News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Microsoft Defender can be tricked
B2B Cyber ​​Security ShortNews

Microsoft's antivirus program Defender contains a component that is intended to detect and prevent the execution of malicious code using Rundll32.exe. However, this mechanism can be easily tricked, as a security researcher has discovered. All that is needed for the cyber attack is a simple comma to get past Microsoft Defender. All you have to do is insert an additional comma in the correct place in the code below and Microsoft Defender will see a harmless file instead of the threat. Security researcher John Page discovered the critical vulnerability. The vulnerability was discovered by Computer Emergency Response…

Read more

Critical vulnerabilities at Fortinet
B2B Cyber ​​Security ShortNews

The Federal Office for Information Security (BSI) warns of a security gap in several versions of the Fortinet operating system FortiOS, which is used in the manufacturer's firewalls. The vulnerability allows unauthenticated external attackers to execute code and commands via crafted HTTP requests. According to the Common Vulnerability Scoring System (CVSS), the vulnerability received a rating of “critical” with a score of 9,8. The US security authority CISA, like the BSI, has issued a warning and states that the security vulnerability in FortiOS is already being actively attacked by hackers. Fortinet has…

Read more

National IT Situation Center
B2B Cyber ​​Security ShortNews

Federal Interior Minister Nancy Faeser recently opened the new National IT Situation Center of the Federal Office for Information Security (BSI) in Bonn. Bitkom President Dr. Ralf Wintergerst: “Cyber ​​attacks are currently one of the biggest threats to our economy and society: Last year, the German economy suffered 206 billion euros in damage through theft of IT equipment and data as well as digital and analogue industrial espionage and sabotage. We welcome the fact that the BSI is improving the conditions for preventing and combating cyber crime with the new National IT Situation Center. So that companies and authorities can protect themselves accordingly,...

Read more

Email vulnerability: BSI warns of SMTP smuggling

Using smuggling, an email can be split and the fake senders bypass authentication mechanisms such as SPF, DKIM and DMARC. While large companies and email service providers Microsoft, GMX and Ionos immediately stopped smuggling, Cisco continues to consider the danger to be a great function, according to the BSI. On December 18, cybersecurity firm SEC Consult released information about a new attack technique using “Simple Mail Transfer Protocol (SMTP) Smuggling.” With SMTP smuggling, attackers take advantage of the fact that different SMTP implementations interpret the marking of the end of an email message differently. SPF, DKIM and DMARC undermined you...

Read more

The situation of IT security in Germany
B2B Cyber ​​Security ShortNews

This year's report "The situation of IT security in Germany" from the Federal Office for Information Security (BSI) offers a presentation and analysis of the cybersecurity landscape in Germany and shows that there is a need not only for securing companies and authorities, but also for There are still major challenges in recognizing the importance of digitalization and cybersecurity. Discussions about post-quantum cryptography (PQK) and the construction and use of a public key infrastructure (PKI) are also important topics in cybersecurity this year. The report highlights the need for a hybrid model that combines algorithms …

Read more

BSI study on the development status of quantum computers
B2B Cyber ​​Security ShortNews

The Federal Office for Information Security (BSI) has published the update of the “Development status of quantum computers” study. The ongoing development threatens many cryptographic methods currently in use. When planning the necessary transition to quantum-secure cryptography, a reliable assessment of the risk posed by quantum computing to information security is essential. The study presents the development status of current technologies for realizing a cryptographically relevant quantum computer as well as cryptographically relevant quantum algorithms. Quantum computers could crack passwords The advancing development of quantum technologies threatens many cryptographic methods currently in use. Data that is currently not transmitted in quantum-secure encrypted form and…

Read more

BSI warns: Microsoft Edge Browser requires security update  
B2B Cyber ​​Security ShortNews

The BSI has issued a warning for the Microsoft Edge browser because two highly dangerous security holes can be exploited by attackers. The problem can be solved with a quick update. The vulnerabilities CVE-2023-36026 and CVE-2023-36008 reported by the BSI have a CVSS base score of 7.8 and are therefore considered highly dangerous. The BSI describes the vulnerabilities as “A remote, anonymous attacker can exploit several vulnerabilities in Microsoft Edge to execute arbitrary program code or misrepresent information.” All versions below version number 119.0.2151.72 (Stable Channel) or below version 118.0.2088.109 are affected…

Read more

BSI concerns about the situation of IT security in Germany
BSI concerns about the situation of IT security in Germany

With its report on the situation of IT security in Germany, the BSI - Federal Office for Information Security provides an annual comprehensive overview of the threats in cyberspace. Current: The threat in cyberspace is higher than ever before. The cybersecurity situation in Germany remains tense. This emerges from the current report on the situation of IT security in Germany, which Federal Interior Minister Nancy Faeser and Claudia Plattner, President of the Federal Office for Information Security (BSI), presented today. The BSI management report makes it clear that ransomware attacks are currently the biggest threat...

Read more

BSI: Vulnerability with 9.4 in Citrix NetScaler ADC and Gateway 
B2B Cyber ​​Security ShortNews

The BSI has issued a critical warning about a CVSS 9.4 vulnerability for the products Citrix NetScaler Application Delivery Controller and NetScaler Gateway. The vulnerability gives attackers access to sensitive information without authentication. According to specialist Mandiant, the vulnerability has been exploited for a long time. According to the BSI, the manufacturer Citrix published an advisory on vulnerabilities in the products NetScaler Application Delivery Controller (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) on October 10, 2023. The one critical security vulnerability is identified according to Common Vulnerabilities and Exposures (CVE) under the...

Read more

Cisco: Web UI of IOS XE with 10.0 vulnerability
B2B Cyber ​​Security ShortNews

The BSI warns of an actively exploited vulnerability in the Cisco Web UI of IOS XE. The CVE-2023-20198 vulnerability has the highest CVSS score of 10.0 and is therefore critical. Many switches, routers and WLAN controllers are at risk. On October 16, Cisco released an advisory regarding an unpatched and actively exploited vulnerability in the Web UI of IOS XE. The vulnerability with the identifier CVE-2023-20198 allows remote, unauthenticated attackers to create new accounts (with level 15 access rights) on the affected system. Attackers are therefore able to take control of affected…

Read more