Heise Security-Alert

BSI Bund-Cert

• Version 1.0: Fortinet FortiOS – Angreifende installierten persistenten Lesezugriff auf Firewalls 11. April 2025
• Version 1.1: Ivanti Connect Secure – Kritische Schwachstelle in End-of-Support und ungepatchten Systemen ausgenutzt 9. April 2025
• Information zur Umstellung beim Versand von Warnungen 1. April 2025
• Version 1.0: Kubernetes – Kritische Schwachstelle im Ingress NGINX Controller ermöglicht Clusterübernahme 25. März 2025

Bruce Schneier

• Friday Squid Blogging: Squid Facts on Your Phone 25. April 2025
  Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
• Cryptocurrency Thefts Get Physical 25. April 2025
  Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping.
• New Linux Rootkit 24. April 2025
  Interesting: The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become […]
• Regulating AI Behavior with a Hypervisor 23. April 2025
  Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.” Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats […]