Unternehmen können anhand des Leitfadens ihre Schwachstellen erkennen und mit Unterstützung des BVT Maßnahmen ergreifen, um ihren Schutz zu verbessern.

We introduce SMoTherSpectre, a speculative code-reuse attack that leverages port-contention in simultaneously multi-threaded processors (SMoTher) as a side channel to leak information from a victim process. SMoTher is a fine-grained side channel that detects contention based on a single victim instruction.

Gerade im Bereich der IT halten externe Berater (und auch Mitarbeiter) sich oft mehr oder weniger an den Vorgaben der Aufsicht fest. So manch einer hat keine Ahnung, ob das eigentlich zielführend ist - und von was redet der Techniker am anderen Ende des Tisches da eigentlich?!?!!!??? Garniert mit eigenen Anekdoten, kleinen fiktiven Beispielen und absolut tauglich für Anfänger: Informationssicherheit & IT-Risikomanagement am Beispiel der Bank B!

The Red Hat Product Security risk report reviews the state of security for our products in 2018.

SecBSD is an UNIX-like operating system focused on computer security based on OpenBSD.

The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host.

Wireless devices are everywhere, at home, at the office, and on the street. Devices are bombarding us with transmissions across a wide range of RF frequencies. Many of these invisible transmissions reflect off our bodies, carrying off information about ou location, movement, and other physiological properties. While a boon to professionals with carefully calibrated instruments, they may also be revealing private data about us to potential attackers nearby.
In this paper, we examine the problem of adversarial WiFi sensing, and consider whether ambient WiFi signals around us pose real risks to our personal privacy. We identify a passive adversarial sensing attack, where bad actors using a single smartphone can silently localize and track individuals in their home or office from outside walls, by just listening to ambient WiFi signals. We experimentally validate this attack in 11 real-world locations, and show user tracking with high accuracy. Finally, we propose and evaluate defenses including geo-fencing, rate limiting, and signal obfuscation by WiFi access points.

For decades, discussion of software reuse was far more common than actual software reuse. Today, the situation is reversed: developers reuse software written by others every day, in the form of software dependencies, and the situation goes mostly unexamined.

OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost.

Security researchers have found a way to corrupt the firmware of a critical component usually found in servers to turn the systems into an unbootable hardware assembly. The recovery procedure requires physical intervention to replace the malicious firmware.