Archiv für Oktober 2025

X-Request-Purpose: Identifying „research“ and bug bounty related scans? Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are supposed to identify the researcher conducting the scans https://isc.sans.edu/diary/X-Request-Purpose%3A%20Identifying%20%22research%22%20and%20bug%20bounty%20related%20scans%3F/32436 Proton Breach Observatory Proton opened up its breach observatory. […]

Das BSI gibt praxisnahe Tipps für die digitale Sicherheit bei der Nutzung von Onlinebanking und stellt zusammen mit dem ProPK eine Checkliste für den Ernstfall zur Verfügung.

How to Collect Memory-Only Filesystems on Linux Systems Getting forensically sound copies of memory-only file systems on Linux can be tricky, as tools like dd do not work. https://isc.sans.edu/diary/How%20to%20collect%20memory-only%20filesystems%20on%20Linux%20systems/32432 Microsoft Azure Front Door Outage Today, Microsoft s Azure Front Door service failed, leading to users not being able to authenticate to various Azure-related services. https://azure.status.microsoft/en-us/status […]

Phishing with Invisible Characters in the Subject Line Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered. https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428 Apache Tomcat PUT Directory Traversal Apache released an update to Tomcat fixing a directory traversal […]

Für die Mail-Server-Produkte Microsoft Exchange Server 2016 und 2019 ist Mitte Oktober der Support des Herstellers ausgelaufen. Dennoch werden nach Informationen des BSI weiterhin über 30.000 MS-Exchange-Server in Deutschland mit diesen oder noch älteren Versionen und einem offen über das Internet erreichbaren Outlook Web Access betrieben.

BSI und ProPK veröffentlichen gemeinsame Checkliste, um Verbraucherinnen und Verbraucher über ihre Handlungsmöglichkeiten im Falle eines gehackten E-Mail-Kontos zu informieren.

Bytes over DNS Didiear investigated which bytes may be transmitted as part of a hostname in DNS packets, depending on the client resolver and recursive resolver constraints https://isc.sans.edu/diary/Bytes%20over%20DNS/32420 Unifi Access Vulnerability Unifi fixed a critical vulnerability in it s Access product https://community.ui.com/releases/Security-Advisory-Bulletin-056-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191 OpenAI Atlas Omnibox Prompt Injection OpenAI s latest browser can be jailbroken by […]