Suche
Beiträge, die mit SECURITY getaggt sind
UK’s Starmer to attend emergency European summit in Paris
France has yet to confirm that an informal leaders meeting will be held on Monday.Aude van den Hove (POLITICO)
Iran Update, February 15, 2025
Iran Update, February 15, 2025 Siddhant Kishore, Alexandra Braverman, Ben Rezaei, Kelly Campa, and Brian Carter Information Cutoff: 2:00 pm ET The Critical Threats Project (CTP) at the American Enterprise Institute and the Institute for the Study o…BYTESEU (Bytes Europe)
https://www.wired.com/story/cisa-election-security-freeze-memo/
KEWL🌀NEWS
#ELECTIONS #SECURITY #TRUMP #PRESS
Top US Election Security Watchdog Forced to Stop Election Security Work
The US Cybersecurity and Infrastructure Security Agency has frozen efforts to aid states in securing elections, according to an internal memo viewed by WIRED.Eric Geller (WIRED)
Uncertainty About Access & Authority Will Worry Allies and Tempt Adversaries
https://www.foreignaffairs.com/united-states/elon-musk-does-doge-pose-national-security-risk
"what the #intelligence agencies of US allies & adversaries see when [ #Trump] grants sweeping access... to a team of young people who have no #government experience... and who work for an unelected figure w/extensive personal financial interests... American adversaries surely see an espionage & blackmail bonanza."
#Musk #Coup #Corruption #Security #US
Does DOGE Pose a National Security Risk? Uncertainty About Access and Authority Will Worry Allies and Tempt Adversaries
Uncertainty about access and authority will worry allies and tempt adversaries.James Goldgeier and Elizabeth N. Saunders (Foreign Affairs Magazine)
#MSC #WhiteSupremacy #MaleSupremacy #evangelism #heterosexism #WhiteChristianNationalism #USpol #geopolitics #munich
https://www.nytimes.com/2025/02/14/world/europe/vance-europe-immigration-ukraine.html?smid=url-share
Russische Cyber-Angriffe zwingen der Ukraine eine extreme Reaktionsdynamik auf: "Was hier nicht funktioniert, ist vielleicht nicht wettbewerbsfähig."
https://www.heise.de/news/Cybersicherheit-in-Kriegszeiten-Taeglich-ist-Tag-Null-10283051.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Cyberangriff #Cyberwar #Security #UkraineKrieg #news
Viele Malware-Analysewerkzeuge kapitulieren vor passwortgeschützten PDFs. Der Desinfec’t-Neuzugang QPDF räumt dieses Hindernis aus dem Weg.
https://www.heise.de/ratgeber/Desinfec-t-Potenziell-gefaehrliche-PDF-Dokumente-mit-QPDF-entschluesseln-10271961.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Phishing #Security #news
https://techcrunch.com/2025/02/13/uk-drops-safety-from-its-ai-body-now-called-ai-security-institute-inks-mou-with-anthropic/
#AI #AIbias #AIethics #safety #security #UK #press
UK drops 'safety' from its AI body, now called AI Security Institute, inks MOU with Anthropic | TechCrunch
The U.K. government wants to make a hard pivot into boosting its economy and industry with AI, and as part of that, it’s pivoting an institution that itIngrid Lunden (TechCrunch)
Aufgrund der Digitalisierung wird IT-Sicherheit in Krankenhäusern zunehmend wichtiger. Doch wer ist verantwortlich, wenn ein Cyberangriff dem Patienten schadet?
https://www.heise.de/hintergrund/Cybersicherheit-im-Krankenhaus-Was-passiert-wenn-der-Patient-zu-Schaden-kommt-10281077.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Cybersecurity #DigitalHealth #Security #news
Ein Großteil sieht Cyberkriminalität als große Gefahr und findet, dass Deutschland schlecht auf Cyberangriffe vorbereitet ist. Das zeigt eine Bitkom-Umfrage.
