Sicherheitshinweise

Hinweise zu Schwachstellen und Gefährdungen

Veröffentlichungen von Partnern und Behörden

Nachfolgend finden Sie Sicherheitshinweise von Partnern und Behörden zu Schwachstellen und Gefährdungen.

Die Hinweise enthalten Links zu externen Websites Dritter, auf deren Inhalte wir keinen Einfluss haben. Deshalb können wir für diese fremden Inhalte auch keine Gewähr übernehmen. Für die Inhalte der verlinkten Seiten ist stets der jeweilige Anbieter oder Betreiber der Seiten verantwortlich.

Cisco Systems - Security Advisory (in englisch)

  • Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
    Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in IOS-XE. A fix has been identified and the build, test, and release process has been initiated. The first fixed software releases are estimated to post on Cisco Software Download Center on Sunday,... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-20
  • Cisco IOS XE Software Web UI Command Injection Vulnerability
    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-19
  • Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability
    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-18
  • HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023
    On October 10, 2023, the following HTTP/2 protocol-level weakness, which enables a novel distributed denial of service (DDoS) attack technique, was disclosed: CVE-2023-44487: HTTP/2 Rapid Reset For a description of this vulnerability, see the following publications: How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack (Google) HTTP/2 Zero-Day vulnerability results... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-16
  • Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
    Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-16
  • Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability
    A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-13
  • cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
    On October 11, 2023, cURL released Version 8.4.0 of the cURL utility and the libcurl library. This release addressed two security vulnerabilities:  CVE-2023-38545 – High Security Impact Rating (SIR) CVE-2023-38546 – Low SIR This advisory covers CVE-2023-38545 only. For more information about CVE-2023-38545, see the cURL advisory. This advisory is... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-12
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
    A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-11
  • Cisco Catalyst SD-WAN Manager Vulnerabilities
    Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an attacker to access an affected instance or cause a denial of service (DoS) condition on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-06
  • ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
    A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on the affected device. The vulnerability exists because the affected... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability
    A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an affected device.... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Cisco Emergency Responder Static Credentials Vulnerability
    A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability
    A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability
    A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Reports about Cyber Actors Hiding in Router Firmware
    On September 27, 2023, the U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released a joint cybersecurity advisory (CSA)... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability
    A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability
    A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco Wireless LAN Controller AireOS Software Denial of Service Vulnerability
    A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability
    A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability
    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28

Bundesamt für Sicherheit in der Informationstechnik - CERT Bund

  • CB-K22/0321 Update 33
    OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0552 Update 4
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0407 Update 23
    Das gzip-Paket ist ein GNU Kompressionsprogramm. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in gzip ausnutzen, um Dateien zu manipulieren.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0411 Update 3
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0626 Update 8
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K21/0849 Update 35
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0361 Update 22
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen und vertrauliche Informationen offenzulegen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0386 Update 26
    Die zlib ist eine freie Programmbibliothek zum Komprimieren und Dekomprimieren von Daten. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in zlib ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0311 Update 5
    QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert. Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um Informationen offenzulegen oder sonstige Auswirkungen zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0526 Update 2
    QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert. Ein lokaler Angreifer kann mehrere Schwachstelle in QEMU ausnutzen, um einen Denial of Service Angriff durchzuführen und beliebigen Code auszuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0570 Update 6
    cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt. Ein Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen, Dateien zu löschen oder einen Denial of Service zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0048 Update 8
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K21/1198 Update 7
    Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0397 Update 9
    Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert. Ein lokaler Angreifer kann eine Schwachstelle in Xen ausnutzen, um einen Denial of Service zu verursachen und potentiell seine Privilegien zu erhöhen oder Informationen offenzulegen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0623 Update 2
    Das "Gnu Image Manipulation Program" ist eine Open Source Software zum Bearbeiten von Bildern. Es ist auch Bestandteil vieler Linux Distributionen. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GIMP ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0404 Update 11
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0641 Update 5
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0201 Update 6
    PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PHP ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0656 Update 2
    logrotate ist ein Werkzeug um Log-Dateien zu verwalten. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in logrotate ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0642 Update 8
    Firefox ist ein Open Source Web Browser. ESR ist die Variante mit verlängertem Support. Thunderbird ist ein Open Source E-Mail Client. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Programmcode auszuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022

US Department of Homeland Security - Alerts (in englisch)

  • #StopRansomware: Akira Ransomware
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2024-04-17
  • #StopRansomware: Phobos Ransomware
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against... more
    Source: Security - CISA-USA - Security Alerts Published on: 2024-02-26
  • SVR Cyber Actors Adapt Tactics for Initial Cloud Access
    How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National Cyber Security Centre (NCSC) and... more
    Source: Security - CISA-USA - Security Alerts Published on: 2024-02-23
  • Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. CISA and authoring organizations appreciate... more
    Source: Security - CISA-USA - Security Alerts Published on: 2024-02-21
  • Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an... more
    Source: Security - CISA-USA - Security Alerts Published on: 2024-02-14
  • Known Indicators of Compromise Associated with Androxgh0st Malware
    SUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting... more
    Source: Security - CISA-USA - Security Alerts Published on: 2024-01-12
  • #StopRansomware: ALPHV Blackcat
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-19
  • Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment
    SUMMARY In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) at the request of a Healthcare and Public Health (HPH) sector organization to identify vulnerabilities and areas for improvement. An RVA is a two-week penetration test of an entire organization, with one... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-14
  • Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
    SUMMARY The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-12
  • #StopRansomware: Play Ransomware
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-11
  • Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
    The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-06
  • Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-04
  • IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
    SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-01
  • #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-11-21
  • Scattered Spider
    SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-11-15
  • #StopRansomware: Rhysida Ransomware
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-11-14
  • Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server,... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-10-13
  • #StopRansomware: AvosLocker Ransomware (Update)
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-10-11
  • People's Republic of China-Linked Cyber Actors Hide in Router Firmware
    Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) (hereafter referred to as the “authoring agencies”)... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-09-26

Sie sind nicht sicher bei der
Bewertung der Security-Alerts?

Tips zur Erhöhung der IT-Sicherheit

Hilfreiche Tipps zu häufigen Sicherheitsproblemen für nichttechnische Computerbenutzer vom US Department of Homeland Security (in englisch)

Gerne beraten wir Sie zur Sicherheit Ihrer Kommunikationssysteme

Nutzen Sie unser Quick Formular, rufen Sie uns an oder schreiben uns eine ausführliche Kontaktanfrage.

    * Erforderliche Angaben


    Hiermit willige ich in die Verarbeitung meiner personenbezogenen Daten ein.*