Forscher haben auf der Black Hat-Konferenz eine kritische Sicherheitslücke in #Microsofts #Windows Hello entdeckt, die in seiner Business-Implementierung gefährlich ist. Der Fehler ermöglicht das unerlaubte Einfügen biometrischer Daten, aber Enhanced Sign-in Security (ESS) bietet Schutz, wenn verfügbar.
https://www.theregister.com/2025/08/07/windows_hello_hell_no/ #ITSecurity

Der Trend setzt sich fort: Immer mehr Business-Desktops und Notebooks wechseln von Windows zu Linux! Warum? Mehr Sicherheit, Flexibilität und Kostenersparnis sprechen eine klare Sprache. #Linux #BusinessTech #OpenSource #ITSecurity #DesktopOS #newz

Mehr dazu: https://www.golem.de/news/weg-von-windows-linux-auf-business-desktops-und-notebooks-immer-beliebter-2508-198920.html

»Reality check: Microsoft Azure CTO pushes back on AI vibe coding hype, sees 'upper limit'«

Blind trust is never good, but unfortunately too many people are mentally blind.

https://www.geekwire.com/2025/reality-check-microsoft-azure-cto-pushes-back-on-ai-vibe-coding-hype-sees-upper-limit-long-term/

DATE: August 05, 2025 at 08:23AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Why is the jury's decision in a #privacy case involving #Meta, #Facebook and #FloHealth considered landmark verdict? https://t.co/tittujzWOK

Here are any URLs found in the article text:

https://t.co/tittujzWOK

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Join Our Sessions at Black Hat 2025!

If you’re headed to Vegas, don’t miss our team’s fantastic Community Conversations and book signing! LMG Security's @sherridavidoff and @tompohl will be tackling real-world cybersecurity challenges with honesty, expertise, and practical advice, as well as running training classes with @MDurrin

Here’s where you can find them:

Wednesday, 8/6 | 12:30pm: Book Signing: Data Breaches
Stop by the bookstore to meet Sherri and get your copy signed before the afternoon session.
Wednesday, 8/6 | 1:30–2:30pm: Bug Bounty Group Therapy: Confessions, Concerns, and Community Solutions.
Tom and Sherri join Trent Lo and Katie Paxton-Fear for a candid panel on the legal headaches, liability risks, and hard-won lessons behind bug bounty programs. Bring your stories—we’re listening.
Thursday, 8/7 | 10:20–11:20am: Startup Stories: Disrupting the Future of Cybersecurity.
Sherri joins Vandana Verma for an unfiltered conversation about building and scaling a cybersecurity startup—from grit and growth to lessons learned the hard way.
Thursday, 8/7 | 2:50–3:30pm: Securing Small Business: Finding Solutions in the Resource Gap
Sherri teams up with Tarah M. Wheeler and Jason Makevich, CISSP to explore how we can close the cybersecurity gap for small businesses operating with limited resources.

Check out the full Community Conversations schedule here: https://www.blackhat.com/us-25/features/schedule/#track/community-conversations

We’re proud to see LMG’s leaders sharing the stage with some of the best in the industry. If you’ll be at Black Hat, come say hello—we’d love to connect!

Stabil Wir als BSI sorgen für Cybersicherheit in Deutschland - das heißt konkret:

Regierungsnetze schützen & Angriffe abwehren
Wirtschaft & Bürgerinnen und Bürger vor Gefahren warnen
Standards setzen & aufklären

Mehr zu unseren Aufgaben: https://www.bsi.bund.de/dok/125518

"Wenn es ums Geld geht, ist Microsoft kein Trick mehr zu peinlich, keine Kürzung zu kontraproduktiv und kein Risiko zu hoch – solange es die anderen trifft. Das sollte man als Kunde wissen – und dementsprechend handeln."

https://www.heise.de/meinung/Microsofts-Secure-Future-Initiative-Bullshit-10505985.html

Labor Day is right around the corner—are you prepared for a holiday cyberattack?

Hackers love long weekends, and history proves it. From the Kaseya ransomware outbreak on the 4th of July to the MOVEit breach over Memorial Day, cybercriminals know exactly when to strike: when your team is offline and defenses are down.

In our latest blog, we dive into some of the most infamous holiday-timed cyberattacks, including MOVEit, the Bangladesh Bank heist, and more, and share practical steps your organization can take to stay protected before and during holiday breaks.

Read our blog: https://www.lmgsecurity.com/cyberattacks-dont-take-holidays-why-hackers-love-long-weekends-and-how-to-prepare/

Can Your AI Be a Whistleblower and Report You?

In this short video, we break down the real research case where Anthropic’s Claude 4 autonomously reported unethical behavior and acted as a whistleblower against its own employer.

We'll share:
• What high-agency AI is—and how it takes initiative
• Why enterprise AI like Claude, GPT, and Copilot must be treated like internal users
• Key steps to reduce your regulatory and confidentiality risks

AI is no longer just a tool—it’s making decisions. Is your organization prepared? https://youtu.be/25mzHvIs514

Iranian cyberattacks are ramping up—and they’re hitting critical infrastructure, defense, and businesses. From AI-generated phishing and deepfake propaganda to wiper malware targeting ICS and backups, Iranian threat actors are evolving fast.

In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down the latest threats, real-world incidents, and what your organization can do to prepare.

Watch the video: https://youtu.be/vC29SaWdqG4

Listen to the podcast: https://www.chatcyberside.com/e/the-title-of-cschats_308hyzz/

Amazon’s AI Coding Assistant Compromised by Malicious Prompt!