https://www.heise.de/news/Umfrage-Mehrheit-der-Deutschen-hat-Angst-vor-Cyberkrieg-10281093.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Bitkom #Cyberwar #Cybersecurity #Security #news
Athens and Nicosia set Syria terms - EUROPE SAYS
A man visits the grave of a relative at the cemetery in Jobar, a suburb of Damascus thatEUROPE SAYS (EUROPESAYS.COM)
Athens and Nicosia set Syria terms
A man visits the grave of a relative at the cemetery in Jobar, a suburb of Damascus that was heavily bombed by the Assad regime during the war, on February 6, 2025.BYTESEU (Bytes Europe)
Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware - und das in staatlichem Auftrag.
https://www.heise.de/news/Passwort-Folge-25-Staatlich-sanktionierte-Schnueffelsoftware-10271855.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Android #Exploit #iOS #Malware #PasswortPodcast #Pegasus #Rootkit #Security #Spyware #news
Die Open-Source-App SpamBlocker schützt Android-Nutzer vor Spam-Anrufen und -SMS. Sie läuft auch auf Custom-ROMs und funktioniert ohne Internetverbindung.
https://www.heise.de/ratgeber/SpamBlocker-Werbeanrufe-und-Phishing-SMS-datenschutzfreundlich-blockieren-10269435.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Datenschutz #Internet #Phishing #Security #news
Bei Cloud-Servern mit Epyc-Prozessoren lässt sich die RAM-Verschlüsselung zur Abschottung virtueller Maschinen aushebeln. Erste Updates stehen bereit.
https://www.heise.de/news/AMD-schliesst-schwere-Microcode-Sicherheitsluecke-per-Microcode-Update-10278175.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#AMD #AMDEpyc #BIOS #Prozessoren #Rechenzentrum #Security #Server #Sicherheitslücken #news
Admins sichern mit der Kernel-Erweiterung SELinux ihre Systeme umfassend ab. Der Workshop zeigt, wie man SELinux konfiguriert, wartet und effizient einsetzt.
https://www.heise.de/news/c-t-Workshop-Systeme-absichern-mit-SELinux-10275955.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Linux #OpenSource #Security #news
Elon Musk’s #DOGE minions are now inside the Department of Homeland Security.
https://newrepublic.com/post/191343/noem-musk-doge-homeland-security
"Bash to Noem. “Have you authorized #ElonMusk & his team to have access to Americans’ personal #data that is housed inside #DHS?”
“We’re working with them at the president’s direction...” Noem replied...
“Well we can’t trust the #government anymore,” Noem retorted.
“You are the government,” Bash said."
#Coup #Security #News #USA
https://www.washingtonpost.com/business/2025/02/10/musk-doge-state-department-surrogate/
"A 19-yr-old acolyte of #ElonMusk known online as #BigBalls is listed as having taken on a new role at the #State Dept...
#EdwardCoristine... posted as a senior adviser...
“This is dangerous,” said one of the #US officials, noting Coristine’s youth and... that he was fired for leaking a #data security firm’s information to a competitor."
#Musk #Coup #Trump #Politics #Government #Security #Tech #News #USA
#Linux #Thunderbird #Mozilla #privacy #security
https://www.kuketz-blog.de/verschluesselung-der-nextcloud-eine-grundlegende-entscheidung-nextcloud-teil-2/
#nextcloud #encryption #e2ee #cryptomator #security #sicherheit
Verschlüsselung der Nextcloud: Eine grundlegende Entscheidung – Nextcloud Teil 2
Verschlüsselung in Nextcloud: Serverseitig, mit Benutzer-Schlüssel oder Ende-zu-Ende? Wir erklären die Unterschiede und helfen bei der richtigen Wahl.www.kuketz-blog.de
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year.
https://download.microsoft.com/download/5/7/8/57894d2a-6966-4de9-8c01-66e0db608c21/Make2023BootableMedia.ps1
#windows #media #update #bootkit #it #security #privacy #engineer #tech #news
![[ImageSource: Microsoft]
Script to apply CVE-2023-24932 mitigations to bootable Windows media.
The PowerShell script can be downloaded from Microsoft and can be used to update bootable media files for ISO CD/DVD image files, a USB flash drive, a local drive path or a network drive path.
To utilize the utility, you must first download and install the Windows ADK, which is necessary for this script to work correctly. When run, the script will update the media files to use the Windows UEFI CA 2023 certificate and install the boot managers signed by this certificate.
