Suche
Beiträge, die mit SECURITY getaggt sind
Who is this for?
This is for you if:
- You have someone to protect
- You have something to protect
- You're being harassed/stalked/DV
- You're a journalist, activist, advocate
- You're concerned about your digital footprint
https://lockdownyourlife.as.me/data-deletion
#security #privacy #community #training #safety #tech #infosec #journalist #education
Broadcom warnt vor einer SQL-Injection-Lücke in VMware Avi Load Balancer. Angreifer können unbefugt auf die Datenbank zugreifen.
https://www.heise.de/news/VMware-Hochriskante-SQL-Injection-Luecke-gefaehrdet-Avi-Load-Balancer-10260568.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Broadcom #Security #Sicherheitslücken #VMware #news
Das Robotikunternehmen Figure AI spricht sich für Sicherheitsstandards für humanoide Roboter aus und will solche selbst mitentwickeln.
https://www.heise.de/news/Figure-AI-richtet-Zentrum-fuer-die-Sicherheit-humanoider-Roboter-ein-10260049.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Roboter #Security #news
In der neuen Folge des Security-Podcasts geht es um ungewöhnliche Malware-Opfer, komische Malware-Namen und natürlich Zertifikate, Zertifikate und Zertifikate.
https://www.heise.de/news/Passwort-Folge-24-Zertifikate-sind-schwierig-Malwarenamen-auch-10253780.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#CSS #Cybercrime #IETF #Malware #PasswortPodcast #Phishing #Security #news
Die deutschen Umsetzungsgesetze zu CER- und NIS2-Richtlinie kommt nicht mehr vor Bundestagswahl. Damit herrscht weiter Unsicherheit für die Wirtschaft.
https://www.heise.de/news/NIS2-Umsetzung-und-Kritis-Dachgesetz-endgueltig-gescheitert-10259832.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Bundestag #Bundestagswahl #KRITIS #NIS #Security #Wirtschaft #news
Teamviewer warnt vor einer Schwachstelle in den Windows-Versionen der Fernwartungssoftware, die Angreifern die Rechteausweitung ermöglicht.
https://www.heise.de/news/Teamviewer-Rechteausweitung-durch-Sicherheitsluecke-moeglich-10259390.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Security #Sicherheitslücken #news
The research by web exposure management specialist Reflectiz reveals several alarming findings about the high number of website vulnerabilities organizations across many industries are needlessly exposing themselves to.
https://www.reflectiz.com/learning-hub/web-exposure-management-report/
#web #exposure #management #research #report #it #security #privacy #engineer #media #tech #news
![[ImageSource: reflectiz.com]
For the report, Reflectiz gathered its own proprietary data from the top 100 websites (according to number of site visits) in each industry, so the fact that close to half of all third-party apps in such a large sample are gathering sensitive user data when they don't need to comes as a surprise.
The realization that this practice is so widespread will cause many website owners to wonder what other surprises might be lurking in their web ecosystems and how large their web exposure footprint really is. If there's one thing that owners in any industry can take away from this report it's that they are almost guaranteed to have unexpected unresolved vulnerabilities of their own. (And the chart strongly suggests that they will….)](https://nerdculture.de/system/media_attachments/files/113/906/078/350/226/830/original/81da6f713ec57574.png "[ImageSource: reflectiz.com]
For the report, Reflectiz gathered its own proprietary data from the top 100 websites (according to number of site visits) in each industry, so the fact that close to half of all third-party apps in such a large sample are gathering sensitive user data when they don't need to comes as a surprise.
The realization that this practice is so widespread will cause many website owners to wonder what other surprises might be lurking in their web ecosystems and how large their web exposure footprint really is. If there's one thing that owners in any industry can take away from this report it's that they are almost guaranteed to have unexpected unresolved vulnerabilities of their own. (And the chart strongly suggests that they will….)")
![[ImageSource: reflectiz.com]
The chart, taken from the report, shows that there is variation between industries when it comes to apps that can access sensitive user data. With that in mind, companies working in the Entertainment and Online Retail sectors may want to pay extra attention to how many of their apps are accessing sensitive data unnecessarily and increasing their web exposure.
If you aren't familiar with the term web exposure, it was coined by Gartner to describe the range of risks that modern websites face because they connect with dozens of essential third-party apps, CDN repositories and open source tools that help with tracking and functionality tasks. Each one increases the size of the attack surface and is a potential target for malicious actors, but although website owners cannot avoid using these connected assets, they can take steps to make each one safer. Checking that the third-party apps aren't needlessly accessing user’s sensitive personal, financial and health information is a good place to start for a quick win, but the report reveals many others.](https://nerdculture.de/system/media_attachments/files/113/906/078/809/673/581/original/797ea16c23e2e758.png "[ImageSource: reflectiz.com]
The chart, taken from the report, shows that there is variation between industries when it comes to apps that can access sensitive user data. With that in mind, companies working in the Entertainment and Online Retail sectors may want to pay extra attention to how many of their apps are accessing sensitive data unnecessarily and increasing their web exposure.
