RSS-Feeds
Heise Security-Alert
- Cross-Site Scripting: Sicherheitslücken in pfSense ermöglichen Admin-Cookieklau 25. April 2024Die Open-Source-Firewall pfSense hat mehrere Löcher, durch die Angreifer eigenen Javascript-Code einschleusen können. Updates sind verfügbar.
- Cisco: Angreifer plazieren mithilfe neuer 0-Day-Lücke Hintertüren auf Firewalls 25. April 2024Zwei geschickt gestaltete Hintertüren auf Geräten mit Ciscos ASA- und FTD-System überleben Reboots und Systemupdates. Viele Details sind noch unklar.
- AMD Radeon-Grafiktreiber: Update schließt Codeschmuggel-Lücke 24. April 2024AMD hat Updates für Radeon-Grafiktreiber für DirectX 11 veröffentlicht. Sie schließen Sicherheitslücken, durch die Angreifer Schadcode einschleusen können.
- Jetzt patchen! Attacken auf Dateiübertragungsserver CrushFTP beobachtet 22. April 2024Angreifer haben Zugriff auf Systemdaten von CrushFTP-Servern. Verwundbare Systeme gibt es auch in Deutschland.
Bruce Schneier
- The Rise of Large-Language-Model Optimization 25. April 2024The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. […]
- Dan Solove on Privacy Regulation 24. April 2024Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious. […]
- Microsoft and Security Incentives 23. April 2024Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue […]
- Using Legitimate GitHub URLs for Malware 22. April 2024Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg. The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and […]
Feeds
Die nachfolgenden Feeds sollen aktuelle Nachrichten wiedergeben, so dass hierauf gegebenfalls schnell reagiert werden kann.