Tag: Hardware
-
Mit Exposure-Management Cyberrisiken in cyberphysischen Systemen reduzieren
Exposure-Management ist mehr als klassisches Schwachstellen-Management. Es handelt sich um einen strategischen, geschäftsorientierten Ansatz, der Cyberrisiken in Operational-Technology-Umgebungen (OT) ganzheitlich bewertet und priorisiert. Statt nur bekannte Schwachstellen aufzulisten, berücksichtigt Exposure-Management zusätzlich Faktoren wie veraltete Firmware, unsichere Protokolle, End-of-Life-Hardware oder Konfigurationsfehler. Entscheidend ist dabei nicht nur die Wahrscheinlichkeit eines Angriffs, sondern auch die Auswirkungen auf Geschäftsprozesse,…
-
Dell and Lenovo hand partners fresh products to pitch
Hardware suppliers identify private cloud and the SME market as areas where they and their channels can make an impact First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366631977/Dell-and-Lenovo-hand-partners-fresh-products-to-pitch
-
Kali Linux 2025.3 Launches With Fresh Features and 10 New Pentesting Tools
Kali Linux 2025.3 has arrived, bringing a wave of improvements, updated firmware support, and a suite of ten new security tools. This release builds on the June 2025.2 update by refining core workflows, extending wireless capabilities, and preparing the distribution for emerging architectures. Whether you rely on virtual machines, Raspberry Pi devices, or mobile pentesting…
-
Bösartiger Downloader Raspberry Robin mit neuen Updates
Seit 2021 sorgt die Schadsoftware Raspberry Robin, auch unter dem Namen Roshtyak bekannt, für Angriffe auf IT-Systeme. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/downloader-raspberry-robin-neue-updates
-
Bösartiger Downloader Raspberry Robin mit neuen Updates
Seit 2021 sorgt die Schadsoftware Raspberry Robin, auch unter dem Namen Roshtyak bekannt, für Angriffe auf IT-Systeme. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/downloader-raspberry-robin-neue-updates
-
APIs and hardware are under attack, and the numbers don’t look good
Attackers have a new favorite playground, and it’s not where many security teams are looking. According to fresh data from Bugcrowd, vulnerabilities in hardware and APIs are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/24/api-hardware-vulnerabilities-attack/
-
Critical Security Flaws Grow with AI Use, New Report Shows
Rising hardware, API, and network flaws expose organizations to new risks in an AI-driven landscape First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-security-flaws-grow-ai-use/
-
Malware-Downloader Raspberry-Robin wird noch bösartiger
Raspberry-Robin, auch bekannt als Roshtyak, ist ein fortschrittlicher Malware-Downloader, der seit 2021 aktiv Systeme angreift und sich hauptsächlich über infizierte USB-Geräte verbreitet. Die Malware ist weiterhin aktiv und wird kontinuierlich weiterentwickelt, um der Entdeckung zu entgehen. Das Zscaler-ThreatLabz-Team hat die Updates und Verschleierungstechniken der Malware zusammengestellt. Seine Hauptaufgabe besteht darin, Payload auf einem kompromittierten […]…
-
Future of CVE Program in limbo as CISA, board members debate path forward
Last week, CISA released two documents explaining their plans for the CVE Program, a critical cybersecurity resource used globally to catalog thousands of software and hardware bugs. First seen on therecord.media Jump to article: therecord.media/cve-program-future-limbo-cisa
-
Brute force attacks hitting SonicWall firewall configuration backups
Tags: attack, authentication, backup, breach, cloud, computer, computing, credentials, data, defense, encryption, firewall, Hardware, login, mfa, password, phishing, software, technology, threatWhat are brute force attacks?: Brute force attacks use trial and error to crack passwords, login credentials, and encryption keys. They’ve been around since the beginning of the computer age, yet are still effective. Why? In part because people still use easily guessable passwords like ‘1234’, or their company’s name, or default passwords left on…
-
Warning: Brute force attacks hitting SonicWall firewall configuration backups
Tags: attack, authentication, backup, breach, cloud, computer, computing, credentials, data, defense, encryption, firewall, Hardware, login, mfa, password, phishing, software, technology, threatWhat are brute force attacks?: Brute force attacks use trial and error to crack passwords, login credentials, and encryption keys. They’ve been around since the beginning of the computer age, yet are still effective. Why? In part because people still use easily guessable passwords like ‘1234’, or their company’s name, or default passwords left on…
