News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Category: Short News

Lancom LCOS with root password vulnerability 
23 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Lancom and the BSI report a configuration bug for the LCOS operating system: A vulnerability with the CVSS value of 6.8 can enable the acquisition of administrator rights. An update is available. The messages on the Lancom website and on the BSI website are not entirely compliant. Both report a vulnerability from LCOS version 10.80 RU1 onwards, but while Lancom sees no danger: “Unauthorized access to the router via the WAN (Internet) is not possible due to this security gap”, the BSI uses the note in its heading: “ Vulnerability allows Erlangen…

Read more

XenServer and Citrix Hypervisor vulnerabilities
22 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Citrix warns of two vulnerabilities in XenServer and Citrix Hypervisor. The security vulnerabilities are only moderately serious, but a quick update is still recommended. Citrix already provides hotfixes for this. According to Citrix, two issues have been identified affecting XenServer and Citrix Hypervisor. A vulnerability could allow unprivileged code in a guest VM to access the memory contents of its own VM or other VMs on the same host. This can result in data or access data being stolen. Memory contents of other VMs can be copied Citrix presents the issues under the following CVE identifiers: CVE-2024-2201 and CVE-2024-31142. However…

Read more

Successful phishing: Attackers attack MFA service providers for Cisco Duo 
21 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Cisco calls its Zero Trust security platform “Duo” for short. Their access is protected by state-of-the-art multi-factor authentication (MFA). Through a phishing attack on Cisco's service provider, attackers were able to access the provider and steal logs that contained information such as telephone numbers, network operators, countries and other metadata. Cisco has released a message informing about the incident affecting the Duo telephony provider. This provider is used by Duo to send MFA messages to customers via SMS and VOIP. Cisco is actively working with the vendor to investigate and resolve the incident….

Read more

North Korean state hackers are relying on new espionage tactics
20 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

First talk, then hack: The North Korean hacker group TA427 tries to approach foreign policy experts in a rather unspectacular way to find out their position on sanctions. A lot of information is obtained with fake identities. Proofpoint researchers observe numerous hacker groups that are sponsored or supported by government agencies. One of them is TA427, also known as Emerald Sleet, APT43, THALLIUM or Kimsuky. This is a group allied with the Democratic People's Republic of Korea (DPRK or North Korea) that supports the Reconnaissance General Bureau. It is particularly known for successful email phishing campaigns that target experts…

Read more

Disinformation campaigns from China
19 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The report that China is allegedly disrupting and manipulating elections by using AI-generated content to spread disinformation should come as no surprise. China has proven time and again in the past that it is capable of using cybercrime tactics to further its economic and political goals. Adam Marrè, Chief Information Security Officer at Arctic Wolf and former FBI cybersecurity agent, puts these findings and the current situation into perspective: The use of AI to disrupt or influence elections is therefore a logical extension of the Chinese state apparatus, as we...

Read more

OT security status report
18 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A recent survey of industrial companies worldwide - including Germany - paints a worrying picture about the state of OT (operational technology) security. The report “The State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber ​​Resilience” from ABI Research and Palo Alto Networks, for which around 2.000 specialists and managers in 16 countries were surveyed, shows the reality, the extent and the changing nature of security threats to industrial environments. The core results at a glance: Almost 70 percent of industrial companies were affected by cyber attacks last year...

Read more

Holy LG WebOS endangers presentation TVs in companies 
17 April 2024
| No comments
| Bitdefender, Short news
Bitdefender_News

Many companies now have large TV sets in conference rooms for events or video conferences. The problem with security gaps in LG WebOS shows that this can unexpectedly introduce vulnerabilities behind the firewall. The experts at Bitdefender Labs have discovered vulnerabilities in LG WebOS and informed the manufacturer. The gaps, which had already been closed with a push patch from LG, allowed hackers to add new users, gain root access and thus compromise the entire smart home network. Users are encouraged to check whether LG WebOS on their LG TVs is in the updated version as of March 22, 2024….

Read more

BSI warns: Palo Alto firewalls with critical vulnerability 
16 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI warns: The PAN-OS operating system has a glaring, critical vulnerability that was rated with a CVSS value of 10.0 out of 10. Companies should act immediately and apply upcoming patches or use the available workarounds. According to BSI - the Federal Office for Information Security, on April 12, 2024, the company Palo Alto Networks published an advisory about an actively exploited vulnerability in PAN-OS, the operating system of the manufacturer's firewalls. The vulnerability with the identifier CVE-2024-3400 is an OS command injection in the GlobalProtect Gateway feature, which allows an unauthenticated…

Read more

XZ vulnerability: free XZ backdoor scanner
15 April 2024
| No comments
| Bitdefender, Short news
Bitdefender_News

Bitdefender Labs offers a free scanner that companies can use to check their IT systems for the CVE-29-2024 vulnerability in the widely used data compression library XZ Utils, which became known on March 2024, 3094. The free Bitdefender XZ Backdoor Scanner specifically searches for this vulnerability. Programmed in Go and initially tested on Fedora, Debian and a Debian container, it offers various advantages: Portability to various Linux systems without additional software installations Various scanning modes: In the preset fast scan mode, the tool searches for infected people systems and focuses on the liblzma library, which the respective SSH daemon…

Read more

Secure machine identities
14 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A German IT security manufacturer releases the new version of the TrustManagementAppliance. The PKI and key management solution provides certificate lifecycle management capabilities. A completely revised and redesigned user interface makes operation more intuitive and easier. Guided dialogs and wizards, for example, make it easier to create and manage certificates. This is particularly beneficial for administrators who only need to access the platform, which usually runs in the background, occasionally. Further innovations include additional programming interfaces for connecting third-party systems, a self-service portal for users and expanded options for connecting to external CAs (Certificate Authorities...

Read more

© 2024 MedPressIT GbR
Cookie Settings