Heise Security-Alert

BSI Bund-Cert

• Information zur Umstellung beim Versand von Warnungen 1. April 2025
• Version 1.0: Kubernetes – Kritische Schwachstelle im Ingress NGINX Controller ermöglicht Clusterübernahme 25. März 2025
• Version 1.0: SonicWall SonicOS – Proof-of-Concept Exploit für Schwachstelle im SSLVPN veröffentlicht 31. Januar 2025
• Version 1.0: SonicWall SMA 1000 Serie – Zero-Day Schwachstelle in Management Konsole geschlossen 23. Januar 2025

Bruce Schneier

• Cell Phone OPSEC for Border Crossings 1. April 2025
  I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it […]
• The Signal Chat Leak and the NSA 31. März 2025
  US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. "I didn’t see this loser in the group," Waltz told Fox News about Atlantic editor in chief Jeffrey Goldberg, whom Waltz invited to the chat. […]
• Friday Squid Blogging: Squid Werewolf Hacking Group 28. März 2025
  In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
• AIs as Trusted Third Parties 28. März 2025
  This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as achieving certain goals necessitates sharing private […]