<https://learn.microsoft.com/windows-hardware/get-started/adk-install#winADK>
It is strongly advised that Windows admins test this process before the enforcement stage of the security updates is reached. Microsoft says this will happen by the end of 2026 and will give a six-month notice before it begins.](https://nerdculture.de/system/media_attachments/files/113/979/683/291/066/231/original/4222c1943003b213.png "[ImageSource: Microsoft]
Script to apply CVE-2023-24932 mitigations to bootable Windows media.
The PowerShell script can be downloaded from Microsoft and can be used to update bootable media files for ISO CD/DVD image files, a USB flash drive, a local drive path or a network drive path.
To utilize the utility, you must first download and install the Windows ADK, which is necessary for this script to work correctly. When run, the script will update the media files to use the Windows UEFI CA 2023 certificate and install the boot managers signed by this certificate.
<https://learn.microsoft.com/windows-hardware/get-started/adk-install#winADK>
It is strongly advised that Windows admins test this process before the enforcement stage of the security updates is reached. Microsoft says this will happen by the end of 2026 and will give a six-month notice before it begins.")
Verschlüsselung in Nextcloud: Serverseitig, mit Benutzer-Schlüssel, Ende-zu-Ende oder Drittanbieter-Lösung? Wir erklären die Unterschiede und helfen bei der richtigen Wahl. 👇
https://www.kuketz-blog.de/verschluesselung-der-nextcloud-eine-grundlegende-entscheidung-nextcloud-teil-2/
#nextcloud #encryption #e2ee #cryptomator #security #sicherheit
Verschlüsselung der Nextcloud: Eine grundlegende Entscheidung – Nextcloud Teil 2
Verschlüsselung in Nextcloud: Serverseitig, mit Benutzer-Schlüssel oder Ende-zu-Ende? Wir erklären die Unterschiede und helfen bei der richtigen Wahl.www.kuketz-blog.de
Cyberkriminelle behaupten, private Daten von OpenAI-Konten gestohlen zu haben. Forscher sind skeptisch, der ChatGPT-Hersteller ermittelt in dem Fall.
https://www.heise.de/news/Cyberangriff-OpenAI-untersucht-potenzielles-Leck-von-20-Millionen-Nutzerdaten-10275717.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Cyberangriff #Datenleck #KünstlicheIntelligenz #OpenAI #Security #news
Cyberangriff? OpenAI untersucht potenzielles Leck von 20 Millionen Nutzerdaten
Cyberkriminelle behaupten, private Daten von OpenAI-Konten gestohlen zu haben. Forscher sind skeptisch, der ChatGPT-Hersteller ermittelt in dem Fall.Stefan Krempl (heise online)
Verschlüsselung in Nextcloud: Serverseitig, mit Benutzer-Schlüssel, Ende-zu-Ende oder Drittanbieter-Lösung? Wir erklären die Unterschiede und helfen bei der richtigen Wahl. 👇
https://www.kuketz-blog.de/verschluesselung-der-nextcloud-eine-grundlegende-entscheidung-nextcloud-teil-2/
#nextcloud #encryption #e2ee #cryptomator #security #sicherheit
Verschlüsselung der Nextcloud: Eine grundlegende Entscheidung – Nextcloud Teil 2
Verschlüsselung in Nextcloud: Serverseitig, mit Benutzer-Schlüssel oder Ende-zu-Ende? Wir erklären die Unterschiede und helfen bei der richtigen Wahl.www.kuketz-blog.de
Trump says he’s spoken with Putin about ending Ukraine war: NY Post – POLITICO
Putin launched his all-out invasion of Ukraine three years ago this month. Trump has claimed that he could end the conflict in one day.BYTESEU (Bytes Europe)
Cyberkriminelle behaupten, private Daten von Millionen OpenAI-Konten gestohlen zu haben. Forscher sind skeptisch, der ChatGPT-Hersteller ermittelt in dem Fall.
https://www.heise.de/news/Cyberangriff-OpenAI-untersucht-potenzielles-Leck-von-20-Millionen-Nutzerdaten-10275538.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#ChatGPT #GenerativeAI #KünstlicheIntelligenz #OpenAI #Security #Sicherheitslücken #news
Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/
...