If you aren't familiar with the term web exposure, it was coined by Gartner to describe the range of risks that modern websites face because they connect with dozens of essential third-party apps, CDN repositories and open source tools that help with tracking and functionality tasks. Each one increases the size of the attack surface and is a potential target for malicious actors, but although website owners cannot avoid using these connected assets, they can take steps to make each one safer. Checking that the third-party apps aren't needlessly accessing user’s sensitive personal, financial and health information is a good place to start for a quick win, but the report reveals many others.")
New Research: The State of Web Exposure 2025 – Reflectiz
A new report reveals that 45% of third-party apps access user info without proper authorization Learn how to uncover these hidden risks.Reflectiz
#Facebook thinks that #Linux is #Malware 😱👎
#cybersecurity #security #fail #moderation #socialmedia #internet #economy #Problem #Software
Denmark may be looking to make any (actual) move by the USA more costly & less easy than the Orange one might have thought?
In any case, we can expect the politics of Greenland to be shifting as we wait....
#Greenland #Denmark #security #USPol
https://www.bbc.co.uk/news/articles/cly5661xd3no
Denmark to spend billions more on Arctic military security
The move comes after President Donald Trump said he wants to acquire Greenland, an autonomous Danish territory.Mallory Moench (BBC News)
Einmal nicht aufgepasst und einen Klick später kompromittieren Angreifer IT-Systeme: Die Security-Konferenzmesse secIT hat viele Gegenrezepte parat.
https://www.heise.de/news/secIT-2025-So-werfen-Sie-Angreifer-zuverlaessig-aus-dem-Firmennetzwerk-10255435.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Cyberangriff #Cybercrime #Cybersecurity #NIS #Ransomware #Security #news
https://grapheneos.org/releases#2025012700
See the linked release notes for a summary of the improvements over the previous release.
Forum discussion thread:
https://discuss.grapheneos.org/d/19481-grapheneos-version-2025012700-released
#GrapheneOS #privacy #security
GrapheneOS releases
Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.GrapheneOS
'The greater territorial stability of the postwar era is an anomaly that is now set to end. Climate change & population pressures are beginning to drive a new surge of competition over land & resources, and with that, efforts to acquire — whether by purchase or force — and exploit promising new territories. It’s time to prepare for a coming global land reshuffle'...
The politics of migration & land 'acquisition' is about to become fraught!
#security #climate
Dozens of Chrome extension developers have fallen victim to the attacks thus far, which aimed to lift API keys, session cookies and other authentication tokens from websites such as ChatGPT and Facebook for Business.
https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/
#google #chrome #browser #extensions #development #programming #it #security #privacy #engineer #media #tech #news
Targeted supply chain attack against Chrome browser extensions
In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.Quentin Bourgue and Sekoia TDR (Sekoia.io Blog)
Die Firmware und Bootloader von einigen Palo-Alto-Firewalls weisen Sicherheitslecks auf, die Angreifern das Einnisten nach Angriffen ermöglichen.
https://www.heise.de/news/Palo-Alto-Sicherheitsluecken-in-Firmware-und-Bootloadern-von-Firewalls-10257031.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Firewall #Security #Switch #news
Ultranationalist Algerian influencers wage war on France – POLITICO
“The accounts who have the biggest following have an Arabic-speaking audience spreading over multiple countries,” a government adviser with knowledge of the investigations said. But they have “a wide echo in France,” he said.BYTESEU (Bytes Europe)
https://grapheneos.org/releases#2025012600
See the linked release notes for a summary of the improvements over the previous release.
Forum discussion thread:
https://discuss.grapheneos.org/d/19436-grapheneos-version-2025012600-released
#GrapheneOS #privacy #security
GrapheneOS releases
Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.GrapheneOS
Be careful of misleading security claims by hosting companies: US FTC cracks down on GoDaddy
The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandatory multifactor authentication, to settle charges that it failed to secure its hosting services against attacks since 2018.
FTC says the Arizona-based company’s claims of reasonable security practices also misled millions of web-hosting customers because GoDaddy was instead “blind to vulnerabilities and threats in its hosting environment” due to its failings to implement standard security tools and practices.
The big problem is the company claimed to have robust security measures in place, but lots of basic security practices were found not to be in place, and they had multiple major security breaches over time.
According to a proposed settlement order, the FTC will require GoDaddy to establish a robust information security program and prohibits the company from misleading customers about its security protections. The order also mandates that GoDaddy hire an independent third-party assessor to conduct biennial reviews of its information security program.
It really appears that this was almost tantamount to fraud — where you promise something in writing to customers, but in fact, that is not what you are delivering behind the scenes.
Hopefully it is a major wakeup call to other hosting providers. Promise what you are delivering on, and don’t promise what you are not doing. It is really as simple as that. Independent security audits are certainly a desirable practice to have in place, along with how regularly it is performed.
See https://www.bleepingcomputer.com/news/security/ftc-orders-godaddy-to-fix-poor-web-hosting-security-practices
#Blog, #security, #technology, #vulnerabilities