About

Latest cybersecurity news from Germany


Kubernetes cluster threat

Rancher remediates risk created by secrets stored in plaintext28 September 2022Kubernetes cluster threatRancher remediates risk created by secrets stored in plaintext

Open source CMS TYPO3 tackles XSS vulnerability

15 September 2022Open source CMS TYPO3 tackles XSS vulnerabilityBug spawned by parsing problem in upstream package

Browsers non-grata

German proposals will oblige government employees to use modern, secure web browsers15 August 2022Browsers non-grataGerman proposals will oblige government employees to use modern, secure web browsers

Preemptive patches

Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite27 July 2022Preemptive patchesOpen-Xchange issues fixes for RCE, SSRF bugs in OX App Suite

PyPI to send 4,000 security keys to ‘critical projects’

11 July 2022PyPI to send 4,000 security keys to ‘critical projects’Google is providing Titan Security Keys to maintainers of projects in top 1% of downloads

Latest web hacking tools – Q3 2022

01 July 2022Latest web hacking tools – Q3 2022We take a look at the latest additions to security researchers’ armory

Critical Citrix ADM vulnerability creates means to reset admin passwords

20 June 2022Critical Citrix ADM vulnerability creates means to reset admin passwordsImproper access control flaw poses DoS-to-RCE hijack risk

GhostTouch

New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens14 June 2022GhostTouchNew research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens

European Council extends sanction regime to deter future cyber-attacks

24 May 2022European Council extends sanction regime to deter future cyber-attacksStrategy includes travel bans and asset freezing

Hydra beheaded

Authorities seize servers in bust against darknet marketplace06 April 2022Hydra beheadedAuthorities seize servers in bust against darknet marketplace

‘Dangerous trend’

EU web authentication plan threatens to undercut browser-led certification system, say detractors30 March 2022‘Dangerous trend’ EU web authentication plan threatens to undercut browser-led certification system, say detractors

Workaround offered for unpatched HTML-to-PDF rendering vulnerability

18 March 2022Workaround offered for unpatched HTML-to-PDF rendering vulnerabilitySecurity flaws exposed in popular dompdf PHP library

AirTag clone warning

DIY device bypasses Apple’s tracking-protection features, claims researcher22 February 2022AirTag clone warningDIY device bypasses Apple’s tracking-protection features, claims researcher

VPNLab takedown

Authorities dismantle ‘criminal-favorite’ VPN service18 January 2022VPNLab takedownAuthorities dismantle ‘criminal-favorite’ VPN service

The blame game

EU criticized for ‘fragmented and slow’ approach to cyber-attack attribution10 January 2022The blame gameEU criticized for ‘fragmented and slow’ approach to cyber-attack attribution

Java RMI services ‘often vulnerable to SSRF attacks’

06 January 2022Java RMI services ‘often vulnerable to SSRF attacks’Trust boundaries breached by security shortcomings

Wireless coexistence

New attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation’23 December 2021Wireless coexistenceNew attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation’

Cisco patches critical bugs in Policy Suite, network devices

05 November 2021Cisco patches critical bugs in Policy Suite, network devicesCritical severity bugs disclosed by networking titan

Multiple flaws in telecoms stack software FreeSwitch uncovered

01 November 2021Multiple flaws in telecoms stack software FreeSwitch uncoveredAuthentication and denial of service risks for DIY PBX tech patched

Ransomware cybercrooks fall prey to Europol swoop

01 November 2021Ransomware cybercrooks fall prey to Europol swoopTwo-year investigation results in raids targeting ‘high-value’ suspects and seizure of cash and computers

Infosec skills gap widens in all regions bar Asia-Pacific

26 October 2021Infosec skills gap widens in all regions bar Asia-PacificOverall worldwide shortfall shrinks 400k to 2.7m unfilled positions

Sandbox breakout

Node.js sandboxes are open to prototype pollution22 October 2021Sandbox breakout Node.js sandboxes are open to prototype pollution

EU ban on anonymous domain registration is welcomed

22 October 2021EU ban on anonymous domain registration is welcomed‘This raises the bar and makes it expensive for easy cyber criminality,’ argues DomainTools

Bulletproof hosting duo jailed over cyber-attack technical support

21 October 2021Bulletproof hosting duo jailed over cyber-attack technical supportAttacks leveraging defendants’ infrastructure inflicted heavy financial losses on victims

Embedded insecurity

Broadcom SDK vulnerabilities create lingering risk for router manufacturers05 October 2021Embedded insecurityBroadcom SDK vulnerabilities create lingering risk for router manufacturers

Credential leak fears raised following security breach at Travis CI

15 September 2021Credential leak fears raised following security breach at Travis CIDevOps firm slammed for ‘abysmal’ incident response

Supply chain security

Realtek SDK vulnerabilities impact dozens of downstream IoT vendors16 August 2021Supply chain securityRealtek SDK vulnerabilities impact dozens of downstream IoT vendors

Top Hacks from Black Hat and DEF CON 2021

09 August 2021Top Hacks from Black Hat and DEF CON 2021Tools, techniques, and (hybrid) procedures

Attacking Let’s Encrypt

Downgrade attack lowers the bar for printing fraudulent SSL certificates06 August 2021Attacking Let’s EncryptDowngrade attack lowers the bar for printing fraudulent SSL certificates

‘Shooting the messenger’

Dispute erupts between Chaos Computer Club and Germany’s CDU after data leak discovery06 August 2021‘Shooting the messenger’Dispute erupts between Chaos Computer Club and Germany’s CDU after data leak discovery

Arrests made over European ATM ‘jackpotting’ spree

29 July 2021Arrests made over European ATM ‘jackpotting’ spreeAttacks combined physical and digital exploits to land criminals $273,000

Eight arrests made as Eurojust dismantles €2m phishing fraud

12 July 2021Eight arrests made as Eurojust dismantles €2m phishing fraud

Zero-day Pling vulnerabilities

Linux marketplaces open to RCE and supply chain attacks23 June 2021Zero-day Pling vulnerabilitiesLinux marketplaces open to RCE and supply chain attacks