Cybersecurity

Wir haben im Rahmen des Projektes "Codeanalyse von Open Source Software" (CAOS 3.0) die Passwort-Manager Keepass und Vaultwarden auf ihre Sicherheitseigenschaften überprüft. Dabei wurden bei Vaultwarden zwei Sicherheitslücken mit der Einstufung "hoch" identifiziert. Die Entwickler wurden über kritische Sicherheitslücken informiert, sie haben die Probleme bereits analysiert und reagiert.

Mehr Infos dazu 👉 https://www.bsi.bund.de/dok/1123832

#CAOS #BSI #Cybersecurity #IT-Sicherheit #OpenSource

Are passwords on the way out? Researchers are announcing two projects that will make passkeys easier for organizations to offer — and easier for everyone to use. Read more at @WIRED. #Passwords #Authentication #Cybersecurity #Passkeys #Tech #Technology https://flip.it/l-yryY

Ransomware attack leaks social security numbers of over 230,000 Comcast customers.

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/en-us/blog/hotforsecurity/ransomware-attack-leaks-social-security-numbers-of-over-230-000-comcast-customers/

#cybersecurity #databreach #ransomware

Cyberkriminelle nutzen viele Wege, um euch auf dem falschen Fuß zu erwischen. Unsere 10 Basistipps zur Cybersicherheit zeigen, wie ihr eure Daten effektiv schützt und sicher im Netz unterwegs seid. Schaut euch die Tipps an und bleibt immer einen Schritt voraus: https://www.bsi.bund.de/dok/131398
#ITSecurity #CyberSecurity #Datenschutz #SicherImNetz

My current hardware MFA key is no longer receiving security patches, so I'm in the market for a new one.

Here's a list of features I'd like my new hardware MFA key to have, in order of priority:

1. USB-A
2. NFC
3. USB-C
4. Biometric
5. Bluetooth

My current MFA key has features 1-3 and 5. Is there a Holy Grail MFA key somewhere out there with all 5 features?

I'm already pretty familiar with YubiCo's product lineup, and while I love their security rating and build quality, none of them have more than 2 of the features listed above, so that kinda bums me out.

Anyway, let's hear your hardware MFA key recommendations!

#MFA #2FA #fido #fido2 #fido3 #NFC #USB #USBc #USBa #Biometric #Fingerprint #YubiCo #YubiKey #Bluetooth #CyberSecurity #InfoSec

Sellafield nuclear site hit with £332,500 fine after 'significant cybersecurity shortfalls'

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/blog/hotforsecurity/sellafield-nuclear-site-332500-fine-cybersecurity-shortfalls/

#cybersecurity #nuclear

Cyberangriffe sind Realität – welche Notfallkonzepte wir brauchen, erklärt Dr. Dirk Häger auf der #itsa2024 in seinem Vortrag am 23. Oktober in der Speakers' Corner des BSI. 👉 Mehr Infos: https://www.bsi.bund.de/dok/it-sa

#CyberSecurity #ITSecurity #TeamBSI #itsa

Two Harvard students took Meta’s commercially available Ray Ban smart glasses and built facial recognition software that automatically looks up someone’s face and identifies them, including personal information. Read it at @[email protected] (Registration may be required). #Meta #SmartGlasses #Cybersecurity #Tech #Technology https://flip.it/WDXr7Z

The FCC announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers from 2021-2023. More from @[email protected]. #FCC #TMobile #Cybersecurity #Tech https://flip.it/MGWkCJ

FBI warns of sophisticated Iranian hackers targeting personal accounts⤵️
#FBI #cybersecurity #Iran #infosec #hacking

https://cnews.link/iranian-hackers-targeting-personal-accounts/

Disclosing details of a #vulnerability I discovered 1 year ago:

N-able Ecosystem Agent Improper Certificate Validation #CVE_2024_5445 vulnerability leads to #RCE as SYSTEM user.

