#security

Chinese hackers target Russian govt with upgraded RAT malware - Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organiz... https://www.bleepingcomputer.com/news/security/chinese-hackers-target-russian-govt-with-upgraded-rat-malware/ #security

7 Steps to Take After a Credential-Based cyberattack - Hackers don't break in—they log in. Credential-based attacks now fuel nearly half of all ... https://www.bleepingcomputer.com/news/security/7-steps-to-take-after-a-credential-based-cyberattack/ #security

Cisco Webex bug lets hackers gain code execution via meeting links - Cisco has released security updates for a high-severity Webex vulnerability that allows u... https://www.bleepingcomputer.com/news/security/cisco-webex-bug-lets-hackers-gain-code-execution-via-meeting-links/ #security

Rückschau secIT 2025 – alte Gefahren in neuem Gewand

Auf der IT-Security-Konferenzmesse zeigt sich KI weiter als Gefahrenmultiplikator. Die moderne Cloud- und Lieferkettenkomplexität potenziert Sicherheitsrisiken.

https://www.heise.de/hintergrund/Rueckschau-secIT-2025-alte-Gefahren-in-neuem-Gewand-10354246.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Cybersecurity #IT #Security #news

Companies that use different (sub-)domains for registering an account and logging in – a perfect way to break your password manager.

Today's example: registration.atupri.ch and login.atupri.ch.

Why?

Yeah, *I* can edit the entry in the password manager to allow the log-in domain.

But my mom? Unlikely. So even if she uses an automatically generated password (good) and saves it in her password manager (good), it won't be offered when she tries to log in (bad).

#accessibility #security

heise+ | Raus aus der US-Cloud: Souveräne SaaS-Angebote im Überblick

Für europäische Firmen ist der Einsatz US-basierter SaaS-Angebote riskant. Wer auch künftig sicheren Zugriff will, sollte auf EU-Alternativen setzen.

https://www.heise.de/hintergrund/Raus-aus-der-US-Cloud-Souveraene-SaaS-Angebote-im-Ueberblick-10342483.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#CloudDienste #IT #Microsoft #Recht #Security #SoftwareasaService #news

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now - A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been discl... https://www.bleepingcomputer.com/news/security/critical-erlang-otp-ssh-pre-auth-rce-is-surprisingly-easy-to-exploit-patch-now/ #security

Entertainment services giant Legends International discloses data breach - Entertainment venue management firm Legends International warns it suffered a data breach... https://www.bleepingcomputer.com/news/security/entertainment-services-giant-legends-international-discloses-data-breach/ #security

Windows NTLM hash leak flaw exploited in phishing attacks on governments - A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively ... https://www.bleepingcomputer.com/news/security/windows-ntlm-hash-leak-flaw-exploited-in-phishing-attacks-on-governments/ #security

Chrome extensions with 6 million installs have hidden tracking code - A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky c... https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/ #security

Tengan mucho cuidado con lo que comparten en redes sociales. #SocialMedia #AccountSecurity #AccessControl #Security #Seguridad #Privacy #Privacidad #Cibersecurity #Ciberseguridad

CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams - Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & ... https://www.bleepingcomputer.com/news/security/ctm360-tracks-global-surge-in-sms-based-reward-and-toll-scams/ #security

Ahold Delhaize confirms data theft after INC ransomware claims attack - Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business sys... https://www.bleepingcomputer.com/news/security/ahold-delhaize-confirms-data-theft-after-inc-ransomware-claims-attack/ #security

iX-Workshop: Microsoft 365 sicher einrichten und datenschutzkonform betreiben

Microsoft 365 sicher betreiben und notwendige Maßnahmen in Bezug auf Datenschutz und Informationssicherheit umsetzen.

https://www.heise.de/news/iX-Workshop-Microsoft-365-sicher-einrichten-und-datenschutzkonform-betreiben-10344283.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IdentityManagement #Datenschutz #DSGVO #IT #iXWorkshops #Microsoft #Security #news

blog! “That's Not How A SIM Swap Attack Works”

There's a disturbing article in The Guardian about a person who was on the receiving end of a successful cybersecurity attack.

EE texted to say they had processed my sim activation request, and the new sim would be active in 24 hours. I was told to contact them if I hadn’t requested this. I hadn’t, so I did …

Read more: https://shkspr.mobi/blog/2025/04/thats-not-how-a-sim-swap-attack-works/
⸻
#2fa #CyberSecurity #MFA #security #sim

CISA warns of increased breach risks following Oracle Cloud leak - On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracl... https://www.bleepingcomputer.com/news/security/cisa-warns-of-increased-breach-risks-following-oracle-cloud-leak/ #security

Five Times When Updating Your OS Would Have Saved You From Being Hacked https://lowendbox.com/blog/five-times-when-updating-your-os-would-have-saved-you-from-being-hacked/ #Editorial&News #heartbleed #dirtycow #Security #linux #exim #sudo

iX-Workshop: BCM und IT-Notfallplanung – Vorbereitet für den Ernstfall

Erstellen Sie für Ihr Unternehmen einen Leitfaden zur professionellen IT-Notfallplanung im interaktiven Workshop.

https://www.heise.de/news/iX-Workshop-BCM-und-IT-Notfallplanung-Vorbereitet-fuer-den-Ernstfall-10344269.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IT #iXWorkshops #Security #news

heise+ | Vertrauenswürdige E-Mail: Spoofing-Schutz über DNS einrichten

Domain-Inhaber können E-Mail-Spoofing deutlich erschweren, wenn sie über das Domain Name System (DNS) standardisierte Informationen zur Verfügung stellen.

https://www.heise.de/hintergrund/Vertrauenswuerdige-E-Mail-Spoofing-Schutz-ueber-DNS-einrichten-10331860.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#DNS #EMail #Hacking #IT #Phishing #Security #news

CISA tags SonicWall VPN flaw as actively exploited in attacks - On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access... https://www.bleepingcomputer.com/news/security/cisa-tags-sonicwall-vpn-flaw-as-actively-exploited-in-attacks/ #security