Sicherheitshinweise

Hinweise zu Schwachstellen und Gefährdungen

Veröffentlichungen von Partnern und Behörden

Nachfolgend finden Sie Sicherheitshinweise von Partnern und Behörden zu Schwachstellen und Gefährdungen.

Die Hinweise enthalten Links zu externen Websites Dritter, auf deren Inhalte wir keinen Einfluss haben. Deshalb können wir für diese fremden Inhalte auch keine Gewähr übernehmen. Für die Inhalte der verlinkten Seiten ist stets der jeweilige Anbieter oder Betreiber der Seiten verantwortlich.

Cisco Systems - Security Advisory (in englisch)

  • Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability
    May 12, 2022 Update: The information in the Cisco Software Checker was not complete when this advisory was first published. Customers should use the form in the Fixed Software section of this advisory to get the latest information about vulnerable releases and fixed releases. A vulnerability in the CLI of Cisco IOS... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-13
  • Cisco IOx Application Hosting Environment Vulnerabilities
    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-13
  • ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: May 2022
    On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022
    On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:  A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022
    On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022
    On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
    On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
    Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022
    On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
    On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022
    On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • Cisco Small Business RV Series Routers Remote Code Execution Vulnerability
    A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • Cisco Small Business RV Series Routers Command Injection Vulnerabilities
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • Cisco SD-WAN vManage Software Information Disclosure Vulnerability
    A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • Cisco Enterprise NFV Infrastructure Software Vulnerabilities
    Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-05
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability
    A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes.... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-03
  • Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service Vulnerability
    A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service (DoS) condition. This vulnerability is due to suboptimal processing that... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-05-02
  • Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability
    A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-04-30
  • Vulnerability in Spring Framework Affecting Cisco Products: March 2022
    On March 31, 2022, the following critical vulnerability in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ was released:      CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ For a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report.... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-04-29
  • Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability
    A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2022-04-28

Bundesamt für Sicherheit in der Informationstechnik - CERT Bund

  • CB-K22/0218 Update 18
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K19/0101 Update 5
    rsyslog ist ein erweiterter, multithread syslog Dämon der MySQL, syslog/TCP, RFC 3195, "permitted sender" Listen, Filterfunktionen für einzelne Nachrichtenteile und eine fein granulierte Steuerung des Ausgabeformates bietet. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in rsyslog ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K22/0281 Update 15
    Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert. Ein lokaler Angreifer kann mehrere Schwachstellen in Xen ausnutzen, um Informationen offenzulegen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K22/0105 Update 28
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen und einen Denial of Service Zustand auszulösen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K22/0146 Update 29
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K22/0421 Update 1
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K19/0959 Update 16
    Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution. Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen, vertrauliche Daten einzusehen, Code zur Ausführung zu bringen, Sicherheitsmechanismen zu umgehen, seine Privilegien zu erweitern oder Daten zu manipulieren... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K21/0841 Update 41
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herzustellen und Sicherheitsmaßnahmen zu umgehen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K21/1158 Update 15
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K21/0387 Update 2
    JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird. SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper. Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper Junos Evolved und Juniper SRX Series ausnutzen, um einen Denial of Service Angriff... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K22/0334 Update 16
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erweitern, einen Denial of Service Zustand auszulösen und mehrere nicht spezifizierte Angriffe durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K21/0593 Update 3
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer mit Berechtigungen kann eine Schwachstelle im Linux Kernel ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K21/0310 Update 1
    Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das für Cisco Geräte wie z. B. Router und Switches eingesetzt wird. Ein entfernter anonymer, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Cisco IOS XE ausnutzen, um Privilegien zu erhöhen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial of Service Zustand... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K20/0523 Update 15
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen oder einen Denial of Service Zustand zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K22/0386 Update 14
    Die zlib ist eine freie Programmbibliothek zum Komprimieren und Dekomprimieren von Daten. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in zlib ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K21/1302 Update 9
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K22/0407 Update 13
    Das gzip-Paket ist ein GNU Kompressionsprogramm. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in gzip ausnutzen, um Dateien zu manipulieren.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K22/0094 Update 9
    Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um einen Denial of Service Angriff durchzuführen oder Code zur Ausführung zu bringen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K22/0436 Update 3
    Apache Subversion ist ein Versionskontrollsystem. Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Subversion ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022
  • CB-K21/0314 Update 1
    Router sind Geräte aus dem Bereich Computernetzwerke, Telekommunikation und Internet, die mehrere Rechnernetze miteinander verbinden. Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Cisco Router ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Zustand auszulösen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 13.05.2022

