Sicherheitsinfos

Wichtige SicherheitsinformationenHier veröffentlichen wir Sicherheitsinfos und Updateinformationen für Sie.

Da wir täglich in den tiefen des WWW unterwegs sind, finden wir oftmals wichtige Informationen rund um das Thema Sicherheit und bieten Ihnen so die Möglichkeiten, gewissen Gefahren auszuweichen und/oder zu beseitigen.

Leider ist es im Computeralltag so, dass immer gewisse Kreise mehr Informationen über Sie erhalten wollen, als Sie preisgeben wollen. Wir hoffen, Ihnen dadurch bei der Sicherheit Ihrer Systeme behilflich zu sein.
Heise Sicherheits NewsEine Krypto-Mining-Kampagne setzt auf kostenlose Test-Accounts von Cloudanbietern, um Kryptowährungen zu schürfen. Die Ziele könnten darüber noch hinausgehen....

Heise Sicherheits NewsAllerhöchste Zeit, um alte Lücken in Cisco AnyConnect abzudichten: Cisco warnt vor derzeitigen Cyber-Angriffen auf Schwachstellen aus dem Jahr 2020....

Heise Sicherheits NewsAngreifer könnten mit Root-Rechten auf die Cloud-Plattform von VMware zugreifen....

Heise Sicherheits NewsMicrosoft hat die Update-Vorschau für Windows 11 freigegeben. Unter anderem bringt sie den oft vermissten Taskmanager zurück ins Taskleistenmenü....

TheHackersNewsA cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using...

Heise Sicherheits NewsLernen Sie, wie Sie die Vorgaben des IT-Sicherheitsgesetzes des BSI umsetzen: konkrete Starthilfe für KRITIS-Betreiber an zwei Tagen (online). Rabatt bis 8.11....

TheHackersNewsCisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges....

Heise Sicherheits NewsMit der Veröffentlichung von Chrome 107 erhalten Anwender Sicherheitsupdates. Neue oder verbesserte Funktionen sind hingegen rar und eher für Web-Entwickler....

Heise Sicherheits NewsAm 1. November 2022 wollen die OpenSSL-Entwickler die Version 3.0.7 veröffentlichen. Darin haben Sie unter anderem eine kritische Lücke geschlossen....

TheHackersNewsVMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library. "Due to an unauthenticated endpoint that leverages XStream for input serialization in...

Heise Sicherheits NewsIm Lagebild zur IT-Sicherheit warnt das BSI vor einem gefährlichen Mix aus Angriffsvektoren und staatlichen und kriminellen Akteuren....

securitymagazine.comWith CISOs required to present to their boards, they now face the challenge of articulating cybersecurity risks and opportunities, according to a survey by FTI Consulting....

securitymagazine.comIdentity and access management (IAM) has been a fundamental security touchstone for as long as information security has been around. Unfortunately, it is not good enough anymore....

TheHackersNewsA high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21...

TheHackersNewsThe Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises...

Heise Sicherheits NewsMit dem Open-Source-Vorhaben Graph for Understanding Artifact Composition (GUAC) verschreibt sich Google einmal mehr der Absicherung von Software-Lieferketten....

TheHackersNewsCybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol (MS-EVEN), which enables remote access to event logs. While the former allows "any domain user to remotely...

Heise Sicherheits NewsLernen Sie mit vielen Praxisbespielen, wie Sie Windows 10 und 11 (Pro und Enterprise) in Ihrem Unternehmen sicher betreiben. Mit 10% Frühbucherrabatt bis 7.11....

TheHackersNewsIntroduction In many ways, the software supply chain is similar to that of manufactured goods, which we all know has been largely impacted by a global pandemic and shortages of raw materials.  However, in the IT world, it is not shortages or pandemics that have been the main obstacles to overcome in recent years, but rather attacks aimed at using them to harm hundreds or even thousands of...

TheHackersNewsTwo point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at...

Weiter