- rwth-security - lists.rwth-aachen.de

SLAP und FLOP - Apple CPU side-channel attack
by Bernd Kohler 29 Jan '25

29 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "SLAP (Speculation Attacks via Load Address Prediction) and FLOP (False Load Output Predictions)" --> Paper bzgl. SLAP [1] --> Paper bzgl. FLOP [2] VG Bernd [0] https://predictors.fail/ [1] https://predictors.fail/files/SLAP.pdf [2] https://predictors.fail/files/FLOP.pdf -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social-Media-Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.instagram.com/itcenterrwthaachen/ https://www.linkedin.com/company/itcenterrwth https://www.youtube.com/c/ITCenterRWTHAachen

1 0

New TorNet backdoor seen in widespread campaign
by Bernd Kohler 29 Jan '25

29 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New TorNet backdoor seen in widespread campaign" --> "... targeting users, predominantly in Poland and Germany, based on the phishing email language ..." VG Bernd [0] https://blog.talosintelligence.com/new-tornet-backdoor-campaign/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social-Media-Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.instagram.com/itcenterrwthaachen/ https://www.linkedin.com/company/itcenterrwth https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
by Bernd Kohler 29 Jan '25

29 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer" VG Bernd [0] https://thehackernews.com/2025/01/broadcom-warns-of-high-severity-sql.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social-Media-Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.instagram.com/itcenterrwthaachen/ https://www.linkedin.com/company/itcenterrwth https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations
by Bernd Kohler 28 Jan '25

28 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations" VG Bernd [0] https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social-Media-Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.instagram.com/itcenterrwthaachen/ https://www.linkedin.com/company/itcenterrwth https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Bandit - tool designed to find common security issues in Python code
by Bernd Kohler 28 Jan '25

28 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Bandit" VG Bernd [0] https://github.com/PyCQA/bandit -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social-Media-Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.instagram.com/itcenterrwthaachen/ https://www.linkedin.com/company/itcenterrwth https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Microsoft Teams phishing attack alerts coming to everyone next month
by Bernd Kohler 28 Jan '25

28 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Microsoft Teams phishing attack alerts coming to everyone next month" VG Bernd [0] https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-att… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Apple fixes this year’s first actively exploited zero-day bug
by Bernd Kohler 28 Jan '25

28 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Apple fixes this year’s first actively exploited zero-day bug" VG Bernd [0] https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

CVE-2024-56626 & CVE-2024-56627: Critical Linux Kernel SMB Server Bugs Uncovered, PoC Published
by Bernd Kohler 28 Jan '25

28 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-56626 & CVE-2024-56627: Critical Linux Kernel SMB Server Bugs Uncovered, PoC Published" VG Bernd [0] https://securityonline.info/cve-2024-56626-cve-2024-56627-critical-linux-ke… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

Stratoshark
by Bernd Kohler 27 Jan '25

27 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Stratoshark" --> "... Stratoshark is a sibling application for Wireshark which lets you analyze system calls and log messages ..." VG Bernd [0] https://wiki.wireshark.org/Stratoshark -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
by Bernd Kohler 27 Jan '25

27 Jan '25

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs" VG Bernd [0] https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social-Media-Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.instagram.com/itcenterrwthaachen/ https://www.linkedin.com/company/itcenterrwth https://www.youtube.com/c/ITCenterRWTHAachen

1 0