December 2024 - rwth-security - lists.rwth-aachen.de

Let's Encrypt - Intent to End OCSP Service
by Bernd Kohler 31 Dec '24

31 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Intent to End OCSP Service" --> "... our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible ..." --> "... As soon as the Microsoft Root Program also makes OCSP o ptional, which we are optimistic will happen within the next six to twelve months, Let’s Encrypt intends to announce a specific and rapid timeline for shutting down our OCSP services. ..." --> kein OSCP stapling? VG Bernd [0] https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 1

Microsoft issues urgent dev warning to update .NET installer link
by Bernd Kohler 31 Dec '24

31 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Microsoft issues urgent dev warning to update .NET installer link" VG Bernd [0] https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-urgent-dev… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Study Finds AI Can Guess Crypto Seed Phrases in 0.02 Seconds
by Bernd Kohler 30 Dec '24

30 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Study Finds AI Can Guess Crypto Seed Phrases in 0.02 Seconds" VG Bernd [0] https://hackread.com/study-ai-guess-crypto-seed-phrases-in-seconds/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

CVE-2024-40896 (CVSS 9.1): Critical XXE Vulnerability Discovered in libxml2
by Bernd Kohler 27 Dec '24

27 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-40896 (CVSS 9.1): Critical XXE Vulnerability Discovered in libxml2" VG Bernd [0] https://securityonline.info/cve-2024-40896-cvss-9-1-critical-xxe-vulnerabil… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Windows 11 installation media bug causes security update failures
by Bernd Kohler 27 Dec '24

27 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Windows 11 installation media bug causes security update failures" VG Bernd [0] https://www.bleepingcomputer.com/news/security/windows-11-installation-medi… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
by Bernd Kohler 27 Dec '24

27 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately" VG Bernd [0] https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.h… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677
by Bernd Kohler 24 Dec '24

24 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677" VG Bernd [0] https://securityonline.info/rce-and-dos-vulnerabilities-addressed-in-apache… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 1

Ongoing phishing attack abuses Google Calendar to bypass spam filters
by Bernd Kohler 19 Dec '24

19 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Ongoing phishing attack abuses Google Calendar to bypass spam filters" VG Bernd [0] https://www.bleepingcomputer.com/news/security/ongoing-phishing-attack-abus… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

CISA urges switch to Signal-like encrypted messaging apps after telecom hacks
by Bernd Kohler 19 Dec '24

19 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CISA urges switch to Signal-like encrypted messaging apps after telecom hacks" VG Bernd [0] https://www.bleepingcomputer.com/news/security/cisa-urges-switch-to-signal-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Boffins trick AI model into giving up its secrets
by Bernd Kohler 19 Dec '24

19 Dec '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Boffins trick AI model into giving up its secrets" VG Bernd [0] https://www.theregister.com/2024/12/18/ai_model_reveal_itself/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0