Sicherheitsinfos

threatpost.comThe Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000....

threatpost.comMultiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops....

threatpost.comFour vulnerabilities could "SACK" connected devices with denial-of-service exploits....

threatpost.comA security researcher who disclosed flaws impacting 2 million IoT devices in April - and has yet to see a patch or even hear back from the manufacturers contacted - is sounding off on the dire state of IoT security....

Heise Sicherheits NewsFür Opfer des Verschlüsselungs-Trojaners GandCrab gibt es Hoffnung in Gestalt eines Gratis-Tools, das (nicht nur) der aktuellen Version 5.2 gewachsen ist....

Heise Sicherheits NewsBesitzer einiger YubiKeys der FIPS-Serie erhalten kostenlosen Ersatz – denn in zwei Firmware-Versionen klafft eine schwere Sicherheitslücke....

Heise Sicherheits NewsNetflix hat einige Sicherheitsprobleme im Netzwerk-Stack von Linux- und FreeBSD-Kerneln entdeckt, die sich für Denial-of-Service-Attacken eignen....

Heise Sicherheits NewsBei Venmo ist es nach wie vor möglich, Transaktionsdaten massenhaft abzugreifen. Betroffen sind Nutzer, die die App mit Default-Einstellungen betreiben....

Heise Sicherheits NewsDas in iOS 13 und macOS 10.15 verbaute Feature kann sogar Geräte finden, die offline sind. Sicherheitsprobleme soll das nicht verursachen....

Heise Sicherheits NewsGegenüber c't hat Logitech erstmals Details zu Lücken in Presenter-Modellen bekannt gegeben. Demnach sind mehr Geräte verwundbar, als bisher bekannt....

Heise Sicherheits NewsIm Play Store haben Sicherheitsexperten Trojaner-Apps entdeckt. Diese erschlichen sich Rechte für Push-Nachrichten, um Nutzer auf dubiose Seiten zu locken....

TheHackersNewsA team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side channel...

TheHackersNewsIn April this year, a software update from Google overnight turned all Android phones, running Android 7.0 Nougat and up, into a FIDO-certified hardware security key as part of a push to encourage two-step verification. The feature made it possible for users to confirm their identity when logging into a Google account more effortless and secure, without separately managing and plugging-in a...

TheHackersNewsReal-time visibility into IT assets and activities introduces speed and efficiency to many critical productivity and security tasks organizations are struggling with—from conventional asset inventory reporting to proactive elimination of exposed attack surfaces. However, gaining such visibility is often highly resource consuming and entails manual integration of various feeds. Cynet is now...

TheHackersNewsTelegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage...

TheHackersNewsCybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome...

TheHackersNewsA new threat has hit head the headlines (Robinhood anyone?), and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require checking that security controls such as your email gateway, web gateway, and endpoint...

securitymagazine.comPanasonic’s FacePRO® Facial Recognition features a “deep learning” core engine....

securitymagazine.comPaxton’s Net2 Entry Audio monitor features a simple interface with flexible installation that can be wall-mounted or used with an adjustable desk stand, option of a handset, action buttons configurable for a range of needs and optional connection to a sounder or beacon that offers accessible call notification....

securitymagazine.comEnterprise Guardian™ and Enterprise Sentry™ software with identity intelligence from AlertEnterprise Inc. is an AI-powered technology designed to reduce the time and cost of detecting and resolving risk by automating threat detection across physical, IT and operational systems from one place....

securitymagazine.comA Global Security Operations Center can take the form of a new facility or be housed in an existing one, but the value is undeniable to support a security enterprise’s goals and operations....

securitymagazine.comLenelS2’s Lenel Network Video Recorder (LNVR) integrated with OnGuard® Monitor, OnGuard® Surveillance and Magic Monitorallows for video-assisted mobile monitoring and lightweight video viewing....