At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022. It had sought to offer it several years earlier but backed off after objections from the FBI.
#UK #britain #england #spying #bigbrother #deepstate against #security #privacy #humanrights
“You can’t un-ring this bell.”
...
“It’s like walking into a nuclear reactor and deciding to handle some plutonium.”
🤔
Dutton's keen on nuclear too.
https://archive.is/NSR3s
#AusPol
#privacy
#security
Die aktuelle 𝗔𝗽𝗽𝗹𝗲-𝗗𝗲𝗯𝗮𝘁𝘁𝗲 zeigt erneut, wie fragil digitale #𝗣𝗿𝗶𝘃𝗮𝘁𝘀𝗽𝗵ä𝗿𝗲 ist. Wer sich und seine Daten schützen will, sollte Alternativen nutzen und nicht blind Big-Tech vertrauen. Eine eigene Cloud wie #𝗡𝗲𝘅𝘁𝗰𝗹𝗼𝘂𝗱 oder ein #𝗡𝗔𝗦 ist ein wichtiger Schritt hin zur digitalen Unabhängigkeit – ohne 𝗛𝗶𝗻𝘁𝗲𝗿𝘁ü𝗿𝗲𝗻, ohne Ü𝗯𝗲𝗿𝘄𝗮𝗰𝗵𝘂𝗻𝗴, mit voller 𝗞𝗼𝗻𝘁𝗿𝗼𝗹𝗹𝗲.
😀✌🏼
https://winfuture.de/news,148696.html
#Datenschutz #Security #Verschlüsselung #Apple #Backdoor
Das Ende der Verschlüsselung? Apple soll UK vollen Cloud-Zugriff geben
Geht es nach der britischen Regierung, muss Apple in seine Dienste eine Hintertür integrieren, mit der die Behörden die Cloud-Accounts aller Apple-Kunden einsehen können.Roland Quandt (WinFuture.de)
Iran Update, February 7, 2025
Iran Update, February 7, 2025 Alexandra Braverman, Carolyn Moorman, Ria Reddy, Johanna Moore, Annika Ganzeveld, Ben Rezaei, Avery Borens, and Brian Carter Information Cutoff: 2:00 pm ET The Critical Threats Project (CTP) at the American Enterprise …BYTESEU (Bytes Europe)
Threat actors are taking advantage of the rise in popularity of DeepSeek to promote two malicious infostealer packages on the Python Package Index, where they impersonated developer tools for the AI platform.
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/malicious-packages-deepseeek-and-deepseekai-published-in-python-package-index
#deepseek #llm #it #security #privacy #engineer #media #developer #tech #news
![[ImageSource: Positive Technologies]
The malicious packages, deepseeek 0.0.8 and deepseekai 0.0.8 were uploaded to PyPI on January 29, 2025, with only twenty minutes between them.
Positive Technologies quickly discovered and reported them to PyPI, which quarantined and blocked downloads of the packages, followed by their complete deletion from the platform.
Despite the quick detection and response, 222 developers downloaded the two packages, most from the United States (117), followed by China (36), Russia, Germany, Hong Kong and Canada. Those developers who utilized these packages should immediately rotate their API keys, authentication tokens and passwords, as they may now be compromised.](https://nerdculture.de/system/media_attachments/files/113/963/687/409/845/888/original/26ce13670f89cd53.png "[ImageSource: Positive Technologies]
The malicious packages, deepseeek 0.0.8 and deepseekai 0.0.8 were uploaded to PyPI on January 29, 2025, with only twenty minutes between them.
Positive Technologies quickly discovered and reported them to PyPI, which quarantined and blocked downloads of the packages, followed by their complete deletion from the platform.
Despite the quick detection and response, 222 developers downloaded the two packages, most from the United States (117), followed by China (36), Russia, Germany, Hong Kong and Canada. Those developers who utilized these packages should immediately rotate their API keys, authentication tokens and passwords, as they may now be compromised.")
![[ImageSource: Positive Technologies]
Malicious payload contained in both packages.
