Month: July 2025

Mehrere All-in-One-Geräte von Lenovo sind angreifbar. Malware kann sich in der Firmware einnisten und sogar Neuinstallationen des Betriebssystems überdauern. (Sicherheitslücke, Virus)

Orthodoxe Dateimanager zählen zu den langlebigsten und prägendsten Werkzeugen der Dateiverwaltung. Was macht ihren Reiz aus? Ein Ratgebertext von Florian Bottke (Dateimanager, Dateisystem)

Das Ende von Star Trek: Strange New Worlds ist besiegelt, aber es könnte mit einer neuen Enterprise-Serie weitergehen. Einen Titel gibt es schon. (Star Trek, Streaming)

Die Bundesregierung will Sicherheitsüberprüfungen für manche Personen in kritischen Bereichen stark ausweiten. (Überwachung, Politik)

Leapmotor startet bald den Verkauf seines B10 in Deutschland. Das Elektro-SUV kostet ab 29.900 Euro und bietet bis zu 434 Kilometer Reichweite. (Elektroauto, Auto)

Das Kabinett hat eine neue Technologiestrategie mit sechs Schlüsselbereichen beschlossen, darunter KI, Quantencomputer und Fusionsenergie. (Bundesregierung, KI)

Eine neue Studie deckt gravierende Schwachstellen in KI-generiertem Code auf. 45 Prozent aller von KI erstellten Programme enthalten Sicherheitslücken. (Softwareentwicklung, KI)

Ausfälle und Sicherheitsvorfälle gefährden kritische Geschäftsprozesse. Wie Notfallpläne entwickelt und Business-Impact-Analysen praxisnah durchgeführt werden, zeigt dieser Workshop. (Golem Karrierewelt, Sicherheitslücke)

Hackers planted a Raspberry Pi equipped with a 4G modem in the network of an unnamed bank in an attempt to siphon money out of the financial institution's ATM system, researchers reported Wednesday.

The researchers with security firm Group-IB said the “unprecedented tactic allowed the attackers to bypass perimeter defenses entirely.” The hackers combined the physical intrusion with remote access malware that used another novel technique to conceal itself, even from sophisticated forensic tools. The technique, known as a Linux bind mount, is used in IT administration but had never been seen used by threat actors. The trick allowed the malware to operate similarly to a rootkit, which uses advanced techniques to hide itself from the operating system it runs on.

End goal: Backdooring the ATM switching network

The Raspberry Pi was connected to the same network switch used by the bank’s ATM system, a position that effectively put it inside the bank’s internal network. The goal was to compromise the ATM switching server and use that control to manipulate the bank’s hardware security module, a tamper-resistant physical device used to store secrets such as credentials and digital signatures and run encryption and decryption functions.

Read full article

Comments

As of yesterday, Susan Monarez is in and Vinay Prasad is out among top federal health officials.

In a 51–47 vote along party lines, the Senate confirmed Monarez as the director of the Centers for Disease Control and Prevention. She is the first nominee for CDC director to be required to get Senate confirmation, following a 2022 law requiring it. She is also the first person to serve in the role without a medical degree since 1953.

Monarez has a PhD in microbiology and immunology and previously served as the deputy director for the Advanced Research Projects Agency for Health (ARPA-H) under the Biden administration. Monarez quietly helmed the CDC as acting director from January to March of this year but stepped down as required when Donald Trump nominated her for the permanent role. Before that, Trump had nominated Dave Weldon, but the nomination was abandoned over concerns that his anti-vaccine views would torpedo his Senate confirmation.

Read full article

Comments