📰 Security News Dashboard

Heise_alerts

Heise_security

Watchguard_blog

31.07.2025 00:00

What is ransomware? Ransomware is a form of malicious software that encrypts an organization’s files or systems, effectively locking users out until a ransom is paid, usually in cryptocurrency. But in 2025, ransomware is more than just malware. It’s a multi-billion-dollar criminal business. So far


Watchguard_pressreleases

Csoonline

Secplicity

24.07.2025 00:00

Let’s stop pretending this is new. It is 2025. We have had years, decades of advice, warnings, and horror stories about password security. And still, people are reusing passwords like it is 2005. We are not talking about random Internet users, either. We are talking about businesses, infrastructure


20.06.2025 00:00

In the ever-evolving world of cybersecurity, one area that often gets overlooked is Wi-Fi security. Despite major advances, a surprising number of companies still rely on WPA2 (Wi-Fi Protected Access 2) to secure their wireless networks. As of 2024, approximately 60% of companies continue to use


18.06.2025 00:00

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/nailaolocker Analysis for NailaoLocker was first unveiled by researchers from the Orange Cyberdefense CERT and Trend Micro in mid-February 2025. In addition to a technical analysis of the NailaoLocker, it also included analyses


12.06.2025 00:00

What is Encrypted Client Hello? Encrypted Client Hello (ECH) is a TLS protocol extension that encrypts the initial "Client Hello" message in the TLS handshake, concealing the domain name a user is trying to access from network observers, enhancing privacy and security. This article explains this TLS protocol extension and the impact it has on the content filtering settings on your network security devices.

14.05.2025 00:00

The past few weeks have sent ripples of concern through the UK Retail landscape as giants Marks & Spencer (M&S) and the Co-operative Group (Co-op) found themselves battling significant cyber attacks. These attacks have caused significant operational disruption, with M&S suspending online orders and


Thehackernews

04.08.2025 00:00

Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic shift away from its previous common victim base," Cleafy researchers Simone Mattia, Alessandro Strino, and Federico Valentini said in an analysis of the malware. PlayPraetor, managed by a Chinese command-and-control (C2) panel, does significantly deviate from other Android trojans in that it abuses accessibility services to gain remote control and can serve fake overlay login screens atop nearly 200 banking apps and cryptocurrency wallets in an attempt to hijack victim accounts. PlayPraetor was first documented by CTM360 in March 2025, detailing the operation's use of t...

04.08.2025 00:00

Everyone's an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they don't need to clear it with your team first. It's great for productivity, but it's a serious problem for your security posture. When the floodgates of SaaS and AI opened, IT didn't just get democratized, its security got outpaced. Employees are onboarding apps faster than security teams can say, "We need to check this out first." The result is a sprawling mess of shadow IT, embedded AI, and OAuth permissions that would make any CISO break into a cold sweat. Here are five ways IT democratization can undermine your organization's security posture and how to prevent it from doing so. 1. You can't secure what you can't see Remember when IT security used to control what was allowed to pass the firewall? Good times. Today, anyone can find an app to do the heavy lifting for them. They won't notice or care when the app requires access to your company's Google Drive or...

04.08.2025 00:00

Some of the most devastating cyberattacks don't rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoticed until long after the attacker has disappeared. Among the most insidious are man-in-the-middle (MITM) attacks, where criminals exploit weaknesses in communication protocols to silently position themselves between two unsuspecting parties Fortunately, protecting your communications from MITM attacks doesn't require complex measures. By taking a few simple steps, your security team can go a long way in securing users' data and keeping silent attackers at bay. Know your enemy In a MITM attack , a malicious actor intercepts communications between two parties (such as a user and a web app) to steal sensitive information. By secretly positioning themselves between the two ends of the conversation, MITM attackers can capture data like credit card numbers,  login credentials , and account details. This stolen information o...