The stolen information was exfiltrated to a command and control (C2) server at eoyyiyqubj7mquj.m.pipedream[.]net using Pipedream, a legitimate automation platform. Threat actors could use this stolen information to access cloud services, databases and other protected resources utilized by the developer.
"Functions used in these packages are designed to collect user and computer data and steal environment variables", reads the Positive Technologies report. "The payload is executed when the user runs the commands deepseeek or deepseekai (depending on the package) in the command-line interface."
"Environment variables often contain sensitive data required for applications to run, for example, API keys for the S3 storage service, database credentials, and permissions to access other infrastructure resources."](https://nerdculture.de/system/media_attachments/files/113/963/688/343/436/642/original/9a479c6c50735793.png "[ImageSource: Positive Technologies]
Malicious payload contained in both packages.
The stolen information was exfiltrated to a command and control (C2) server at eoyyiyqubj7mquj.m.pipedream[.]net using Pipedream, a legitimate automation platform. Threat actors could use this stolen information to access cloud services, databases and other protected resources utilized by the developer.
\"Functions used in these packages are designed to collect user and computer data and steal environment variables\", reads the Positive Technologies report. \"The payload is executed when the user runs the commands deepseeek or deepseekai (depending on the package) in the command-line interface.\"
\"Environment variables often contain sensitive data required for applications to run, for example, API keys for the S3 storage service, database credentials, and permissions to access other infrastructure resources.\"")
Malicious packages deepseeek and deepseekai published in Python Package Index
As part of our threat research and monitoring efforts, the Supply Chain Security team of the Threat Intelligence department of the Positive Technologies Expert Security Center (PT ESC) detected and prevented a malicious campaign in the Python Package…global.ptsecurity.com
Last audit is from December 2024 covering @rpgp , the minimal #OpenPGP Rust library that is gaining traction with others projects as well.
Shout-out to dignifiedquire and @hko for their excellent maintenance! For more info on Delta Chat related security audits: https://delta.chat/en/help#security-audits
Delta Chat: FAQ
What is Delta Chat? Delta Chat is a reliable, decentralized and secure messaging app, available for mobile and desktop platforms. Delta Chat feels like Whatsapp or Telegram but you can also use and...delta.chat
➡️ https://fedoramagazine.org/protect-your-vpn-from-tunnelvision-attacks-with-networkmanager/
#Fedora #Privacy #Security #Linux #OpenSource #NetworkManager
Protect your VPN from TunnelVision attacks with NetworkManager - Fedora Magazine
Explains TunnelVision attack on VPN and a method to protect connections using NetworkManagerÍñigo Huguet (Fedora Project)
Angesichts der Fortschritte beim Quantenrechnen ist die kryptographische Sicherheit des Finanzsektors unmittelbar bedroht, warnt Europol und mahnt zum Handeln.
https://www.heise.de/news/Europol-Finanzinstitute-sollten-rasch-auf-quantensichere-Kryptografie-umsatteln-10274967.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Finanzen #Verschlüsselung #Security #news
US can ramp up sanctions on Putin, Trump’s Ukraine-Russia envoy says – POLITICO
“The pressure just can’t be military. You have to put economic pressure, you have to put diplomatic pressure,” he told the Post. “And if there’s anybody who understands leverage, it’s President Donald J. Trump,' Kellogg said in the interview.BYTESEU (Bytes Europe)
Der taiwanische Chiphersteller Nuvoton fertigt den Open-Source-Sicherheitschip OpenTitan nun in Serie. Er nutzt den quantensicheren (PQC-)Algorithmus Sphincs+.
https://www.heise.de/news/Offener-und-quantensicherer-RISC-V-Sicherheitschip-OpenTitan-fuer-Chromebooks-10274703.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Chromebook #Google #Security #news
Verschiedene Maßnahmen gegen Cyberkriminelle haben 2024 wohl einmal mehr Erfolge gezeigt: Die Lösegeldzahlungen nach Ransomware-Angriffen sind wieder gesunken.
https://www.heise.de/news/Angriffe-mit-Ransomware-2024-wieder-deutlich-weniger-Loesegeld-gezahlt-10273692.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Cybercrime #Kriminalität #Ransomware #Security #news
