Sicherheitshinweise

Hinweise zu Schwachstellen und Gefährdungen

Veröffentlichungen von Partnern und Behörden

Nachfolgend finden Sie Sicherheitshinweise von Partnern und Behörden zu Schwachstellen und Gefährdungen.

Die Hinweise enthalten Links zu externen Websites Dritter, auf deren Inhalte wir keinen Einfluss haben. Deshalb können wir für diese fremden Inhalte auch keine Gewähr übernehmen. Für die Inhalte der verlinkten Seiten ist stets der jeweilige Anbieter oder Betreiber der Seiten verantwortlich.

Cisco Systems - Security Advisory (in englisch)

  • Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
    Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in IOS-XE. A fix has been identified and the build, test, and release process has been initiated. The first fixed software releases are estimated to post on Cisco Software Download Center on Sunday,... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-20
  • Cisco IOS XE Software Web UI Command Injection Vulnerability
    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-19
  • Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability
    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-18
  • HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023
    On October 10, 2023, the following HTTP/2 protocol-level weakness, which enables a novel distributed denial of service (DDoS) attack technique, was disclosed: CVE-2023-44487: HTTP/2 Rapid Reset For a description of this vulnerability, see the following publications: How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack (Google) HTTP/2 Zero-Day vulnerability results... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-16
  • Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
    Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-16
  • Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability
    A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-13
  • cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
    On October 11, 2023, cURL released Version 8.4.0 of the cURL utility and the libcurl library. This release addressed two security vulnerabilities:  CVE-2023-38545 – High Security Impact Rating (SIR) CVE-2023-38546 – Low SIR This advisory covers CVE-2023-38545 only. For more information about CVE-2023-38545, see the cURL advisory. This advisory is... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-12
  • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
    A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-11
  • Cisco Catalyst SD-WAN Manager Vulnerabilities
    Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an attacker to access an affected instance or cause a denial of service (DoS) condition on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-06
  • ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
    A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on the affected device. The vulnerability exists because the affected... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability
    A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an affected device.... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Cisco Emergency Responder Static Credentials Vulnerability
    A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability
    A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability
    A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-10-04
  • Reports about Cyber Actors Hiding in Router Firmware
    On September 27, 2023, the U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released a joint cybersecurity advisory (CSA)... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability
    A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability
    A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco Wireless LAN Controller AireOS Software Denial of Service Vulnerability
    A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability
    A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28
  • Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability
    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within... more
    Source: Security - Cisco Security Advisory - PSIRT Published on: 2023-09-28

Bundesamt für Sicherheit in der Informationstechnik - CERT Bund

  • CB-K22/0321 Update 33
    OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0552 Update 4
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0407 Update 23
    Das gzip-Paket ist ein GNU Kompressionsprogramm. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in gzip ausnutzen, um Dateien zu manipulieren.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0411 Update 3
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0626 Update 8
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K21/0849 Update 35
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0361 Update 22
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen und vertrauliche Informationen offenzulegen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0386 Update 26
    Die zlib ist eine freie Programmbibliothek zum Komprimieren und Dekomprimieren von Daten. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in zlib ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0311 Update 5
    QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert. Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um Informationen offenzulegen oder sonstige Auswirkungen zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0526 Update 2
    QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert. Ein lokaler Angreifer kann mehrere Schwachstelle in QEMU ausnutzen, um einen Denial of Service Angriff durchzuführen und beliebigen Code auszuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0570 Update 6
    cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt. Ein Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen, Dateien zu löschen oder einen Denial of Service zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0048 Update 8
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K21/1198 Update 7
    Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0397 Update 9
    Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert. Ein lokaler Angreifer kann eine Schwachstelle in Xen ausnutzen, um einen Denial of Service zu verursachen und potentiell seine Privilegien zu erhöhen oder Informationen offenzulegen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0623 Update 2
    Das "Gnu Image Manipulation Program" ist eine Open Source Software zum Bearbeiten von Bildern. Es ist auch Bestandteil vieler Linux Distributionen. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GIMP ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0404 Update 11
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0641 Update 5
    Der Kernel stellt den Kern des Linux Betriebssystems dar. Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0201 Update 6
    PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PHP ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0656 Update 2
    logrotate ist ein Werkzeug um Log-Dateien zu verwalten. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in logrotate ausnutzen, um einen Denial of Service Angriff durchzuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022
  • CB-K22/0642 Update 8
    Firefox ist ein Open Source Web Browser. ESR ist die Variante mit verlängertem Support. Thunderbird ist ein Open Source E-Mail Client. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Programmcode auszuführen.... mehr
    Quelle: Security - BSI-D Alerts CERT -Bund Veröffentlicht am: 14.06.2022

US Department of Homeland Security - Alerts (in englisch)

  • Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
    The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-06
  • Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-04
  • IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
    SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-12-01
  • #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-11-21
  • Scattered Spider
    SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-11-15
  • #StopRansomware: Rhysida Ransomware
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-11-14
  • Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server,... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-10-13
  • #StopRansomware: AvosLocker Ransomware (Update)
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-10-11
  • People's Republic of China-Linked Cyber Actors Hide in Router Firmware
    Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) (hereafter referred to as the “authoring agencies”)... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-09-26
  • #StopRansomware: Snatch Ransomware
    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-09-18
  • Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023. Analysts confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-09-06
  • Identification and Disruption of QakBot Infrastructure
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to disseminate QakBot infrastructure indicators of compromise (IOCs) identified through FBI investigations as of August 2023. On August 25, FBI and international partners executed a coordinated operation to disrupt... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-08-29
  • 2022 Top Routinely Exploited Vulnerabilities
    SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-08-02
  • Threat Actors Exploiting Ivanti EPMM Vulnerabilities
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-08-01
  • Preventing Web Application Access Control Abuse
    SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-07-26
  • Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-07-20
  • Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
    SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-07-11
  • Increased Truebot Activity Infects U.S. and Canada Based Networks
    SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-07-05
  • Understanding Ransomware Threat Actors: LockBit
    SUMMARY In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency... more
    Source: Security - CISA-USA - Security Alerts Published on: 2023-06-12

Sie sind nicht sicher bei der
Bewertung der Security-Alerts?

Tips zur Erhöhung der IT-Sicherheit

Hilfreiche Tipps zu häufigen Sicherheitsproblemen für nichttechnische Computerbenutzer vom US Department of Homeland Security (in englisch)

Gerne beraten wir Sie zur Sicherheit Ihrer Kommunikationssysteme

Nutzen Sie unser Quick Formular, rufen Sie uns an oder schreiben uns eine ausführliche Kontaktanfrage.

    * Erforderliche Angaben


    Hiermit willige ich in die Verarbeitung meiner personenbezogenen Daten ein.*