Sicherheitsinfos

Wichtige SicherheitsinformationenHier veröffentlichen wir Sicherheitsinfos und Updateinformationen für Sie.

Da wir täglich in den tiefen des WWW unterwegs sind, finden wir oftmals wichtige Informationen rund um das Thema Sicherheit und bieten Ihnen so die Möglichkeiten, gewissen Gefahren auszuweichen und/oder zu beseitigen.

Leider ist es im Computeralltag so, dass immer gewisse Kreise mehr Informationen über Sie erhalten wollen, als Sie preisgeben wollen. Wir hoffen, Ihnen dadurch bei der Sicherheit Ihrer Systeme behilflich zu sein.

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsLet's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum?  Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social...
Zugriffe: 36

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and...
Zugriffe: 31

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNews2023 has seen its fair share of cyber attacks, however there’s one attack vector that proves to be more prominent than others - non-human access. With 11 high-profile attacks in 13 months and an ever-growing ungoverned attack surface, non-human identities are the new perimeter, and 2023 is only the beginning.  Why non-human access is a cybercriminal’s paradise  People always...
Zugriffe: 32

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsA phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said. "MrAnon Stealer steals its victims' credentials, system...
Zugriffe: 35

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsApple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari...
Zugriffe: 25

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsApache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file...
Zugriffe: 33

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsTactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor referred to as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary's Lua-based malware LuaDream and KEYPLUG have...
Zugriffe: 29

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based...
Zugriffe: 33

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsIn an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the organization's cybersecurity infrastructure, blending strategic guidance with actionable...
Zugriffe: 35

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsCybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and...
Zugriffe: 30

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsIn the ever-evolving cybersecurity landscape, one method stands out for its chilling effectiveness – social engineering. But why does it work so well? The answer lies in the intricate dance between the attacker's mind and human psychology. Our upcoming webinar, "Think Like a Hacker, Defend Like a Pro," highlights this alarming trend. We delve deep into social engineering, exploring its...
Zugriffe: 28

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsA new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all processes without any limitations, making them more flexible than existing process...
Zugriffe: 29

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsResearchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM) as well as its analogous...
Zugriffe: 32

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThreat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs...
Zugriffe: 30

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsA collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul (a combination of "5G" and "Ghoul") – 10 affect 5G modems from the two companies, out of which three...
Zugriffe: 34

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. "The threat actor ultimately uses a backdoor to steal information and execute commands," the AhnLab Security Emergency Response Center (ASEC) said in an...
Zugriffe: 42

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsRansomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks....
Zugriffe: 40

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsUnauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch attacks on websites, companies and individuals, buy guns, drugs, and other illicit...
Zugriffe: 26

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsWordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins,...
Zugriffe: 24

Details
Hauptkategorie: IT News aus aller Welt
Kategorie: Sicherheitsinfos
TheHackersNewsThe Russian founder of the now-defunct Bitzlato cryptocurrency exchange has pleaded guilty, nearly 11 months after he was arrested in Miami earlier this year. Anatoly Legkodymov (aka Anatolii Legkodymov, Gandalf, and Tolik), according to the U.S. Justice Department, admitted to operating an unlicensed money-transmitting business that enabled other criminal actors to launder their...
Zugriffe: 24