Landeskriminalamt warnt vor Cyberangriffen über Office 365

heise Security  Das Landeskriminalamt Nordrhein-Westfalen warnt vor möglichen Cyberangriffen über Outlook und die Dokumentenverwaltung von Office 365.  Read More 

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

The Hacker News [[{„value“:“The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. „The core of SolarMarker’s operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely“}]] Read More 

Sicherheitsupdate: DoS-Lücken in Netzwerkanalysetool Wireshark geschlossen

heise Security  In der aktuellen Version von Wireshark haben die Entwickler drei Sicherheitslücken geschlossen und mehrere Bugs gefixt.  Read More 

Five Core Tenets Of Highly Effective DevSecOps Practices

The Hacker News One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today’s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps…

Detecting Malicious Trackers

Schneier on Security [[{„value“:“ From Slashdot: Apple and Google have launched a new industry standard called “Detecting Unwanted Location Trackers” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers…

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

The Hacker News [[{„value“:“A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. „If exploited, it could allow attackers to execute arbitrary code on your system,“}]] Read…

Streamlining IT Security Compliance Using the Wazuh FIM Capability

The Hacker News [[{„value“:“File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of FIM for businesses to ensure the integrity of their data. IT…

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

The Hacker News [[{„value“:“ Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. „Deprecating NTLM has been a huge ask from our security community as it will strengthen…

Warten auf Patches: Sicherheitsforscher untersuchen NAS-System Qnap QTS

heise Security [[{„value“:“ Sicherheitsforscher haben 15 Schwachstellen im NAS-Betriebssystem Qnap QTS entdeckt. Bislang wurden nicht alle Lücken geschlossen. „}]] Read More 

NextGen Healthcare Mirth Connect Under Attack – CISA Issues Urgent Warning

The Hacker News [[{„value“:“The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2023-43208 (CVSS score: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete“}]] Read More