Category: CyberSec / ITSec / Sicherheit / Security / SPAM

computers are no way perfect: the rise of the machines: who is scared of killer robots? who is scared of doctors, judges and police blindly trusting in AI and computer output? “we are driving in (heavy) rain right now with […]

scroll down to ENGLISH “Zehntausende Mail-Server wegen Exchange-Lücke gehackt.  Wegen einer vor wenigen Tagen bekanntgewordenen Sicherheitslücke sind laut US-Medienberichten Zehntausende E-Mail-Server von Unternehmen, Behörden und Bildungseinrichtungen Opfer von Hacker-Attacken geworden. “Deutsche Unternehmen sind im internationalen Vergleich besonders stark von dieser […]

SecurityLab, [22.12.20 10:00] Google has explained the reasons for the massive failure of its services that took place last week. Recall that on December 14 of this year, users around the world for 47 minutes could not access Gmail, YouTube […]

convenience vs security problem: remote support via internet in COVID19 pandemic days is basically a must for many companies, but does it have to run non-stop on computers that control sensitive machines and systems such as energy and water-supply? ABSOLUTELY […]

not sure if the news rang through… the Amazon Cloud (AWS) guy will be the new CEO of Amazon. What cloud? Amazon “cloud” Hetzner “cloud” cloud (centralized digital infrastructure) can be designed / implemented in different ways. from: the user/admin […]

SecurityLab, [03.12.20 11:15] Vulnerabilities in open source software can go undetected for more than four years before being discovered. According to the GitHub State of the Octoverse annual report, the use of open source projects, components, and libraries is more […]

accroding to BleepingComputer: “zero-day vulnerability in their VPN products” (so not FallOut of SolarWinds-orion-auto-update-software-supply-chain) “…have information about hacking of a well-known firewall vendor and other security products by this they are silent and do not release press releases for their […]

this age of mass surveillance… … who is observing “the observers”? if the user wants to know who or what is lurking behind the house…  the user needs to view live streams of surveillance cams on GNU Linux. vlc player […]

proof wrong but, sorry to say but… would it not be possible that messing with bacteria DNA that by accident scientists creates new pathogens? new deadly diseases? so it’s one thing to write a program that dos “hello world” and […]

SecurityLab, [02.11.20 11:52] The 50-year-old businessman (Hunter Biden?) in April 2019 brought his device to the IT store Mac Shop in Delaware for repair, but never returned to pick it up. The device was soon seized by the FBI. According […]

DNS servers are the “yellow pages” “phone book” of the internet. whoever is running DNS servers get’s to know all queries send (what client is requesting and probably connecting to what address… basically: what websites the user have visited, this […]

all internet connected devices need regular maintenance and security updates (especially those directly accessible to the internet (without proxy (hopefully that proxy gets regular security updates)) it is a good idea to 1) backup then 2) update, in case user […]

“Apple Wireless Direct Link (AWDL) is a key protocol in Apple’s ecosystem used by over one billion iOS and macOS devices for device-to-device communications. AWDL is a proprietary extension of the IEEE 802.11 (Wi-Fi) standard and integrates with Bluetooth Low […]

Overview Recent 360Netlab unknown threat detection system to capture to a group of unknown malicious families of the sample, which a number of samples supported CPU architectures are x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) as well as PPC, after our analysis, which is […]

contains advertisement. to be honest, it is hard to keep up the speed at which cyber incidents are reported. here is the latest take on “Russian IT Sec Updates”. have phun!   SecurityLab, [28.09.20 08:20] Last month, TikTok developers rolled […]

SecurityLab, [14.07.20 15:35] The Electronic Frontier Foundation (EFF) has unveiled a new database demonstrating how and where us law enforcement agencies use tracking technologies. A map of the use of tracking technologies in the United States is presented (https://www.securitylab.ru/news/510018.php) SecurityLab, […]

All SmartPhones are spies! that’s why Merkel keeps the Nokia from 1995 (even if that device is spied on as well, because it can not end2end encrypt sms or phone calls (*FAIL*! X-D)) Putin does not have a mobile phone […]

The Age of Surveillance Capitalism: “be careful what you reveal to your friend” (the internet) https://irlpodcast.org/season4/episode5/ “where it has gone from defending America to controlling it” data google tries to collect from users: (it is probably only the tip of […]

SecurityLab, [04.06.20 15:05] The Chinese-language cybercrime group Cycldek (also known as Goblin Panda or Conimes) has developed the malicious tool USBCulprit to carry out attacks on physically isolated systems and steal confidential data. Cycldek APT has developed a malware for […]

the nice: NAT is nice as it provides some form of protection/shielding of vms from the internet, by placing the host between (doing all the fire walling) the problem: server is exposed to regular dovecot and exim password bruteforce attempts, […]

KEEP BLUETOOTH OFF AT ALL TIMES! (switch it on when you need it and off when done (file transfer etc)) also saves energy on phones does usage of stylish ear bud bluetooth headsets increases security risk? (Bluetooth permanent on) this […]

ah oh! Debian says the problem is fixed in many versions. The table below lists information on source packages. Make sure to keep all internet facing systems as up to date as possible. this bug might be critical for all […]

this age of mass surveillance… … who is observing “the observers”? guess with it-security and internet-security (internet = roads, cars = computers that users use every day) it is like with real-life-security – there is no 100% security. all users […]

SecurityLab, [21.04.20 15:35] Bitdefender experts have reported a malicious campaign against oil and gas companies. Attackers use targeted phishing and send emails to victims on behalf of logistics companies and engineering contractors. The goal of the campaign is to infect […]

Debian Security Advisory DSA-4655-1 firefox-esr — security update Date Reported: 08 Apr 2020 Affected Packages: firefox-esr Vulnerable: Yes Security database references: In Mitre’s CVE dictionary: CVE-2020-6821, CVE-2020-6822, CVE-2020-6825. More information: Multiple security issues have been found in the Mozilla Firefox […]

Videos: ssh thanks for sharing even when the audio is pretty crappy. slides (hard to read on video) can be found here: https://degabriele.info/slides/SSH_CCS_16.pdf “dropbear” is ambedded ssh server Made in Australia (wiki) also available as Android App naming: a “dropbear” […]

SecurityLab, [26.03.20 08:10] The largest free hosting provider on the darknet, Daniel’s Hosting, was hacked for the second time in 16 months, and stopped working on Wednesday, March 25. Unknown attackers deleted the entire database of the hosting provider, as […]

SecurityLab, [24.03.20 08: 05] Cybercriminals hack Windows PCs through a previously unknown vulnerability in the Adobe Type Manager library (atmfd.dll) used by the operating system to process PostScript type 1 fonts. Microsoft described attacks exploiting this vulnerability as “targeted” and […]

Weapons of Mac Destruction: MACs OSX no longer safe? Apple takes it security seriously iOS secured locked down “blackbox” zero days exist against fully patched iOS devices: at the same time the lock down makes it almost impossible for user […]

No. 1 Emotet — 36 026 samples Trojan was first discovered 2014 and was used to intercept data transferred via a secure connection. We will remind, in September of this year Emotet came back to life after 4 months of […]