Heise Security-Alert

• Sicherheitsupdates: Schwachstellen machen Schutzsoftware von Symantec angreifbar 2. Juni 2023
  Symantecs Entwickler haben in Advanced Secure Gateway und Content Analysis mehrere Sicherheitslücken geschlossen.
• Jetzt patchen! Angreifer leiten Daten über MOVEit-Transfer-Sicherheitslücke aus 2. Juni 2023
  Derzeit setzen Angreifer an einer Schwachstelle in der Dateiübertragungssoftware MOVEit Transfer an. Sicherheitspatches sind verfügbar.
• Jetzt patchen! Cybergangster bauen Botnetz aus Zyxel-Firewalls 1. Juni 2023
  Angreifer attackieren derzeit Firewalls des Netzwerkausrüsters Zyxel. Sicherheitsupdates stehen zum Download bereit.
• Zwangsupdate: WordPress-Websites über Jetpack-Lücke manipulierbar 31. Mai 2023
  Die Jetpack-Entwickler haben 102 fehlerbereinigte Versionen ihres WordPress-Plug-ins veröffentlicht.

BSI Bund-Cert

Bruce Schneier

• Open-Source LLMs 2. Juni 2023
  In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didn’t just give the world a chat window to play with. Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked. Researchers and programmers immediately started modifying it, improving it, and getting it […]
• On the Catastrophic Risk of AI 1. Juni 2023
  Earlier this week, I signed on to a short group statement, coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline […]
• Chinese Hacking of US Critical Infrastructure 31. Mai 2023
  Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.
• Brute-Forcing a Fingerprint Reader 30. Mai 2023
  It’s neither hard nor expensive: Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the […]