IT Security News Daily Summary 2025-01-23

197 posts were published in the last hour

• 22:13 : Secure Your Frontend: Practical Tips for Developers
• 22:13 : OpenAI says it may store deleted Operator data for up to 90 days
• 22:13 : Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500
• 21:4 : Chinese PlushDaemon APT Targets S. Korean IPany VPN with Backdoor
• 21:4 : Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug
• 21:4 : October 2024 Cyber Attacks Statistics
• 20:33 : X-Boykott auf Reddit: Warum viele Subreddits jetzt Links zu Elon Musks Plattform verbieten
• 20:33 : Klage gegen Linkedin: So soll das soziale Netzwerk Nutzerdaten unerlaubt für KI-Training verwendet haben
• 20:33 : KI-Bilder überfluten Facebook – und Mark Zuckerberg gefällt das
• 20:33 : Ist der „erste KI-Software-Ingenieur“ Devin nur ein Hochstapler?
• 20:32 : SOC vs MSSP: Which is Right for Your Business?
• 20:9 : Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks
• 20:9 : What is SSL (Secure Sockets Layer)?
• 20:9 : Hidden Waymo feature let researcher customize robotaxi’s display
• 20:9 : AI-Driven Security by Palo Alto Networks and IBM
• 20:9 : Speaking Freely: Lina Attalah
• 20:5 : IT Security News Hourly Summary 2025-01-23 21h : 6 posts
• 19:34 : Everything is connected to security
• 19:34 : OpenAI’s ‘Operator’ Agent Automates Online Tasks
• 19:34 : Meet GhostGPT: The Malicious AI Chatbot Fueling Cybercrime and Scams
• 19:34 : New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies
• 19:34 : Phishing Emails Targeting Australian Firms Rise by 30% in 2024
• 19:34 : Randall Munroe’s XKCD ‘Chemical Formulas’
• 19:3 : Multi-Tenant Data Isolation and Row Level Security
• 19:3 : For anonymous browsing, these extensions are the next best thing to Tor
• 19:3 : Android enhances theft protection with Identity Check and expanded features
• 18:34 : Pakistan’s Parliament Passes Bill For Strict Control On Social Media
• 18:34 : 2025-01-22: Traffic Analysis Exercise – Download from fake software site
• 18:9 : Juniper enterprise routers backdoored via “magic packet” malware
• 17:40 : Sicherheits-Appliance: Angreifer kapern SonicWall-Geräte mit Systemkommandos
• 17:39 : Protecting the Backbone of Modern Development: Scanning Secrets in Container Registries
• 17:39 : ETW Threat Intelligence and Hardware Breakpoints
• 17:39 : An Overview​​ of Cyber Risk Modeling | Kovrr
• 17:39 : EU Mandates Tougher Cybersecurity for Banking Sector
• 17:39 : CCN releases guide for Spain’s ENS landing zones using Landing Zone Accelerator on AWS
• 17:9 : Do backup vendor guarantees pay off?
