Category: Security & Privacy

  • Cybersecurity guru Mikko Hyppönen’s 5 biggest AI threats for 2024

    At the dawn of 2024, one of the world’s foremost malware experts has revealed his most pressing cybersecurity concerns. Source: Cybersecurity guru Mikko Hyppönen’s 5 biggest AI threats for 2024

  • Cyber-Recall

    “Website URL published on packaging has been compromised and contains explicit content unsuitable for children.” I am old enough to remember when the Internet and the web even more were the future. Now it’s a dystopian source of evil, leading to retailers recalling kids biscuits. via:

  • Grafana Incident

    Grafana leaked their package signing key. Along with the passphrase. I felt like you should know.

  • A punch in the face

    Sombody needs that right into their face. Sometime repeatedly. threat actor = someone who wants to punch you in the face threat = the punch being thrown vulnerability = your inability to defend against the punch risk = the likelihood of getting punched in the faceacceptable risk = your willingness to be punched in the…

  • Bitcoin geklaut

    Bitcoin geklaut

    Nun ist es ja an sich keine große Nachricht mehr, wenn irgendwo Bitcoin abhanden kommen. In dem Fall ist es trotzdem bemerkenswert, weil es sich bei Luke Dashjr um einen der profiliertesten Bitcoin Core Entwickler handelt. Soweit bisher bekannt ist, hat der Entwickler bekanntgegeben, dass sein PGP Key kompromittiert wurde. Darüber hinaus weiss man wenig.…

  • Ikea Smart Light System Flaw

    Security related ‘news’ that have Zigbee based lighting systems as the subject of their research make me feel on Groundhog Day. They show up repeatedly, and their content is about exchangeable, along with the solution. Ladies and Gentlemen, this time it’s Ikea Trådfri that Synopsys found a flaw in. The flaw exploits malformed Zigbee frames.…

  • (ISC)² Chapter Germany Conference 2022

    Nur noch eine Woche bis zur (ISC)² Chapter Konferenz in Düsseldorf. Die Veranstaltung hat sechs hochkarätige Referenten. Die gesamte Agenda gibt es hier, es gibt noch die Möglichkeit sich per eMail anzumelden. Der Hinweis dazu auf der Seite des (ISC)² Chapter Germany: Chapter Conference 2022 in DUS

  • Rechtschreibprüfung schickt Passwörter

    Hey Security-Bubble! Habt Ihr euch auch schon mal Gedanken darüber gemacht, ob die Passwörter eurer Benutzer auch alle richtig sind? Dann gibt es gute Nachrichten für euch! Jedenfalls berichtet t3n, dass otto-js Research Team sich einmal den Chrome & Edge Enhanced Spellcheck angeschaut haben. Und dabei stellt sich folgendes raus: Sicherheitslücke: Rechtschreibprüfung schickt Passwörter an…

  • Jailbroken

    In case you were wondering. Corellium shared on twitter they’ve jailbroken iOS16 on iPhone 14 Pro.

  • Identity Authentication as a Service

    Cloud is a solution for everything. Databases, Message-Queues, Storage, Loadbalancing, everything. You’ll leverage somebody else’s Computer to run your workload, you’ll store data to help your business scale. Even Identity Authentication as a Service is a thing. Well, until the remote provider gets hacked. This is in particular bad if the provider offers authentication and…