Sicherheitshinweise

Hinweise zu Schwachstellen und Gefährdungen

Veröffentlichungen von Partnern und Behörden

Nachfolgend finden Sie Sicherheitshinweise von Partnern und Behörden zu Schwachstellen und Gefährdungen.

Die Hinweise enthalten Links zu externen Websites Dritter, auf deren Inhalte wir keinen Einfluss haben. Deshalb können wir für diese fremden Inhalte auch keine Gewähr übernehmen. Für die Inhalte der verlinkten Seiten ist stets der jeweilige Anbieter oder Betreiber der Seiten verantwortlich.

Cisco Systems - Security Advisory (in englisch)

  • Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021
    On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases. For a description of these vulnerabilities, see the Apache HTTP Server 2.4.49 section of the Apache HTTP Server 2.4 vulnerabilities webpage. This advisory will be updated as additional information... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-24
  • Cisco Common Services Platform Collector SQL Injection Vulnerability
    A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-18
  • Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability
    A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-18
  • Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability
    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface.... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-18
  • Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability
    Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-12
  • Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities
    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-12
  • Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Small Business Series Switches Session Credentials Replay Vulnerability
    A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Email Security Appliance Denial of Service Vulnerability
    A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability
    A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Webex Meetings Email Content Injection Vulnerability
    A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Policy Suite Static SSH Keys Vulnerability
    A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability
    A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability
    A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability
    A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Common Services Platform Collector Information Disclosure Vulnerability
    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities
    Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability
    A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Webex Video Mesh Cross-Site Scripting Vulnerability
    A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-04
  • Cisco Umbrella Email Enumeration Vulnerability
    A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2021-11-03

Bundesamt für Sicherheit in der Informationstechnik - CERT Bund

  • CB-K21/1240
    LibreSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in LibreSSL ausnutzen, um Sicherheitsvorkehrungen zu umgehen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 26.11.2021
  • CB-K21/1238
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle in Linux Kernel ausnutzen, um Dateien zu manipulieren oder offenzulegen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 26.11.2021
  • CB-K21/1239
    OpenBSD ist ein Unix-artiges Betriebssystem, abgeleitet von BSD-Unix. Ein lokaler Angreifer kann eine Schwachstelle in OpenBSD ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 26.11.2021
  • CB-K21/1237
    F-Secure ist ein Hersteller einer Vielzahl von Antivirusprodukten für Client und Server. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiedenen F-Secure Produkten mit Anti-Virus Engine ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 26.11.2021
  • CB-K21/1158 Update 3
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 26.11.2021
  • CB-K21/1032 Update 2
    Das Android Betriebssystem von Google ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 26.11.2021
  • CB-K21/0540 Update 10
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder um Informationen offenzulegen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 26.11.2021
  • CB-K21/0796 Update 11
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um Sicherheitsvorkehrungen zu umgehen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 26.11.2021
  • CB-K21/0992 Update 16
    Apache ist ein Webserver für verschiedene Plattformen. Ein entfernter Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um Sicherheitsvorkehrungen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial of Service Zustand herzustellen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 25.11.2021
  • CB-K21/1235
    Zoom bietet Kommunikationssoftware, die Videokonferenzen, Online-Besprechungen, Chat und mobile Zusammenarbeit kombiniert. Die Zoom On-Premise-Implementierungen ermöglichen es Unternehmen, virtuelle Maschinen für Konferenzen innerhalb ihres internen Unternehmensnetzwerks einzusetzen. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Zoom Video Communications Zoom Client und Zoom Video Communications On-Premise ausnutzen, um beliebigen Programmcode auszuführen oder... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 25.11.2021
  • CB-K21/1234
    Libvirt ist eine Bibliothek, die Schnittstellen zu den Virtualisierungsfunktionen von Linux anbietet und Werkzeuge zur Verwaltung von virtualisierten Systemen zur Verfügung stellt. Ein lokaler Angreifer kann eine Schwachstelle in libvirt ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 25.11.2021
  • CB-K21/1232
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 25.11.2021
  • CB-K21/1151 Update 1
    ILIAS ist eine Open Source e-Learning Lösung. Ein Angreifer kann eine Schwachstelle in ILIAS ausnutzen, um Informationen offenzulegen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 25.11.2021
  • CB-K21/1233
    Bitdefender Antivirus ist eine Anti-Virus, Anti-Spyware und Anti-Malware Lösung. Bitdefender Internet Security ist eine Anti-Virus, Anti-Spyware, Anti-Malware und Anti-Spam Lösung. Bitdefender Total Security ist eine Anti-Virus, Anti-Spyware, Anti-Malware und Anti-Spam Lösung. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Bitdefender Antivirus, Bitdefender Internet Security und Bitdefender Total Security ausnutzen, um... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 25.11.2021
  • CB-K21/0578 Update 5
    Chrome ist ein Internet-Browser von Google. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 25.11.2021
  • CB-K21/1236
    KDE ist ein grafischer Desktop für Linux Systeme. KMail ist ein E-Mail Client und Teil des KDE Window Manager. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in KDE und Kmail ausnutzen, um Anmeldeinformationen offenzulegen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 25.11.2021
  • CB-K21/0878 Update 10
    Apache ist ein Webserver für verschiedene Plattformen. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache HTTP Server ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 25.11.2021
  • CB-K20/0776 Update 2
    Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 24.11.2021
  • CB-K21/0280 Update 1
    JBoss A-MQ ist eine Messaging-Plattform. Red Hat JBoss Datenvirtualisierung ist eine Datenintegrationslösung, die einen einheitlichen und Echtzeit-Datenzugriff über unterschiedliche Quellen, mehrere Anwendungen und Benutzer bietet. JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam. Ein entfernter, anonymer Angreifer kann eine... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 24.11.2021
  • CB-K21/0284 Update 9
    JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam. Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand auslösen, Informationen offenzulegen, Daten zu manipulieren, Sicherheitsmaßnahmen zu umgehen oder einen... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 24.11.2021