• 17:9 : SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix
• 17:9 : Cyber Insights 2025: Malware Directions
• 17:5 : IT Security News Hourly Summary 2025-01-23 18h : 12 posts
• 16:37 : From Dark Web to Jackpot: How Cybercriminals Exploit Stolen Credentials in iGaming
• 16:37 : Passwordless Authentication: The Next Frontier
• 16:37 : UK’s CMA Begins Probe Into Apple, Google Mobile Ecosystems
• 16:37 : Indian Tribunal Suspends Meta’s Data Sharing Ban
• 16:37 : 9 Internal Data Breach Examples to Learn From
• 16:36 : Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
• 16:6 : Cybersicherheit in 2025: Stärkere Regulierung und Fokus auf robuste Authentifizierung
• 16:5 : Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)
• 16:5 : Cyber Threat from Bonnie Blue and Lilly Phillips of OnlyFans
• 16:5 : The best secure browsers for privacy in 2025: Expert tested
• 16:5 : Meta’s pay-or-consent model under fire from EU consumer group
• 16:5 : Google Ads Phishing Scam Reaches New Extreme, Experts Warn of Ongoing Threat
• 15:40 : Mobbingvorwürfe: Schönbohm verliert Klage gegen Bundesinnenministerium
• 15:39 : Schneider Electric Easergy Studio
• 15:39 : Schneider Electric EVlink Home Smart and Schneider Charge
• 15:39 : mySCADA myPRO Manager
• 15:39 : Hitachi Energy RTU500 Series Product
• 15:39 : Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
• 15:39 : Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
• 15:39 : Bookmakers Ramp Up Efforts to Combat Arbitrage Betting Fraud
• 15:12 : Top 5 Signs Hackers are in Your Network (and What to Do about It)
• 15:12 : Warning: Don’t sell or buy a second hand iPhone with TikTok already installed
• 15:12 : GhostGPT: Uncensored Chatbot Used by Cyber Criminals for Malware Creation, Scams
• 15:12 : Chinese threat actors used two advanced exploit chains to hack Ivanti CSA
• 15:12 : Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)
• 15:12 : The Power of Many: Crowdsourcing as A Game-Changer for Modern Cyber Defense
• 15:12 : FortiGate config leaks: Victims’ email addresses published online
• 14:34 : Google greift an: Das kann Gemini 2.0, was ChatGPT nicht kann
• 14:34 : Empörung auf Facebook und Instagram: Meta erklärt, warum Nutzer plötzlich Donald Trump folgen
• 14:34 : Neue Funktionen für Claude, KI-Agenten und der Arbeitsmarkt: So sieht der Anthropic-CEO die Zukunft
• 14:34 : „Sie sind ein echter Nörgler“ : Dieses Gespräch zwischen Chatbots war ein Meilenstein – und ist völlig absurd
• 14:34 : Neue Premium-Funktionen bei Youtube: Besonders Audiofans können sich freuen
• 14:34 : Alarmierung und Meldetechnik: Vor Gefahren gefeit
• 14:33 : What is threat modeling?
• 14:33 : FBI Warning: Avoid Installing Malicious Apps to Safeguard Your Financial Data
• 14:33 : Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads
• 14:6 : CES 2025: Sicherheitsaspekte der neuen Gadgets | Offizieller Blog von Kaspersky
• 14:5 : XSS Attempts via E-Mail, (Thu, Jan 23rd)
• 14:5 : Fortinet Collaborates with Global Leaders at World Economic Forum Annual Meeting 2025
• 14:5 : Axoflow Raises $7 Million for Security Data Curation Platform
• 14:5 : Trump Has Had a Light Touch on Cybersecurity – So Far
• 14:5 : Memcyco Announces Next-Gen, AI Solution to Combat Fraud and Impersonation Attacks in Real Time
• 14:5 : IT Security News Hourly Summary 2025-01-23 15h : 22 posts
• 13:35 : “Geschenk” an China: Untersuchung zu massivem Cyberangriff in den USA gestoppt
• 13:35 : Schwachstellen in Jenkins-Plug-ins gefährden Entwicklungsumgebungen
• 13:35 : Prorussische DDoS-Angriffe auf Schweizer Einrichtungen
• 13:34 : Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques
• 13:34 : Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection
• 13:34 : GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits
• 13:34 : Homebrew macOS Users Targeted With Information Stealer Malware
• 13:11 : Golem Karrierewelt: Webinar heute – Microsoft-365-Sicherheitslücke TokenSmith
