices of all types are connected to networks, the need to maintain strong cybersecurity is greater than ever. For organizations, particularly those that retain financial and other sensitive company and customer data, cybersecurity is critical, as the results of a network breach could be catastrophic....

securitymagazine.comASIS International announced the recipients of its 2019 Innovative Product Awards (IPA) for Global Security Exchange (GSX) 2019, to be held September 8-12 in Chicago.  ...

securitymagazine.comThe Department of Homeland Security issued a security alert for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft....

securitymagazine.comSeven in 10 senior financial executives at the world’s largest companies believe their insurer would cover most or all of the losses their company would incur in a cyber attack. Many of the losses they foresee, however, are rarely covered by insurance....

securitymagazine.comPaper and film records mark the most common location of data breaches in hospitals, according to a study published in The American Journal of Managed Care....

securitymagazine.comLos Alamos Public Schools, N.M. has been awarded a state match of $305,974 for school safety and security upgrades from the Public School Capital Outlay Council (PSCOC). LAPS will pay $478,572 for these improvements at all school sites....

securitymagazine.comA new guide to disaster recovery in the face of climate change has been released  by the Hawaiʻi Sea Grant College Program together with the Hawaiʻi Department of Land and Natural 12 Resources, Office of Planning, and Tetra Tech, Inc....

securitymagazine.comEnd-to-end encryption provides a foundational data protection safeguard, allowing secure data transfer between the sender and recipient while blocking it from external compromise. It also means this data can be inaccessible to law enforcement, who then must find alternative means to access that data. ...

securitymagazine.comTwo consistent and related themes in enterprise technology have emerged in recent years, both involving rapid and dramatic change. One is the rise of the digital enterprise across sectors and internationally. The second is the need for IT to react quickly and aggressively develop innovations to meet the enterprise’s digital aspirations....

securitymagazine.comIn this digital age you may wonder: who still uses paper in the workplace? Plenty of people....

securitymagazine.comNY Governor Andrew M. Cuomo signed legislation prohibiting state teachers from carrying guns in schools, and a second that streamlines the state’s gun buyback program....

securitymagazine.comCalifornia has the lowest rate of preventable death – 35.0 per 100,000 residents – while West Virginia has the highest, at 104.2 deaths per every 100,000 residents, according to an annual list of states with the lowest and highest rates of unintentional, preventable deaths, which include poisonings – largely from drug overdoses – car crashes and falls....

securitymagazine.comOne of the most satisfying parts of my role as Editor in Chief of Security magazine is the opportunity to share stories with you....