Nachrichtenarchiv

Heise Security 12.12.2023 22:33
Geheimdienste sammeln Daten aus Push-Benachrichtigungen von Android und iPhone. Beim Signal-Messenger ist da wenig zu holen, sagt die Stiftung.​

Spiegel Online 12.12.2023 15:13
Eine »mächtige« Hackerattacke hat das Netz des größten ukrainischen Mobilfunkproviders Kyivstar kollabieren lassen, 24 Millionen Kunden sind betroffen. Es war nicht der einzige Cyberangriff des Tages.

Schneier on Security 12.12.2023 13:01
Interesting attack based on malicious pre-OS logo images:
LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux….
The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs……

Spiegel Online 07.02.2023 4:02
73 Raketen feuerte Nordkorea im vergangenen Jahr ab – und droht immer unverhohlener mit Atomwaffen. Finanziert wird das vor allem durch Hackerangriffe. Ein Uno-Bericht gibt nun Einblick in Kim Jong Uns Cyberarmee.

Dark Reading 06.02.2023 16:00
It’s time to share threat intelligence and prioritize digital literacy and cyber hygiene to stem the rising money laundering tide.

Golem 06.02.2023 10:43
Eigentlich wurde die Lücke in VMWare ESXi schon Anfang 2021 behoben. Die Arbeit machten sich viele Firmen nicht. Nun haben sie Probleme. (Cybercrime, Virtualisierung)

Dark Reading 03.02.2023 23:04
Apply these nine tips to proactively fight fraudulent websites that use your brand to rip people off.

Dark Reading 03.02.2023 16:00
The greatly expanding attack surface created by the cloud needs to be protected.

The Hacker News 03.02.2023 13:12
The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data.
"The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif

Schneier on Security 03.02.2023 13:07
Interesting research: “Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons“:
Abstract: In this paper we describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural networks, by mathematically changing a small fraction of its weights (i.e., without using any additional training or optimization). These backdoors force the system to err only on specific persons which are preselected by the attacker. For example, we show how such a backdoored system can take any two images of a particular person and decide that they represent different persons (an anonymity attack), or take any two images of a particular pair of persons and decide that they represent the same person (a confusion attack), with almost no effect on the correctness of its decisions for other persons. Uniquely, we show that multiple backdoors can be independently installed by multiple attackers who may not be aware of each other’s existence with almost no interference…