RSS-Feeds
Heise Security-Alert
- FIDO2-Sticks: Lücke in Yubikey-Verwaltungssoftware erlaubt Rechteausweitung 19. April 2024Um die FIDO2-Sticks von Yubikey zu verwalten, stellt der Hersteller eine Software bereit. Eine Lücke darin ermöglicht die Ausweitung der Rechte.
- Mitel SIP-Phones anfällig für unbefugte Zugriffe 19. April 2024Mitel-SIP-Phones und -Konferenz-Produkte ermöglichen unbefugte Zugriffe und das Ausführen von Schadcode. Updates stehen bereit.
- Update für Solarwinds FTP-Server Serv-U schließt Lücke mit hohem Risiko 18. April 2024Im Solarwinds Serv-U-FTP-Server klafft eine als hohes Risiko eingestufte Sicherheitslücke. Der Hersteller dichtet sie mit einem Update ab.
- Jetzt patchen! Root-Attacken auf Cisco IMC können bevorstehen 18. April 2024Es sind wichtige Sicherheitsupdates für Cisco Integrated Management Controller und IOS erschienen. Exploitcode ist in Umlauf.
Bruce Schneier
- Other Attempts to Take Over Open Source Projects 18. April 2024After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique: The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular […]
- Using AI-Generated Legislative Amendments as a Delaying Technique 17. April 2024Canadian legislators proposed 19,600 amendments—almost certainly AI-generated—to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hacker’s Mind, but this is a new one.
- X.com Automatically Changing Link Text but Not URLs 16. April 2024Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were a clever phisher and registered fedetwitter.com, people would […]
- New Lattice Cryptanalytic Technique 15. April 2024A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed. As this comment points out: “We […]
Feeds
Die nachfolgenden Feeds sollen aktuelle Nachrichten wiedergeben, so dass hierauf gegebenfalls schnell reagiert werden kann.