04.08.2025 00:00

Malware isn't just trying to hide anymore—it's trying to belong. We're seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It's not just about being malicious—it's about being believable. In this week's cybersecurity recap, we explore how today's threats are becoming more social, more automated, and far too sophisticated for yesterday's instincts to catch. ⚡ Threat of the Week Secret Blizzard Conduct ISP-Level AitM Attacks to Deploy ApolloShadow — Russian cyberspies are abusing local internet service providers' networks to target foreign embassies in Moscow and likely collect intelligence from diplomats' devices. The activity has been attributed to the Russian advanced persistent threat (APT) known as Secret Blizzard (aka Turla). It likely involves using an adversary-...

04.08.2025 00:00

Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem that automates the resale and reuse via Telegram APIs, according to a joint report published by Beazley Security and SentinelOne and shared with The Hacker News. "This discovery showcases a leap in tradecraft, incorporating more nuanced anti-analysis techniques, non-malicious decoy content, and a hardened command-and-control pipeline that frustrates triage and attempts to delay detection," security researchers Jim Walter, Alex Delamotte, Francisco Donoso, Sam Mayers, Tell Hause, and Bobby Venal said . The campaigns have infected over 4,000 unique IP addresses spanning 62 countries, including South Korea, the United States, the Netherlands, Hungary, and Austria...

04.08.2025 00:00

A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution (RCE)," Wiz researchers Ronen Shustin and Nir Ohfeld said in a report published today. The vulnerabilities are listed below - CVE-2025-23319 (CVSS score: 8.1) - A vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request CVE-2025-23320 (CVSS score: 7.5) - A vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request CVE-2025-23334 (CVSS score: 5.9) - A vulnerability in the Python backend, where an attacker could cause an out-of-bounds rea...

Borncity

04.08.2025 00:00

[English]Kurze Rundfrage an die Administratoren unter der Leserschaft, ob es ein Problem ist und wie ihr damit umgeht. Microsoft hat im Juli 2025 begonnen, Nutzern von OneDrive Personal auch die Synchronisation von OneDrive for Business zu gestatten. Wie geht ihr mit dem Thema, was ein Sicherheitsproblem darstellen kann, um?

04.08.2025 00:00

Bereits letzten Freitag (1. August 2025) hatte ich im Beitrag Gab es die Woche Telekom-Störungen? gefragt, ob Blog-Leser Internet- und Telefon-Störungen bei der Telekom bemerkt hat. Heute melden sich weitere Leser mit Problemen. Gerade hat mich ein weiterer Leser kontaktiert und berichtete mir, dass Cloudflare wohl Probleme habe und daher verschiedene Webseiten, die mit diesem Dienst arbeiten, nicht erreichbar seien.

04.08.2025 00:00

[English]Sicherheitsforscher von Nextron Research sind bei der Suche nach unbekannten Bedrohungen mit YARA-Regeln auf eine bisher undokumentierte PAM-basierte Backdoor identifiziert. Diese von den Sicherheitsforschern Plague getaufte Backdoor kann von Angreifern persistent auf Linux-Systemen installiert werden und gewÀhrt einen dauerhaften SSH-Zugriff, ohne von Sicherheitssystemen erkannt zu werden.

03.08.2025 00:00

[English]Large Language Modelle (LLMs) lassen sich ĂŒber Prompts angreifen, um den Modellen unbefugt Daten zu entlocken. Dabei könnten auch 'Man in the Prompt'-Browser-Angriffe benutzt werden, um AI-Anfragen von Benutzern zu manipulieren und fĂŒr kriminelle AktivitĂ€ten zu benutzen.

03.08.2025 00:00

[English]Kurzer Nachtrag von dieser Woche. Microsoft hat eine Kampagne der russischen Cybergruppe Secret Blizzard aufgedeckt und öffentlich gemacht. Die staatliche Gruppe nutzt eine Man-in-the-Middle-Position (AiTM), um eine maßgeschneiderte Malware ApolloShadow bei Botschaften in Moskau fĂŒr Spionagezwecke einzusetzen.

03.08.2025 00:00

Es ist eine Zahl, die nicht sonderlich schön klingt: Eine aktuelle Analyse des Sicherheitsanbieters Surfshark hat ergeben, dass die Zahl der Online-Konten, deren Daten  (bei Hacks von Plattformen) geleakt wurden, steigt. In diesem Jahr sollen bereits 5,2 Millionen deutsche Online-Konten geleakt worden sein. Pro Minute sind das 10 Konten.