05.05.2025

Heise Security 05.05.2025 6:56
Dass in der US-Regierung fleißig Signal benutzt wird, war bekannt. Nun kam der Hinweis, dass das wohl über eine modifizierte App geschieht. Die wurde geknackt.

Heise Security 04.05.2025 13:46
Eine internationale Recherche hat Strukturen eines Betrugs-Netzwerks aufgedeckt. Rund 900.000 Menschen fielen darauf herein.

Schneier on Security 02.05.2025 20:04
Sooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea.
In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lee’s open protocol for distributed data ownership. We are working on a digital wallet that can make use of AI in this way. (We used to call it an “active wallet.” Now we’re calling it an “agentic wallet.”)
I talked about this a bit at the RSA Conference…

Heise Security 02.05.2025 16:22
Das saarländische Finanzministerium warnt vor falschen E-Mails im Namen des Steuerzentralamts. Betrüger fordern Bürgern zur Zahlung von Mahngebühren auf.

The Hacker News 02.05.2025 14:25
Ireland’s Data Protection Commission (DPC) on Friday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users‘ data to China.
"TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "

Schneier on Security 02.05.2025 13:03
The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and secure multiparty computation.
It’s full of good advice. I especially appreciate this warning:
When deciding whether to use Advanced Cryptography, start with a clear articulation of the problem, and use that to guide the development of an appropriate solution. That is, you should not start with an Advanced Cryptography technique, and then attempt to fit the functionality it provides to the problem. …

Infosecurity Magazine 02.05.2025 11:45
FIDO Alliance found an uptick in awareness and takeup of passkeys as an alternative method to passwords

CSO Online 02.05.2025 11:00

Endpoint detection and response (EDR) security tools monitor end-user hardware devices across a network for a range of suspicious activities and behavior, reacting automatically to block perceived threats and saving forensics data for further investigation. Endpoint here generally means any end-user device, from a laptop to a smartphone to IoT gadgets.

An EDR platform combines deep visibility into everything that’s happening on an endpoint device — processes, changes to DLLs and registry settings, file and network activity — with data aggregation and analytics capabilities that allow threats to be recognized and countered by either automated processes or human intervention.

The first recognition of the category of EDR is widely accepted to be in a 2013 blog post by Gartner analyst Anton Chuvakin, who was trying to come up with a “generic name for the tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints.” He used the phrase “endpoint threat detection and response,” but the more succinct (though somewhat less accurate) endpoint detection and response caught on.

How EDR works and why it’s important

EDR systems work by recording and analyzing activity taking place on endpoints of all types. Many EDR offerings do so by installing agent programs on the endpoints they protect, which send telemetry back to the central EDR tool for analysis. There is also a class of agentless EDR systems that gather data from built-in OS tools on endpoints as well as relevant network data; these systems are easier to roll out across an organization but often can’t provide the same under-the-cover insights into what’s happening on endpoints that agented EDR can.

Whichever way EDR gets information about endpoint behavior, it then uses data analytics and AI/ML to determine whether that activity is unusual or a sign of a potential breach. The EDR systems can raise an alarm over such behavior for security teams and record information for later forensic analysis.

That’s the “detect” part of EDR. The “response” part consists of automated steps that can be taken to block attacks in progress, including shutting down suspicious processes, deleting files that look like malware, and isolating endpoints that seem to have been compromised from the rest of the network. While human intervention is usually necessary to truly stomp out compromises, the

Heise Security 02.05.2025 9:19
Microsoft setzt die Abschaffung von Passwörtern weiter fort. Neue Microsoft-Konten sind jetzt standardmäßig passwortlos.