-
Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack
Google and ETH Zurich found problems with AMD/SK Hynix combo, will probe other hardware First seen on theregister.com Jump to article: www.theregister.com/2025/09/17/ddr5_dram_rowhammer/
-
Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack
Google and ETH Zurich found problems with AMD/SK Hynix combo, will probe other hardware First seen on theregister.com Jump to article: www.theregister.com/2025/09/17/ddr5_dram_rowhammer/
-
Warning: Hackers have inserted credential-stealing code into some npm libraries
Tags: api, attack, authentication, ciso, cloud, credentials, github, google, hacker, Hardware, incident response, malware, mfa, monitoring, open-source, phishing, sans, software, supply-chain, threatMore than 40 packages affected: One of the researchers who found and flagged the hack Monday was French developer François Best, and it was also described in blogs from StepSecurity, Socket, ReversingLabs and Ox Security. These blogs contain a full list of compromised packages and indicators of compromise.Researchers at Israel-based Ox Security said there was a…
-
New Phoenix Rowhammer Attack Bypasses DDR5 Chip Protections
A new variation of the Rowhammer attack, namedPhoenix, breaks through the built-in defenses of modern DDR5 memory modules. Researchers reverse-engineered the in-DRAM protections on SK Hynix chips and found blind spots that let them flip bits despite the most advanced hardware safeguards. Their work shows that every tested DDR5 module from the world’s largest DRAM…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 62
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter npm debug and chalk packages compromised GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe Trojanized ScreenConnect installers evolve, dropping multiple RATs on a single machine Salt…
-
12 digital forensics certifications to accelerate your cyber career
Tags: access, apt, attack, browser, chrome, cloud, computer, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, email, endpoint, exploit, google, government, group, hacker, hacking, Hardware, incident response, international, jobs, law, malicious, malware, microsoft, mobile, network, phone, service, skills, soc, technology, threat, tool, training, windowsCellebrite Certified Mobile Examiner (CCME)Certified Computer Examiner (CCE)CyberSecurity Forensic Analyst (CSFA)EC-Council Computer Hacking Forensic Investigator (CHFI)EnCase Certified Examiner (EnCE)Exterro AccessData Certified Examiner (ACE)GIAC Advanced Smartphone Forensics Certification (GASF)GIAC Certified Forensics Analyst (GCFA)GIAC Certified Forensic Examiner (GCFE)GIAC Cloud Forensic Responder (GCFR)GIAC Network Forensic Analysis (GNFA)Magnet Certified Forensics Examiner (MCFE) Cellebrite Certified Mobile Examiner (CCME) Out of…
-
So rechtfertigen Sie Ihre Security-Investitionen
Tags: ai, ciso, cloud, compliance, cyberattack, cybersecurity, cyersecurity, Hardware, infrastructure, resilience, risk, saas, service, strategy, tool, vulnerability, zero-trustLesen Sie, welche Aspekte entscheidend sind, um die Investitionen in die Cybersicherheit im Unternehmen zu rechtfertigen.In modernen Unternehmensumgebungen werden Investitionen in Sicherheitstechnologien nicht mehr nur anhand ihres technischen Reifegrades beurteilt. Die Finanzierung hängt vermehrt davon ab, inwieweit sich damit Umsatz generieren lässt, Risiken gemindert und Mehrwerte für Aktionäre geschaffen werden. Von CISOs wird erwartet, dass…
-
So rechtfertigen Sie Ihre Security-Investitionen
Tags: ai, ciso, cloud, compliance, cyberattack, cybersecurity, cyersecurity, Hardware, infrastructure, resilience, risk, saas, service, strategy, tool, vulnerability, zero-trustLesen Sie, welche Aspekte entscheidend sind, um die Investitionen in die Cybersicherheit im Unternehmen zu rechtfertigen.In modernen Unternehmensumgebungen werden Investitionen in Sicherheitstechnologien nicht mehr nur anhand ihres technischen Reifegrades beurteilt. Die Finanzierung hängt vermehrt davon ab, inwieweit sich damit Umsatz generieren lässt, Risiken gemindert und Mehrwerte für Aktionäre geschaffen werden. Von CISOs wird erwartet, dass…
-
Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
AMD Zen hardware and Intel Coffee Lake affected First seen on theregister.com Jump to article: www.theregister.com/2025/09/11/vmscape_spectre_vulnerability/
-
OT security: Why it pays to look at open source
Tags: access, ai, attack, compliance, control, data, defense, detection, edr, endpoint, Hardware, intelligence, iot, microsoft, ml, monitoring, network, open-source, PCI, service, strategy, threat, tool, vulnerabilityOT security at the highest level thanks to open-source alternatives: Commercial OT security solutions such as those from Nozomi Networks, Darktrace, Forescout or Microsoft Defender for IoT promise a wide range of functions, but are often associated with license costs in the mid to high six-figure range per year. Such a high investment is often…
-
Neues Phishing-Framework umgeht Multi-Faktor-Authentifizierung
Tags: authentication, ceo, ciso, cloud, corporate, cyberattack, framework, hacker, Hardware, infrastructure, mail, mfa, microsoft, passkey, password, phishing, service, strategy, zero-trustPhishing 2.0 nutzt Subdomain-Rotation und Geoblocking.Eine kürzlich aufgedeckte Phishing-Kampagne steht in Verbindung mit Salty2FA, einem Phishing-as-a-Service-(PhaaS-)Framework. Es soll entwickelt worden sein, um Multi-Faktor-Authentifizierung (MFA) zu umgehen.Wie die Cybersicherheitsfirma Ontinue herausgefunden hat,fängt sie Verifizierungsmethoden ab,rotiert Subdomains undtarnt sich innerhalb vertrauenswürdiger Plattformen wie Cloudflare Turnstile.In unserer US-Schwesterpublikation CSO erklärten die Experten, dass die Kampagne ‘bemerkenswerte technische Innovationen”…
-
Unlocking Hidden Capabilities in Wi-Fi Chips
Security Researchers Reveal Methods to Reverse Engineer MediaTek Firmware. Reverse engineering Wi-Fi chips opens new opportunities for security research. Security researchers Daniel Wegemer and Edoardo Mantovani describe tools, methods and motivations for unlocking hidden functions and enabling deeper hardware analysis. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/unlocking-hidden-capabilities-in-wi-fi-chips-a-29404
-
Veeam stellt erste vorkonfigurierte, gehärtete Software-Appliance zur Verfügung
Im Unterschied zu klassischen Hardware-Appliances ist die Lösung von Veeam komplett hardwareunabhängig. Unternehmen können also frei wählen, ob sie ihre bestehende Infrastruktur nutzen physisch, virtuell oder in der Cloud und profitieren trotzdem von Einfachheit, Sicherheit und Automatisierung einer vorkonfigurierten Lösung. Das bedeutet: schnellerer Nutzen, geringere Kosten und keine Abhängigkeit von spezieller Hardware. First seen on…
-
Veeam stellt erste vorkonfigurierte, gehärtete Software-Appliance zur Verfügung
Im Unterschied zu klassischen Hardware-Appliances ist die Lösung von Veeam komplett hardwareunabhängig. Unternehmen können also frei wählen, ob sie ihre bestehende Infrastruktur nutzen physisch, virtuell oder in der Cloud und profitieren trotzdem von Einfachheit, Sicherheit und Automatisierung einer vorkonfigurierten Lösung. Das bedeutet: schnellerer Nutzen, geringere Kosten und keine Abhängigkeit von spezieller Hardware. First seen on…
-
GPUGate Malware Shows Hardware-Specific Evasion Tactics: Arctic Wolf
Bad actors are using GitHub’s repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed “GPUGate” that includes new hardware-specific evasion techniques that may begin to appear in other attacks, according to Arctic Wolf threat researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/gpugate-malware-shows-hardware-specific-evasion-tactics-arctic-wolf/
-
GPUGate Malware Shows Hardware-Specific Evasion Tactics: Arctic Wolf
Bad actors are using GitHub’s repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed “GPUGate” that includes new hardware-specific evasion techniques that may begin to appear in other attacks, according to Arctic Wolf threat researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/gpugate-malware-shows-hardware-specific-evasion-tactics-arctic-wolf/
-
How a Single Faulty Windows Driver Can Crash Your System and Cause Blue Screen of Death
Windows devices rely on a complex ecosystem of drivers to manage hardware and software interactions. When one driver fails to complete a critical task, the entire operating system can halt in a fatal error known as the Blue Screen of Death (BSOD). Understanding how a single faulty driver triggers a system-wide crash helps users and…