News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: BSI

BSI warns: Palo Alto firewalls with critical vulnerability 
16 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI warns: The PAN-OS operating system has a glaring, critical vulnerability that was rated with a CVSS value of 10.0 out of 10. Companies should act immediately and apply upcoming patches or use the available workarounds. According to BSI - the Federal Office for Information Security, on April 12, 2024, the company Palo Alto Networks published an advisory about an actively exploited vulnerability in PAN-OS, the operating system of the manufacturer's firewalls. The vulnerability with the identifier CVE-2024-3400 is an OS command injection in the GlobalProtect Gateway feature, which allows an unauthenticated…

Read more

Critical CVSS 10.0 backdoor in XZ for Linux
5 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI has issued a warning about a critical 10.0 vulnerability in the XZ tool within Linux. Only Fedora 41 and Fedora Rawhide in the Red Hat family are affected. Since the vulnerability has now become known in the media, attacks can also be expected. The BSI - the Federal Office for Information Security - warns of a critical vulnerability that is distributed by malware in Linux distributions. The open source provider Red Hat announced on March 29.03.2024, 5.6.0 that in versions 5.6.1 and XNUMX .XNUMX of the “xz” tools and libraries discovered malicious code that allows to bypass authentication in sshd via systemd….

Read more

BSI: Thousands of MS Exchange servers with critical vulnerabilities
2 April 2024
| No comments
| PR News
BSI: Thousands of MS Exchange servers with critical vulnerabilities - Ki - Bing

The BSI – Federal Office for Information Security – has warned several times in the past about vulnerabilities in Exchange and recommended that the security updates provided be installed promptly. But old systems are still not patched and a new vulnerability has already been published. There are currently around 45.000 Microsoft Exchange servers in Germany operating with Outlook Web Access (OWA) that can be accessed openly from the Internet. According to the BSI's findings, around 12% of these are still running Exchange 2010 or 2013. Security updates have no longer been available for these versions since October 2020 or April 2023...

Read more

BSI sets minimum standards for web browsers
March 27, 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. Companies can also use this as a guide. The supplementary browser comparison table and the IT-Grundschutz reference table have also been updated accordingly. Web browsers serve as central software for navigating the Internet. They also process data from untrustworthy sources that contain malicious code. Computers, cell phones and tablets can become infected unnoticed. At the same time, the functions and interfaces of web browsers are constantly increasing. This means they also offer an increasing target for cybercriminals. The dynamic development…

Read more

Critical security vulnerabilities in VMware
March 10, 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Security vulnerabilities have been discovered in some VMware products. The BSI classifies these vulnerabilities as critical. Among other things, the USB controllers in various devices are affected. A local attacker can exploit multiple vulnerabilities in VMware ESXi, VMware Workstation, VMware Fusion and VMware Cloud Foundation to execute arbitrary code, bypass security measures or disclose information, warns the BSI and recommends using updates as they become available. CVSS vulnerability scores range from 7,1 to 9,3. They are all classified as critical because they allow attackers to bypass virtual machines and access the…

Read more

Microsoft Defender can be tricked
23. February 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Microsoft's antivirus program Defender contains a component that is intended to detect and prevent the execution of malicious code using Rundll32.exe. However, this mechanism can be easily tricked, as a security researcher has discovered. All that is needed for the cyber attack is a simple comma to get past Microsoft Defender. All you have to do is insert an additional comma in the correct place in the code below and Microsoft Defender will see a harmless file instead of the threat. Security researcher John Page discovered the critical vulnerability. The vulnerability was discovered by Computer Emergency Response…

Read more

Critical vulnerabilities at Fortinet
20. February 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The Federal Office for Information Security (BSI) warns of a security gap in several versions of the Fortinet operating system FortiOS, which is used in the manufacturer's firewalls. The vulnerability allows unauthenticated external attackers to execute code and commands via crafted HTTP requests. According to the Common Vulnerability Scoring System (CVSS), the vulnerability received a rating of “critical” with a score of 9,8. The US security authority CISA, like the BSI, has issued a warning and states that the security vulnerability in FortiOS is already being actively attacked by hackers. Fortinet has…

Read more

National IT Situation Center
17. February 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Federal Interior Minister Nancy Faeser recently opened the new National IT Situation Center of the Federal Office for Information Security (BSI) in Bonn. Bitkom President Dr. Ralf Wintergerst: “Cyber ​​attacks are currently one of the biggest threats to our economy and society: Last year, the German economy suffered 206 billion euros in damage through theft of IT equipment and data as well as digital and analogue industrial espionage and sabotage. We welcome the fact that the BSI is improving the conditions for preventing and combating cyber crime with the new National IT Situation Center. So that companies and authorities can protect themselves accordingly,...

Read more

Email vulnerability: BSI warns of SMTP smuggling
8 January 2024
| No comments
| PR News

Using smuggling, an email can be split and the fake senders bypass authentication mechanisms such as SPF, DKIM and DMARC. While large companies and email service providers Microsoft, GMX and Ionos immediately stopped smuggling, Cisco continues to consider the danger to be a great function, according to the BSI. On December 18, cybersecurity firm SEC Consult released information about a new attack technique using “Simple Mail Transfer Protocol (SMTP) Smuggling.” With SMTP smuggling, attackers take advantage of the fact that different SMTP implementations interpret the marking of the end of an email message differently. SPF, DKIM and DMARC undermined you...

Read more

The situation of IT security in Germany
28 December 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

This year's report "The situation of IT security in Germany" from the Federal Office for Information Security (BSI) offers a presentation and analysis of the cybersecurity landscape in Germany and shows that there is a need not only for securing companies and authorities, but also for There are still major challenges in recognizing the importance of digitalization and cybersecurity. Discussions about post-quantum cryptography (PQK) and the construction and use of a public key infrastructure (PKI) are also important topics in cybersecurity this year. The report highlights the need for a hybrid model that combines algorithms …

Read more

© 2024 MedPressIT GbR
Cookie Settings