Vulnerability details: https://sintonen.fi/advisories/n-able-ecosystem-agent-improper-certificate-validation.txt

N-able has rated this vulnerability CVSS 3.8, but the practical impact of this vulnerability is grave as it allows attackers in privileged network position to fully compromise vulnerable systems. While arguing for such low score N-able presentative stated that: "The vulnerability reported does not constitute an RCE, the Ecosystem agent is designed to run installation packages in a privileged context and the agent is doing what it should do when it receives such packages to install over the APIs."

I think this is somewhat disingenuous.

#infosec #cybersecurity

Critical printing system bugs affect hundreds of thousands of Linux machines⤵️
#Linux #cybersecurity #technology #infosec

https://cnews.link/critical-printing-system-bugs-linux-affected/

Deepfake Ukrainian diplomat targeted US senator on Zoom call.

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/blog/hotforsecurity/deepfake-ukrainian-diplomat-targeted-us-senator-on-zoom-call/

#cybersecurity #deepfake

The Irish Data Protection Commission has fined Meta with a $101.5 million penalty after investigating a 2019 security breach in which the company mistakenly stored users' passwords in plain text. Via @Engadget. #Meta #Cybersecurity #Tech #Technology https://flip.it/ZD45rD

Security researchers have found a set of vulnerabilities that could allow bad actors to hack into Kia vehicles made after 2013.

#Kia #hack #vulnerabilities #CyberSecurity #datasecurity #infosec

https://cnews.link/hackers-could-exploit-kia-vulnerabilities-3/

Microsoft has discovered a new threat actor that previously operated as an affiliate for other ransomware-as-a-service gangs.

#Microsoft #ransomware #CyberAttack #CyberSecurity #infosec

https://cnews.link/former-affiliate-upgrades-and-launches-its-own-attacks-1/

Gemini, a powerful Google Workspace AI assistant, can be manipulated to produce misleading or malicious unintended responses.

#Google #Gemini #AI #CyberSecurity #infosec

https://cnews.link/hidden-prompts-emails-docs-google-gemini-haywire-3/

Losses from hacks and fraud in the crypto industry decreased significantly in the third quarter of this year compared to Q3 of 2023.

#cyrpto #hack #fraud #CyberSecurity #infosec

https://cnews.link/fewer-losses-crypto-hacks-2/

The US Treasury Department has announced sanctions against several Russian crypto companies.

#US #Crypto #CyberSecurity #ransomware #infosec

https://cnews.link/us-sanctions-russian-crypto-exchanges-ransomware-2/

A group of independent security researchers were able to scan virtually any internet-connected Kia vehicle’s license plate and within seconds gain the ability to track that car’s location, unlock the car, honk its horn, or start its ignition at will. More from @WIRED (Subscription may be required). #Kia #Hack #Tech #Technology #Cybersecurity https://flip.it/2fswDC

When UK rail stations' Wi-Fi was defaced by hackers the only casualty was the truth.

Read more in my article on the Bitdefender blog: https://www.bitdefender.com/blog/hotforsecurity/when-uk-rail-stations-wi-fi-was-defaced-by-hackers-the-only-casualty-was-the-truth/

#cybersecurity #hacking

Handala Hack leaked 60,000 thousand ‘secret emails’ allegedly belonging to Gabriel "Gabi" Ashkenazi and exposed Benny Gantz.

#Israeli #dataleak #DataSecurity #CyberSecurity #infosec

https://cnews.link/pro-palestinian-hackers-claim-hacked-israeli-politicians-1/

Run to the hills! Run to the hills! Pull the communication cord!

Oh, hang on... it's just some kids who've defaced a hotspot login page...

#cybersecurity #hype

CISA has warned that hackers continue to be capable of compromising industrial control systems using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly.

Meanwhile, hackers claim to have changed chlorine levels at Lebanese water facilities...

Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/cisa-warns-hackers-targeting-industrial-systems-unsophisticated-methods

#cybersecurity #ics #ot #wws

Malicious attackers are trying to capitalize on public interest surrounding charges against the rap star Sean “Diddy” Combs.

#hackers #SeanCombs #Malware #CyberSecurity #infosec

https://cnews.link/hackers-hiding-malware-in-fake-deleted-diddy-files-1/