• 13:11 : Mastercard: Tippfehler in DNS-Eintrag bleibt jahrelang unentdeckt
• 13:11 : [UPDATE] [mittel] QT: Schwachstelle ermöglicht Denial of Service
• 13:11 : [NEU] [mittel] M-Files Server: Mehrere Schwachstellen
• 13:11 : [NEU] [mittel] Octopus Deploy: Schwachstelle ermöglicht Offenlegung von Informationen
• 13:11 : [NEU] [mittel] Drupal: Mehrere Schwachstellen
• 13:11 : [UPDATE] [mittel] Django: Schwachstelle ermöglicht Denial of Service
• 13:10 : Samsung Touts AI Features With Galaxy S25 Smartphones
• 13:10 : You are Not Alone, ChatGPT is Down
• 13:10 : Microsoft Unveils New Identity Secure Score Recommendations in General Availability
• 13:10 : Expanding Cyber Security Education Globally: SecureAcademy Partners with Nonprofits
• 13:10 : Operational Security: The Backbone of Effective Police Communication
• 13:10 : Tesla Charger Exploits Earn Hackers $129,000 at Pwn2Own
• 13:9 : Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
• 13:9 : CISOs Dramatically Increase Boardroom Influence but Still Lack Soft Skills
• 12:35 : ClamAV und Cisco Secure Endpoint: Schwachstelle ermöglicht Denial of Service
• 12:35 : Google Chrome: Mehrere Schwachstellen
• 12:35 : Ubiquiti UniFi: Schwachstelle ermöglicht Offenlegung von Informationen
• 12:34 : January 2025 Web Server Survey
• 12:34 : Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
• 12:34 : Cisco Fixes Critical Vulnerability in Meeting Management
• 12:13 : [NEU] [niedrig] GNU libc: Schwachstelle ermöglicht Denial of Service
• 12:13 : [NEU] [UNGEPATCHT] [mittel] Keycloak: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
• 12:13 : [NEU] [hoch] SonicWall SMA: Schwachstelle ermöglicht Ausführung von Kommandos
• 12:13 : [NEU] [hoch] Jenkins Plugins: Mehrere Schwachstellen
• 12:12 : Hackers Deliver Ransomware on Windows Via Microsoft Teams Voice Calls
• 12:12 : The best security keys of 2025: Expert tested
• 12:12 : Cisco Patches Critical Vulnerability in Meeting Management
• 12:12 : How SASE Empowers CISOs to Combat Stress and Burnout
• 12:12 : QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features
• 12:12 : New Research: The State of Web Exposure 2025
• 12:12 : SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
• 12:12 : How to Eliminate Identity-Based Threats
• 11:36 : Nach Crowdstrike-Vorfall stellen Unternehmen IT-Lieferketten um
• 11:36 : Cisco: Kritische Sicherheitslücke in Meeting Management
• 11:35 : LinkedIn Sued Over Alleged Use Of Private Messages To Train AI
• 11:34 : SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks
• 11:34 : Under Trump, US Cyberdefense Loses Its Head
• 11:34 : SonicWall Learns From Microsoft About Potentially Exploited Zero-Day
• 11:34 : Taking a Threat Adapted Approach to Vulnerability Management
• 11:34 : New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing
• 11:5 : Privacy Teams Understaffed, Under Resourced and Under Stress, Research Finds
• 11:5 : Future-Proof Your WordPress Site: Essential Plugins for 2025
• 11:5 : Trump Pardons Silk Road Founder Ulbricht
• 11:5 : IT Security News Hourly Summary 2025-01-23 12h : 11 posts
• 10:32 : Bashe Ransomware strikes ICICI Bank
• 10:32 : AI Assistant Jailbreaked to Reveal its System Prompts
• 10:32 : Who is DDoSing you? Rivals, probably, or cheesed-off users
• 10:32 : QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features
• 10:9 : [NEU] [mittel] Unify OpenScape 4000: Mehrere Schwachstellen ermöglichen Privilegieneskalation
• 10:9 : [NEU] [mittel] Red Hat OpenStack (ironic): Schwachstelle ermöglicht Manipulation von Dateien
• 10:9 : [NEU] [hoch] GitLab: Mehrere Schwachstellen
• 10:9 : [UPDATE] [mittel] phpMyAdmin: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
• 10:8 : Murdoc Botnet Exploiting AVTECH Cameras & Huawei Routers to Gain Complete Control
• 10:8 : Biz tax rises, inflation and high interest. Why fewer UK tech firms started in 2024
