-
August 19th: Apple security updates +++ Google Chrome zero-day +++ BugDrop malware
Apple security updates to patch new zero-day vulnerabilites Apple released on Wednesday security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices: CVE-2022-32893 – An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web […]
-
August 12th: Processors contain vulnerabilities +++ Open Cybersecurity Schema Framework +++ Vulnerabilities and updates of the week
After Spectre and Meltdown, it is now Æpicleak’s and SQUIP’s turn Processors from AMD and Intel contain vulnerabilities that attackers can use to leak data. They were found by researchers of Sapienza University of Rome, the Graz University of Technology, the CISPA Helmholtz Center for Information Security, and Amazon Web Services. The first vulnerability – […]
-
IT security from firsthand experience – learning from cyber attacks
Stefan Würtemberger Stefan Würtemberger ist Vice President Information Technology bei Marabu Inks und Mitglied des CyberCompare Beirats. In seiner mehr als 20-jährigen Karriere in der IT von Industrieunternehmen und deren Absicherung hat er viele verschiedene Situationen erlebt. Er berichtet offen über die Cyber-Attacken auf Marabu und wie das Unternehmen diese bewältigen konnte. Zudem hat er […]
-
August 8th: Nozomi Networks OT/IoT Security Report +++ Data exfiltration via bookmark syncing +++ Malware campaign in GitHub repos +++ Patch priority index July 2022
Nozomi Networks OT/IoT Security Report Nozomi Networks has released their semi-annual OT/IoT Security Report, covering the threat and vulnerability landscape for the first half of 2022. In this report, they break down the threat landscape, including: A review of the current state of OT/IoT cybersecurity Trends in the threat landscape (plus timeline), and solutions for […]
-
July 29th: Attack from charging socket via “Ghost Touch” +++ 2022 Unit 42 Incident Response Report +++ Security updates Samba
Touchscreens: Attack from the charging socket via “Ghost Touch” Researchers from Technical University Darmstadt and Zhejiang University in Hangzhou carried out attacks on capacitive touchscreens via charging cables and power supply units and thus uncovered a new attack possibility on mobile devices. In the experimental setup, a compromised public charging station was assumed to be […]
-
July 22nd: CloudMensis +++ Online storage services used for delivering malware +++ Vulnerabilities of the week
New malware backdoor: CloudMensis ESET researchers first spotted the new malware in April 2022 and named it CloudMensis. Why? It uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control (C2) communication. CloudMensis’ capabilities clearly show that its operators’ main goal is to collect sensitive information from infected Macs through various means. These […]
-
July 15th: Microsoft releases exploit for macOS sandbox escape bug +++ New ransomware Lilith has first victims +++ Lenovo Notebook UEFi Firmware Vulnerabilities
Microsoft releases tweet-size exploit for macOS sandbox escape bug Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could […]
-
July 8th: First four quantum-resistant Algorithms +++ Three biggest Cybersecurity Threats +++ Updates on Chrome Browser +++ New powerful European Security Distributor
And the winners … … were announced after a six-year effort managed by the National Institute of Standards and Technology (NIST). In 2016, NIST called upon the world’s cryptographers to devise and then vet encryption methods that could resist an attack from a future quantum computer that is more powerful than the comparatively limited machines available […]
-
Employee Awareness and Incident Response – Pent-up demand for companies
One of the topics covered in Bosch’s CyberCompare Benchmark Report 01/22 is where small and medium-sized companies (SMEs) need to take action most. These findings are based on a diagnostic we conducted with more than 100 SMEs in the DACH region. Insufficient employee awareness was in the top spot, while second place went to lack […]
-
July 1st: Cyber Risk and Insurance Survey 2022 +++ YTStealers +++ Top 25 dangerous vulnerabilities
Munich Re Global Cyber Risk and Insurance Survey 2022 This year’s study by Munich Re shows that digitalisation in most areas of business and life continues unabated. All companies surveyed are focusing more strongly on new, smart technologies. The list of technological drivers is headed by 5G, cloud services, artificial intelligence, and data analytics. Highly […]
