February Patch Tuesday: CISOs should act now on two actively exploited...
CISOs should make sure that two actively exploited vulnerabilities in Windows are addressed as part of their staff’s February Patch Tuesday efforts. They are: CVE 2025-21391, a Windows Storage...
View ArticleUK monitoring group to classify cyber incidents on earthquake-like scale
A UK body backed by the cyber insurance industry is seeking to establish a framework to classify the severity of cyber incidents affecting UK organisations. The Cyber Monitoring Centre (CMC) — an...
View ArticleBeyond the paycheck: What cybersecurity professionals really want
The cybersecurity industry is facing an unprecedented challenge: retaining skilled professionals in the midst of an ever-expanding threat landscape and a significant skills shortage. Organizations are...
View ArticleClik here to view.
Jeder fünfte CISO vertuscht Compliance-Probleme
Compliance-Verfehlungen unter den Teppich zu kehren, sollte sich für CISOs falsch anfühlen.Roman Samborskyi | shutterstock.com CISOs befinden sich zunehmend in der Zwickmühle, wenn es darum geht, eine...
View ArticleClik here to view.
DeepSeek erfasst Tastatureingabemuster
Selbst Tastatureingaben in der DeepSeek App können womöglich mitgelesen werden, bevor sie abgeschickt werden.Mojahid Mottakin – shutterstock.com Behörden und Cybersicherheitsfachleute haben...
View ArticleHacker allegedly puts massive OmniGPT breach data for sale on the dark web
Popular AI aggregator OmniGPT, which provides access to multiple AI models including ChatGPT-4, Claude 3.5, Gemini, and Midjourney, has allegedly suffered a massive breach, exposing personal data...
View ArticleClik here to view.
Ermittler zerschlagen Ransomware-Gruppierung 8Base
Die Gruppierung 8Base nutzte die Ransomware „Phobos“ und agierte weltweit als höchst professionelle kriminelle Organisation. In Deutschland fanden 365 Phobos-Angriffe statt.Gorodenkoff –...
View ArticleDon’t use public ASP.NET keys (duh), Microsoft warns
Microsoft Threat Intelligence in December observed a “threat actor” using a publicly available ASP.NET machine key to inject malicious code and fetch the Godzilla post-exploitation framework, a...
View ArticleCISOs lavieren zwischen Datenschutz und Business-Support
loading="lazy" width="400px">Gar nicht so einfach, die richtige Balance zwischen Datenschutz und Business-Support zu finden.alphaspirit.it – shutterstock.com Die wenigsten Führungskräfte im Bereich...
View ArticleWhat security teams need to know about the coming demise of old Microsoft...
October 2025 is going to be a big month for saying goodbye to several aging Microsoft technologies. Not only is it the end of support for Windows 10, but it’s also the end of support for Exchange 2016...
View Article24% of vulnerabilities are abused before a patch is available
Almost one in four (24%) known exploited vulnerabilities discovered last year were abused on or before the day their CVEs were publicly disclosed. A study by exploit and vulnerability specialists...
View ArticleCISA, FBI call software with buffer overflow issues ‘unforgivable’
FBI and CISA have issued a joint advisory to warn software developers against building codes with Buffer Overflow vulnerabilities in them, calling them “unforgivable” mistakes. Tagging the advisory as...
View ArticleRussian hacking group targets critical infrastructure in the US, the UK, and...
A Russian state-backed hacking group is executing one of the most far-reaching cyber espionage campaigns ever seen, infiltrating critical infrastructure across multiple continents by exploiting...
View ArticleClik here to view.
Händler sichern SB-Kassen mit Künstlicher Intelligenz
Experten sehen ein steigendes Diebstahlrisiko für den Einzelhandel durch den Einsatz von SB-Kassen.adriaticfoto – shutterstock.com Fast jeder kennt sie: Viele Kunden in Deutschland nutzen beim...
View ArticleUnusual attack linked to Chinese APT group combines espionage and ransomware
In an intriguing development, researchers have observed a ransomware actor using tools previously associated with China-based cyberespionage efforts. While mixing espionage and ransomware activities...
View ArticleDLP solutions vs today’s cyberthreats: The urgent need for modern solutions
Today’s hybrid network environments are more complex than ever. With workforces and offices now widely distributed, data is actively used across thousands of endpoints, managed and unmanaged, on and...
View ArticlePostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacks
Attackers who exploited a zero-day vulnerability in BeyondTrust Privileged Remote Access and Remote Support products in December likely also exploited a previously unknown SQL injection flaw in...
View ArticleClik here to view.
Die besten IAM-Tools
Identity & Access Management ist für sicherheitsbewusste Unternehmen im Zero-Trust-Zeitalter Pflicht. Das sind die besten IAM-Anbieter und -Tools. Foto: ne2pi – shutterstock.comIdentität wird zum...
View ArticleWhat is anomaly detection? Behavior-based analysis for cyber threats
Anomaly detection is an analytic process for identifying points of data or events that deviate significantly from established patterns of behavior. In cybersecurity, anomaly detection is one of the...
View ArticleClik here to view.
Razzia gegen Telefonbetrüger
Über Callcenter haben Kriminelle einen Schaden in zweistelliger Millionenhöhe angerichtet.chainarong06 – shutterstock.com Der Polizei ist ein Schlag gegen eine international agierende Bande von...
View Article