• 10:8 : Record Number of Ransomware Attacks in December 2024
• 9:33 : Jumpscares statt Ablenkung: Diese Browser-Erweiterung erschreckt euch, damit ihr wieder arbeitet
• 9:33 : Heimserver-Betriebssystem: Updates beheben Sicherheitslücken in Unraid
• 9:33 : Microsoft: Probleme mit Authenticator bei Microsoft-365-Diensten
• 9:33 : [UPDATE] [hoch] GNOME: Mehrere Schwachstellen ermöglichen Codeausführung
• 9:33 : [UPDATE] [hoch] Node.js: Mehrere Schwachstellen
• 9:33 : [UPDATE] [mittel] bluez: Mehrere Schwachstellen
• 9:32 : Japanese Companies Threatened by DPRK IT Workers
• 9:8 : heise-Angebot: iX-Workshop: NIS 2: Anforderungen und Vorgaben
• 9:7 : Cisco addresses a critical privilege escalation bug in Meeting Management
• 9:7 : SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
• 9:7 : Appdome Threat Dynamics analyzes and ranks mobile threats
• 8:38 : Roadshow Austria: KRITIS – Vom Rechenzentrum bis zum Outdoor-Schrank
• 8:38 : Datenschutz gefährdet: Mehrere Versicherer sollen illegal Daten ausgetauscht haben
• 8:37 : Open-Source ClamAV Releases Security Update for Buffer Overflow Vulnerability – Patch Now
• 8:37 : Rails Apps Arbitrary File Write Vulnerability Let Attackers Execute Code Remotely
• 8:37 : Bitsight Instant Insights accelerates vendor risk assessments
• 8:37 : DigitalOcean Per-Bucket Access Keys boosts object storage security
• 8:37 : DHS terminates the Cyber Security Review Board, Major cybersecurity vendors’ credentials found on Dark Web, Trump pardons creator of Silk Road
• 8:5 : IT Security News Hourly Summary 2025-01-23 09h : 6 posts
• 8:2 : New Supply Chain Attack Targeting Chrome Extensions to Inject Malicious Code
• 8:2 : NSFOCUS Licensed for SOC and Pentest Service in Malaysia in Accordance with Cyber Security Act 2024
• 7:36 : Asus lets processor security fix slip out early, AMD confirms patch in progress
• 7:36 : Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
• 7:9 : New Cookie Sandwich Technique Allows Stealing of HttpOnly cookies
• 7:9 : U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator
• 6:35 : Anzeige: KI informationssicher implementieren – so geht’s
• 6:34 : Connecting an LLM to Your Database Is Risky Business
• 6:34 : TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
• 6:7 : WordPress Plugin Vulnerability Exposes 23k+ Websites to Hacking
• 6:7 : 2025-01-21: Quick post for Koi Loader/Koi Stealer activity
• 6:7 : Defense strategies to counter escalating hybrid attacks
• 5:35 : Cisco Warns of Meeting Management API Privilege Escalation Vulnerability
• 5:35 : Can’t Start a Fire Without a Spark
• 5:35 : Prevent Data Breaches with Advanced IAM
• 5:34 : Is Your Automation Exposing Critical Data?
• 5:34 : Empowering Teams with Secure API Management
• 5:34 : Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning
• 5:7 : Mac Users Targeted: Fake Google Ads Exploit Homebrew in Malware Campaign
• 5:7 : CISOs are juggling security, responsibility, and burnout
• 4:2 : Funding soars in a milestone year for Israeli cybersecurity
• 2:5 : IT Security News Hourly Summary 2025-01-23 03h : 3 posts
• 1:34 : Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks
• 1:18 : Oracle emits 603 patches, names one it wants you to worry about soon
• 1:18 : FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
• 0:4 : ISC Stormcast For Thursday, January 23rd, 2025 https://isc.sans.edu/podcastdetail/9292, (Wed, Jan 22nd)
• 23:34 : Trump ‘waved a white flag to Chinese hackers’ as Homeland Security axed cyber advisory boards
• 23:34 : UK Mail Check: DMARC Reporting Changes to Know
• 23:9 : Cyber Safety Review Board axed in DHS cost-cutting move
• 23:9 : Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days
• 23:9 : Texas Is Enforcing Its State Data Privacy Law. So Should Other States.
• 23:5 : IT Security News Hourly Summary 2025-01-23 00h : 5 posts
• 22:55 : IT Security News Daily Summary 2025-01-22