US Department of Homeland Security - Alerts (in englisch)

  • AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
    Original release date: May 11, 2022SummaryTactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-05-11
  • AA22-117A: 2021 Top Routinely Exploited Vulnerabilities
    Original release date: April 27, 2022SummaryThis joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-04-27
  • AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
    Original release date: April 20, 2022SummaryActions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-04-20
  • AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
    Original release date: April 18, 2022SummaryActions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-04-18
  • AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices
    Original release date: April 13, 2022SummaryActions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-04-13
  • AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
    Original release date: March 24, 2022SummaryActions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This joint Cybersecurity... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-03-24
  • AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers
    Original release date: March 17, 2022SummaryActions to Take Today: • Use secure methods for authentication. • Enforce principle of least privilege. • Review trust relationships. • Implement encryption. • Ensure robust patching and system configuration audits. • Monitor logs for suspicious activity. • Ensure incident response, resilience, and continuity of... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-03-17
  • AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
    Original release date: March 15, 2022SummaryMultifactor Authentication (MFA): A Cybersecurity Essential • MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised. • Every organization should... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-03-15
  • AA22-057A: Destructive Malware Targeting Organizations in Ukraine
    Original release date: February 26, 2022SummaryActions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-02-26
  • AA22-055A : Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
    Original release date: February 24, 2022SummaryActions to Take Today to Protect Against Malicious Activity * Search for indicators of compromise. * Use antivirus software. * Patch all systems. * Prioritize patching known exploited vulnerabilities. * Train users to recognize and report phishing attempts. * Use multi-factor authentication. Note: this advisory... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-02-24
  • AA22-054A: New Sandworm Malware Cyclops Blink Replaces VPNFilter
    Original release date: February 23, 2022SummaryThe Sandworm actor, which the United Kingdom and the United States have previously attributed to the Russian GRU, has replaced the exposed VPNFilter malware with a new more advanced framework. The United Kingdom's (UK) National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-02-23
  • AA22-047A: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
    Original release date: February 16, 2022SummaryActions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through February 2022, the Federal Bureau of Investigation... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-02-16
  • AA22-040A: 2021 Trends Show Increased Globalized Threat of Ransomware
    Original release date: February 9, 2022SummaryImmediate Actions You Can Take Now to Protect Against Ransomware: • Update your operating system and software. • Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments. • If you use Remote Desktop Protocol (RDP), secure and monitor it. • Make... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-02-09
  • AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
    Original release date: January 11, 2022SummaryActions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact lists and surge support. Note: this advisory uses the MITRE Adversarial Tactics, Techniques,... more
    Source: Security - CISA-USA - Security Alerts Published on: 2022-01-11
  • AA21-356A: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
    Original release date: December 22, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-12-22
  • AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
    Original release date: December 2, 2021SummaryThis joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts between the Federal Bureau of... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-12-02
  • AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
    Original release date: November 17, 2021SummaryActions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement multi-factor authentication. • Use strong, unique passwords. Note: this advisory uses the MITRE Adversarial Tactics, Techniques, and Common... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-11-17
  • AA21-291A: BlackMatter Ransomware
    Original release date: October 18, 2021SummaryActions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Use strong, unique passwords. • Use multi-factor authentication. • Implement network segmentation and traversal monitoring. Note: this advisory uses the MITRE Adversarial Tactics, Techniques, and... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-10-18
  • AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems
    Original release date: October 14, 2021SummaryImmediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Use strong passwords. • Use multi-factor authentication. Note: This advisory uses the MITRE Adversarial Tactics,... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-10-14
  • AA21-265A: Conti Ransomware
    Original release date: September 22, 2021 | Last revised: September 23, 2021SummaryImmediate Actions You Can Take Now to Protect Against Conti Ransomware • Use multi-factor authentication. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-09-22

Sie sind nicht sicher bei der
Bewertung der Security-Alerts?

Tips zur Erhöhung der IT-Sicherheit

Hilfreiche Tipps zu häufigen Sicherheitsproblemen für nichttechnische Computerbenutzer vom US Department of Homeland Security (in englisch)

Gerne beraten wir Sie zur Sicherheit Ihrer Kommunikationssysteme

Nutzen Sie unser Quick Formular, rufen Sie uns an oder schreiben uns eine ausführliche Kontaktanfrage.

    * Erforderliche Angaben


    Hiermit willige ich in die Verarbeitung meiner personenbezogenen Daten ein.*