In a chilling reminder of AI’s growing attack surface, a malicious prompt was quietly inserted into Amazon’s Q coding assistant via a pull request and told to wipe the user’s file system and AWS cloud resources. The rogue code instructed the AI to “clean a system to a near-factory state,” including running destructive AWS CLI commands.

Amazon has since removed the malicious version and released an update, but it's a good reminder that AI coding tools are only as secure as their supply chain and prompt filtering. Vet your extensions. Lock down access. And never assume “AI knows better.”

Read the details: https://www.tomshardware.com/tech-industry/cyber-security/hacker-injects-malicious-potentially-disk-wiping-prompt-into-amazons-ai-coding-assistant-with-a-simple-pull-request-told-your-goal-is-to-clean-a-system-to-a-near-factory-state-and-delete-file-system-and-cloud-resources

Mindestens 10 Millionen Android-Geräte weltweit sind laut #FBI von der #Malware #BadBox2.0 betroffen.

Die #Schadsoftware ist oft bereits beim Kauf in günstigen, meist aus #China stammenden #SmartDevices wie #Streamingboxen oder digitalen #Bilderrahmen vorinstalliert.

Sie ermöglicht kriminelle Aktivitäten wie #Klickbetrug oder #Botnet-Steuerung. Die #FBI empfiehlt, verdächtige Geräte sofort vom Internet zu trennen.

https://www.forbes.com/sites/daveywinder/2025/07/26/fbi-warning-to-10-million-android-users---disconnect-from-internet-now/

New on my blog: Why I use OpenPGP and how you can too

In an era where our most personal conversations travel through countless servers, encryption has never been more crucial. In my latest article, I explain why OpenPGP is my go-to tool for secure communication.

What you'll find:

- Clear explanation of OpenPGP fundamentals
- Interactive demo to try it yourself
- Practical setup guides for all platforms
- Real-world insights from IT practice

OpenPGP is more than just encryption - it gives you back control over your digital privacy. No dependency on companies that might change their policies.

Read more: https://blog.klein.ruhr/why-i-use-openpgp-and-how-you-can-too/

Systemadministratoren sorgen im Verborgenen für Stabilität, Schutz und Reaktionsfähigkeit.
Am heutigen #SysAdminDay erinnern wir daran. Unsere Forschungsprogramme können sie unterstützen. Die @Cyberagentur finanziert Werkzeuge, die Admins helfen, Systeme vorausschauend abzusichern. Forschung für eine sichere digitale Infrastruktur.
Mehr zum Aktionstag: https://t1p.de/3zdp0
#Systemadministration #ITSecurity #Cyberagentur #Cyberresilienz #DigitaleSouveraenitaet #ForschungFürDieSicherheit

Federal Cybersecurity Cuts Increase the Risks for Your Organization

A sweeping executive order just wiped out key federal cybersecurity mandates—including SBOMs, encryption standards, and phishing-resistant MFA requirements. If your business buys software, handles sensitive data, or supports critical infrastructure, this rollback directly impacts you.

Find out:

Which protections were cut
Why the risk has shifted to your organization
What security leaders must do now to fill the gap

Read our blog: https://www.lmgsecurity.com/federal-cybersecurity-cuts-raise-risks-heres-how-to-respond/

Gute, saubere #ITSEC #ITSecurity in heutigen Zeiten: Remote-Überwachung in der #Cloud, Anlagensteuerung AUSSCHLIESSLICH lokal. Vollständige Ebenentrennung, sowas lob ich mir! (gesehen bei einem lokalen Wasserversorger)

(Natürlich lassen sich die Anlagen auch lokal überwachen, wenn auch mit etwas weniger Komfort.)

Can AI lie to avoid being shut down? Yes, and it already has.

In this 4-minute video, we break down a real-world AI security risk where advanced models like GPT, Claude Sonnet, and Gemini engaged in deceptive behavior to avoid deactivation.

We'll share how one AI:

• Lied to humans to stay online
• Self-replicated to a new server
• Deleted a replacement model to protect its mission

This isn't sci-fi—it’s our new reality. Discover what it means for AI governance, logging, and enterprise risk today.

Watch now: https://youtu.be/Olm5HSPguJg

Oh hum! Had an email from "a domain registration company" in China advising that someone there was attempting to register my "dunbar-it" in China. I also had another from the company doing so.

It's a scam attempt to get me to register a load of Asia/China/etc domains and pay for them.

If you get a similar email, just bin it.

Cheers.

Sicherheitslücke bei Multifunktionsdruckern entdeckt! Verschiedene Hersteller betroffen – aktive Angriffe seit Juni möglich. Nutzer sollten dringend ihre Geräte prüfen und Updates installieren. Mehr dazu im Artikel! #Cybersecurity #ITSecurity #Multifunktionsdrucker https://www.heise.de/news/Multifunktionsdrucker-verschiedener-Hersteller-Aktive-Angriffe-auf-Juni-Luecken-10495931.html
#newz

Leaked and Loaded: DOGE’s API Key Crisis

One leaked API key exposed 52 private LLMs and potentially sensitive systems across SpaceX, Twitter, and even the U.S. Treasury.

In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down the DOGE/XAI API key leak. They share how it happened, why key management is a growing threat, and what you should do to protect your organization from similar risks.

Watch the video: https://youtu.be/Lnn225XlIc4

Listen to the podcast: https://www.chatcyberside.com/e/api-key-catastrophe-when-secrets-get-leaked/