Voluntary chat control: EU Parliament plans next deadline extensionSuspicion-independent scans of private messages were supposed to be a thing of the past. EU institutions push for the next extension.
Crypto exchange accidentally gives away $44 billionSerious glitch during a promotional campaign by South Korean cryptocurrency exchange Bithumb: Due to an error, 695 users each received at least 2000 Bitcoin.
Attack via Signal: BfV and BSI warn politicians, military personnel, diplomatsAn attack on users of the Signal messenger, which became known last week, targets members of the Bundestag and other important individuals.
Debian: Project leader warns of developers' silent withdrawalDebian Project Leader Andreas Tille denounces a structural problem: developers disappear without feedback – with consequences for security and maintenance.
Security updates F5 BIG-IP: Attackers can disable network trafficMultiple security vulnerabilities affect various F5 BIG-IP appliances.
Data leak at Substack: Dataset with nearly 700,000 entries onlineCybercriminals have exfiltrated data from Substack. The dataset comprises around 700,000 entries and is available online.
TeamViewer: Vulnerability allows access without prior confirmationIn TeamViewer, attackers can bypass access controls and gain access without prior confirmation.
Security Update: Root Security Vulnerability Threatens Cisco Meeting ManagementAttackers can target various Cisco products such as Meeting Management and Prime Infrastructure.
Patchday Android: Driver vulnerability endangers Pixel smartphonesThis month, Google is holding back on Android security updates, but Samsung is distributing multiple patches.
"Fake-Check Geldanlage" aims to prevent investment fraudWhether an investment shows fraudulent characteristics can be checked with the "Fake-Check Geldanlage" from the consumer protection agencies.
Microsoft Releases LiteBox: Rust-based Sandboxing Library OSWith LiteBox, Microsoft has released a library OS written in Rust, which aims to reduce the attack surface through minimal host interfaces.
Automation tool n8n: Further critical vulnerabilities patchedIn the automation tool n8n, developers have patched further security vulnerabilities. An update to the latest version is recommended.
Messenger: Messages can be pinned in Signal chatsThe messenger Signal has received a new feature. Users can now pin messages in chats.
Phishing: Fake cloud storage warning trackedPhishing emails don't just target login credentials directly, but often lead victims to affiliate marketing sites.
Malware gaps in IBM WebSphere Application Server Liberty and Netcool/OMNIbusAttackers can target IBM's application server WebSphere Application Server Liberty and the network monitoring solution Tivoli Netcool/OMNIbus.
Native Sysmon integration in Windows is getting closerMicrosoft has released Windows Insider previews that include the powerful Sysmon logging tool as a Windows feature.
Windows 10 also affected by shutdown problemsThe January updates have caused problems with shutting down and sleep modes. Windows 10 is also affected.
Attacks on Solarwinds Web Help Desk, FreePBX and Gitlab observedCISA warns of recently observed attacks on security vulnerabilities in Solarwinds Web Help Desk, FreePBX and Gitlab.
Kaspersky: Either the BSI withdraws its warning, or…The IT security company wants to get rid of the warning from the Bonn authority and is trying to exert pressure on the BSI – indirectly.
Update now! Attackers take over SmarterMail instances as adminThree critical security vulnerabilities threaten SmarterTools email software SmarterMail. A security update is available.
Security update: Unauthorized access to WatchGuard Firebox conceivableAttackers can access WatchGuard Firebox firewalls. Repaired Fireware OS versions are available for download.
Windows: Microsoft clarifies NTLM phase-out, but still no dateMicrosoft intends to disable the insecure NTLM protocol by default with the next Windows Server version. However, its release date remains open.
Dell Unity: Attackers can execute malicious code with root privilegesAdmins should install an important security update for Dell Unity Operating Environment promptly.
Anonymizing Linux: Emergency update Tails 7.4.1 releasedThe Linux distribution Tails, focused on anonymity online, has been released in version 7.4.1 – an emergency update.
UpdateNotepad++: Updater takeover by state actorsAttackers had specifically delivered malware to systems using the Notepad++ updater. Investigations point to state actors.
OpenSSL: 12 security gaps, one allows malicious code execution and is critical12 security vulnerabilities have been discovered in OpenSSL – using AI tools. One of them is considered critical. Updated software is available.
Security patches: Root attacks on IBM Db2 possibleMultiple security vulnerabilities endanger IBM's database management system Db2. Primarily, instances can crash.
AI Bot: OpenClaw (Moltbot) with high-risk code smuggling vulnerabilityThe AI bot OpenClaw, also known as Moltbot, can do a lot on user computers. A code smuggling vulnerability within it is therefore all the more serious.
Change Your Password Day: A Useless Recurring EventEvery year on February 1st, 'Change Your Password Day' takes place. However, the tip is worn out and counterproductive.
Cybersecurity Act: Network operators sharply criticize Huawei banIndustry associations are not sparing in their criticism of the draft EU Cybersecurity Act. They warn of consequences for digitalization and high costs.
Security Updates: Attackers can push malicious code onto Lexmark printersThree security vulnerabilities threaten various Lexmark printer models – one is classified as critical.
La Suite Docs 4.5.0: Free collaboration platform with simple DOCX importThe open-source collaboration platform La Suite Docs has been released in version 4.5.0. Among other things, it brings an improved import function for Word.
Update! Attacked vulnerability in Ivanti Endpoint Manager MobileTwo critical security vulnerabilities have been discovered in Ivanti Endpoint Manager Mobile. Attacks are underway, and administrators should update quickly.
US agencies no longer have to check what's inside their softwareSoftware used by government agencies should be as secure as possible. This starts with programming. However, US agencies no longer have to pay attention to this.
Google pulls millions of devices from IPIDEA residential proxy networkGoogle has delivered a significant blow to the residential proxy network IPIDEA. It is used by criminals, among others.
Nvidia Security Vulnerabilities: Attacks on GPU Drivers Can Lead to CrashesSoftware vulnerabilities endanger PCs with Nvidia graphics cards. Security patches are available.
Security Patch: SolarWinds Web Help Desk Authentication BypassThe ticketing software SolarWinds Web Help Desk is vulnerable through four critical security vulnerabilities, among others.
JavaScript Sandbox vm2: Critical Vulnerability Allows EscapeThe JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.
Attacks on WinRAR vulnerability continueAnyone who has WinRAR on their computer should ensure they install the latest version. Google warns of active attacks.
Secure Linux: Amutable brings "cryptographically verifiable integrity"Is the Linux system clean? Verifiable integrity is intended to ensure this. The startup Amutable now wants to implement this.
