20.03.2025

Heise Security 19.03.2025 20:33
Ethernet-Ports für Fernwartung gehören nicht ans öffentliche Netz, wie eine aktuelle Sicherheitslücke eindrucksvoll demonstriert.

Heise Security 19.03.2025 15:15
Das Open-Source-Tool tjactions/changed-files hat im CI-Prozess mit GitHub Actions nach sensiblen Informationen gesucht und sie im Build-Log gespeichert.

The Hacker News 19.03.2025 7:59
Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems.
"These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially

Krebs Security 14.03.2025 23:15
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Heise Security 18.03.2025 10:10
Ein Cyberangriff legt die IT der städtischen Altenheime in Mönchengladbach lahm. Aerticket und die Schweizer Supermarktkette Spar bauen ihre Dienste wieder auf.

Heise Security 18.03.2025 5:18
Britische Überwacher verlangen weltweiten Zugriff auf Apple-Backups. Apple darf das nicht bestätigen und ist damit offenbar kein Einzelfall.

CSO Online 17.03.2025 21:22
App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was compromised last week to steal credentials.

Schneier on Security 17.03.2025 16:09
New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.”
Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit keys are recommended, there are many standards and real-world applications that use shorter keys. In order to estimate the actual threat imposed by using those short keys, precise estimates for attacks are crucial.
In this work we provide optimized implementations of several widely used algorithms on GPUs, leading to interesting insights on the cost of brute force attacks on several real-word applications…

CSO Online 17.03.2025 12:20
In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to authorize a malicious OAuth application.

Heise Security 17.03.2025 11:09
Sicherheitsforscher berichten über Angriffsversuche auf rund 12.000 Github-Repositories. Dabei wollen Angreifer die volle Kontrolle über Konten erlangen.

CSO Online 17.03.2025 8:30
Widespread flaws in open-source and third-party commercial software along with malicious campaigns targeting AI development pipelines are exacerbating software supply chain security problems.

Heise Security 15.03.2025 16:34
Die Kryptobörse Bybit erlitt mit einem Wallet des Anbieters "Safe" einen Milliardendiebstahl, wohl auch durch Social Engineering.