News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Mastodon: two highly dangerous vulnerabilities discovered 
B2B Cyber ​​Security ShortNews

In its series “Code Analysis of Open Source Software” (CAOS for short), the BSI has examined software for its security. It discovered two highly dangerous vulnerabilities in the Twitter and X alternative Mastodon. The BSI launched the “Code Analysis of Open Source Software” (CAOS for short) project in 2021. The aim of the project is to subject various open source software to a code analysis. The focus is on user software that is increasingly used by authorities or society. The code analysis is intended to strengthen confidence in the security properties of the product and to identify any…

Read more

BSI criteria: Multi-layered protection against DDoS attacks
B2B Cyber ​​Security ShortNews

In view of the increasing number and intensity of DDoS attacks, the Federal Office for Information Security (BSI) has published criteria for identifying qualified security service providers to protect against DDoS attacks. DDoS attacks not only lead to major economic damage, but also to reputational losses when services are unavailable or data leaks. Support from specialized external service providers is essential to dealing with these threats. In particular, the importance of a multi-layered DDoS protection approach is emphasized. BSI requires several layers of protection A multi-layered protection approach involves the combination of different techniques and technologies to effectively detect and ward off threats. To…

Read more

BSI warns: Another critical vulnerability in MOVEit FTP module
BSI warns: Another critical vulnerability in MOVEit FTP module Image: MS - KI

MOVEit hit the headlines in 2023 due to serious security vulnerabilities, especially in the FTP module. The Cl0p group exploited the vulnerability and immediately attacked many companies. Now there is another critical vulnerability with a CVSS value of 9.1 out of 10, and there are already active attacks again. For many companies that use MOVEit, it is like déjà vu: just last year, several vulnerabilities led to attacks by the Cl0p group. A lot of data was stolen and offered for sale online. Now the BSI is warning again about a new vulnerability in the SFTP module...

Read more

Vulnerabilities in Check Point Security Gateways attacked
B2B Cyber ​​Security ShortNews

According to the BSI, the published vulnerabilities in Check Point security gateways are currently being attacked. The BSI does not rule out the possibility of data leakage. Check Point is already offering hotfixes. On May 26, 2024, Check Point published a high-priority advisory. In it, the manufacturer pointed out a newly discovered vulnerability in the Quantum and Maestro product lines that allows attackers to read information from these security gateways - especially credentials or VPN access data - remotely and without authentication. Be sure to run hotfixes -...

Read more

BSI: New study on hardware Trojans 
B2B Cyber ​​Security ShortNews

The BSI has published a study on the possibilities for manipulating hardware in distributed manufacturing processes. This involves hidden chips on hardware boards, so-called hardware Trojans. The Federal Office for Information Security (BSI) commissioned the study "Examination of manipulation possibilities of hardware in distributed manufacturing processes (PANDA)". This study examines the influence of attackers within the manufacturing chain of complex IT systems. Trojans as chips on boards The publication describes the individual steps from the initial idea to the finished product. Based on this, possible weak points in the chain are shown and selected attack scenarios are outlined....

Read more

BSI is suing Microsoft for the release of information
B2B Cyber ​​Security ShortNews

The BSI has now had enough: The BSI had asked Microsoft several times how the hack on the email accounts hosted by Microsoft could happen and how Chinese hackers were able to penetrate Microsoft to such an extent. The answers were so sparse that the BSI is now taking legal action and is suing for the information. The BSI had patience with Microsoft for a long time, but this has now been exhausted. The BSI made several inquiries to Microsoft and wanted to find out more about the hacks on Microsoft's many email accounts. But Microsoft announced, according to the…

Read more

BSI warns: Palo Alto firewalls with critical vulnerability 
B2B Cyber ​​Security ShortNews

The BSI warns: The PAN-OS operating system has a glaring, critical vulnerability that was rated with a CVSS value of 10.0 out of 10. Companies should act immediately and apply upcoming patches or use the available workarounds. According to BSI - the Federal Office for Information Security, on April 12, 2024, the company Palo Alto Networks published an advisory about an actively exploited vulnerability in PAN-OS, the operating system of the manufacturer's firewalls. The vulnerability with the identifier CVE-2024-3400 is an OS command injection in the GlobalProtect Gateway feature, which allows an unauthenticated…

Read more

Critical CVSS 10.0 backdoor in XZ for Linux
B2B Cyber ​​Security ShortNews

The BSI has issued a warning about a critical 10.0 vulnerability in the XZ tool within Linux. Only Fedora 41 and Fedora Rawhide in the Red Hat family are affected. Since the vulnerability has now become known in the media, attacks can also be expected. The BSI - the Federal Office for Information Security - warns of a critical vulnerability that is distributed by malware in Linux distributions. The open source provider Red Hat announced on March 29.03.2024, 5.6.0 that in versions 5.6.1 and XNUMX .XNUMX of the “xz” tools and libraries discovered malicious code that allows to bypass authentication in sshd via systemd….

Read more

BSI: Thousands of MS Exchange servers with critical vulnerabilities
BSI: Thousands of MS Exchange servers with critical vulnerabilities - Ki - Bing

The BSI – Federal Office for Information Security – has warned several times in the past about vulnerabilities in Exchange and recommended that the security updates provided be installed promptly. But old systems are still not patched and a new vulnerability has already been published. There are currently around 45.000 Microsoft Exchange servers in Germany operating with Outlook Web Access (OWA) that can be accessed openly from the Internet. According to the BSI's findings, around 12% of these are still running Exchange 2010 or 2013. Security updates have no longer been available for these versions since October 2020 or April 2023...

Read more

BSI sets minimum standards for web browsers
B2B Cyber ​​Security ShortNews

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. Companies can also use this as a guide. The supplementary browser comparison table and the IT-Grundschutz reference table have also been updated accordingly. Web browsers serve as central software for navigating the Internet. They also process data from untrustworthy sources that contain malicious code. Computers, cell phones and tablets can become infected unnoticed. At the same time, the functions and interfaces of web browsers are constantly increasing. This means they also offer an increasing target for cybercriminals. The dynamic development…

Read more