US Department of Homeland Security - Alerts (in englisch)

  • AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
    Original release date: November 17, 2021SummaryActions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement multi-factor authentication. • Use strong, unique passwords. Note: this advisory uses the MITRE Adversarial Tactics, Techniques, and Common... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-11-17
  • AA21-291A: BlackMatter Ransomware
    Original release date: October 18, 2021SummaryActions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Use strong, unique passwords. • Use multi-factor authentication. • Implement network segmentation and traversal monitoring. Note: this advisory uses the MITRE Adversarial Tactics, Techniques, and... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-10-18
  • AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems
    Original release date: October 14, 2021SummaryImmediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Use strong passwords. • Use multi-factor authentication. Note: This advisory uses the MITRE Adversarial Tactics,... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-10-14
  • AA21-265A: Conti Ransomware
    Original release date: September 22, 2021 | Last revised: September 23, 2021SummaryImmediate Actions You Can Take Now to Protect Against Conti Ransomware • Use multi-factor authentication. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-09-22
  • AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
    Original release date: September 16, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for  referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-09-16
  • AA21-243A: Ransomware Awareness for Holidays and Weekends
    Original release date: August 31, 2021SummaryImmediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Update your OS and software. • Use strong passwords. •... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-08-31
  • AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS
    Original release date: August 17, 2021SummaryOn August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries.[1] A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-08-17
  • AA21-209A: Top Routinely Exploited Vulnerabilities
    Original release date: July 28, 2021SummaryThis Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).  This advisory provides details on the top 30... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-07-28
  • AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
    Original release date: July 20, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided in this advisory in 2012 to... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-07-20
  • AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
    Original release date: July 19, 2021SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics and techniques. The National... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-07-19
  • AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
    Original release date: July 19, 2021SummaryThis Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40’s tactics, techniques, and... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-07-19
  • AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
    Original release date: May 28, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-05-29
  • AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
    Original release date: May 11, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-05-11
  • AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
    Original release date: April 26, 2021SummaryThe Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—will continue to seek intelligence from U.S.... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-04-26
  • AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
    Original release date: April 20, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products. Since... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-04-20
  • AA-21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
    Original release date: April 20, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related vulnerabilities in certain Ivanti Pulse Connect Secure products. Since March... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-04-20
  • AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
    Original release date: March 18, 2021SummaryThis Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-03-18
  • AA21-076A: TrickBot Malware
    Original release date: March 17, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-03-17
  • AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
    Original release date: March 3, 2021SummaryCybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-03-03
  • AA21-055A: Exploitation of Accellion File Transfer Appliance
    Original release date: February 24, 2021SummaryThis joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[7] This activity has impacted... more
    Source: Security - CISA-USA - Security Alerts Published on: 2021-02-24

Sie sind nicht sicher bei der
Bewertung der Security-Alerts?

Tips zur Erhöhung der IT-Sicherheit

Hilfreiche Tipps zu häufigen Sicherheitsproblemen für nichttechnische Computerbenutzer vom US Department of Homeland Security (in englisch)

Gerne beraten wir Sie zur Sicherheit Ihrer Kommunikationssysteme

Nutzen Sie unser Quick Formular, rufen Sie uns an oder schreiben uns eine ausführliche Kontaktanfrage.

    * Erforderliche Angaben


    Hiermit willige ich in die Verarbeitung meiner personenbezogenen Daten ein.*