Mastodawn

@netcup

Ihr stellt (bei Telegram) eine Umfrage online, in der ihr fragt wer OpenClaw verwendet?

https://the-decoder.de/opendoor-statt-openclaw-sichereitsforscher-entlarven-gravierende-sicherheitsluecke-im-hype-agenten-clawdbot/

Ich find's sehr witzig 😂

#netcup #openClaw #SecurityAwareness

OpenClaw hat OpenDoor: Sichereitsforscher entlarven gravierende Sicherheitslücke im Hype-Agenten "Clawdbot"

Der KI-Agent OpenClaw hat in wenigen Wochen über 100.000 GitHub-Stars gesammelt. Nun zeigen Sicherheitsforscher, wie sich der gehypte Assistent durch ein einziges manipuliertes Dokument in eine dauerhafte Hintertür verwandeln lässt.

The Decoder

smey-IT e.K.Feb 1

🛡️ Ohne Firewall = offene Tür.
Der BSI-Lagebericht warnt: Unsichere Netzwerke sind eines der größten Risiken für KMU.

Meine Securepoint Managed Firewall (XS–XL) bietet:
• UTM-Schutz
• Shield-Bundle inkl. Awareness Training (XS/S)
• Sichere VPNs
• Automatische Updates
• Monitoring & Reports
• Deutscher Hersteller, deutscher Support

👉 Schreib mir, wenn dein Netzwerk ein Upgrade braucht.

#ManagedFirewall #Securepoint #BSILagebericht #ITSicherheit #KMU #SecurityAwareness
#CyberSecurity

smey-IT e.K.Feb 1

⚠️ BSI warnt: KMU bleiben Hauptziel.
Unsichere Netzwerke, alte Geräte, fehlende Backups – genau das zeigt der neue Lagebericht.

Ich arbeite mit deutschen & europäischen Lösungen, die diese Lücken schließen.
Mehr dazu in den nächsten Posts.

👉 DM, wenn du checken willst, wo du stehst.

Quelle: BSI Lagebericht

#BSILagebericht #ITSicherheit #CyberSecurity #KMU #Deutschland #ITDienstleister #SecurityAwareness #Hackerangriffe #ITSupport #smeyIT #Ahrensburg #Hammoor #Stormarn #ManagedServices

Show thread

Nagô (JJ)Jan 29

@BenjaminHCCarr This. #infosec is hard even on mature, well seasoned, battle-tested technologies, so I am willing to give a pass to #foss developers who usually develop useful tools on their time and dime for all to use, especially when it comes to risks inherent to emerging technologies like #AI.

However, this case is interesting to me because it seems to me that the emerging technology -related risks have been more thoroughly thought out and protected against than the same old same old.

Credentials exposed in plaintext, lack of user and privilege separation, etc.

As a FOSS enthusiast and security guy, I do believe that FOSS developers do have a duty with their user base to produce as secure as possible software for all to use. Security is a core, though oft neglected aspect of software quality.

However, as a FOSS developer myself, although nothing on the scale of #clawdbot / #moltbot , I know security *is* hard. It requires time, resources and expertise that even many teams on big companies don't have. I'm not pointing fingers here.

Therefore I do believe that we, the security minded people in the FOSS community ( #FOSSSec if you'll indulge me) have a duty towards developers and users.

The most impactful way is obviously to just pr a fix imho. But at a systemic level just that won't work.

Much ink has been spilled on #securityawareness (tm), but I don't think the problem is that people aren't aware anymore.

It's a problem of improving security culture and habits, and one way we can do that is by improving the functionality and usability of existing FOSS security tools, so that more people learn and use them, for instance.

InfosecK2K Jan 29

⚠️ Human Error: The Biggest Cyber Risk
Most incidents start with simple mistakes weak passwords, bad links, or wrong sharing. Awareness prevents damage. 🔐

#CyberSecurity #HumanRisk #SecurityAwareness #InfosecK2K

ZeroDay Bae Jan 28

New by me: Protecting Your Enterprise From “Employee Actions” on Network Devices

Protecting your enterprise from “employee actions” isn’t about distrusting people. It’s about designing systems that stay safe on a very human day.

https://www.kylereddoch.me/blog/protecting-your-enterprise-from-employee-actions-on-network-devices/

#Cybersecurity #Infosec #ZeroTrust #Phishing #EDR #SecurityAwareness

Protecting Your Enterprise From “Employee Actions” on Network Devices

Insider mistakes are inevitable, insider malice is rare, and employee spoofing is everywhere. Here’s a practical, layered playbook to keep your business safe either way.

CybersecKyle

DigitalEscapeTools Jan 23

🚨 A new privacy & security–related development is raising concerns for users and administrators, highlighting once again how fast-moving changes in tech can introduce unexpected risks.

Staying informed and cautious is key as the situation evolves.
👉 https://digital-escape-tools-phi.vercel.app/2026/01/news19.html

#TechNews #Privacy #CyberSecurity #DigitalRights #SecurityAwareness

48 Million Gmail Usernames and Passwords Leaked Online

A large exposed dataset containing Gmail credentials highlights the ongoing threat posed by infostealer malware and password reuse.

InfosecK2K Jan 23

🧩 Cyber Hygiene Checklist for Employees
Lock screens, use MFA, keep devices updated, verify requests, and report suspicious activity. Small habits prevent big incidents. 🔐

#CyberSecurity #CyberHygiene #SecurityAwareness #InfosecK2K

CVEDatabase.com Jan 22

Human error and social engineering remain leading causes of breaches, so continuous, security awareness training is critical. Simulated phishing, clear policies, and simple reporting paths beat annual tick‑box e‑learning.

https://www.cvedatabase.com
#SecurityAwareness #Phishing

CVEDatabase.com - Search & Analyze CVE Vulnerabilities

Search and analyze CVE vulnerabilities with instant access to CVSS scores, affected products, and AI-powered remediation guidance.

CVEDatabase.com

TechNadu Jan 20

Recent research highlights continued proxyware distribution through malware disguised as legitimate installers, including tools branded as Notepad++.

The campaign demonstrates evolving persistence techniques, including scheduled task abuse, process injection, and the use of both JavaScript and Python loaders to deploy proxy services.

This activity underscores the growing relevance of non-cryptomining monetization threats and the need for visibility into network-level resource abuse.

Follow @technadu for neutral, technically grounded cybersecurity reporting.

Source: https://asec.ahnlab.com/en/92183/

Thoughtful discussion encouraged.

#InfoSec #ThreatIntelligence #Proxyware #MalwareResearch #EndpointDefense #CyberThreats #SecurityAwareness