News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Vulnerabilities in Check Point Security Gateways attacked
B2B Cyber ​​Security ShortNews

According to the BSI, the published vulnerabilities in Check Point security gateways are currently being attacked. The BSI does not rule out the possibility of data leakage. Check Point is already offering hotfixes. On May 26, 2024, Check Point published a high-priority advisory. In it, the manufacturer pointed out a newly discovered vulnerability in the Quantum and Maestro product lines that allows attackers to read information from these security gateways - especially credentials or VPN access data - remotely and without authentication. Be sure to run hotfixes -...

Read more

BSI: New study on hardware Trojans 
B2B Cyber ​​Security ShortNews

The BSI has published a study on the possibilities for manipulating hardware in distributed manufacturing processes. This involves hidden chips on hardware boards, so-called hardware Trojans. The Federal Office for Information Security (BSI) commissioned the study "Examination of manipulation possibilities of hardware in distributed manufacturing processes (PANDA)". This study examines the influence of attackers within the manufacturing chain of complex IT systems. Trojans as chips on boards The publication describes the individual steps from the initial idea to the finished product. Based on this, possible weak points in the chain are shown and selected attack scenarios are outlined....

Read more

BSI is suing Microsoft for the release of information
B2B Cyber ​​Security ShortNews

The BSI has now had enough: The BSI had asked Microsoft several times how the hack on the email accounts hosted by Microsoft could happen and how Chinese hackers were able to penetrate Microsoft to such an extent. The answers were so sparse that the BSI is now taking legal action and is suing for the information. The BSI had patience with Microsoft for a long time, but this has now been exhausted. The BSI made several inquiries to Microsoft and wanted to find out more about the hacks on Microsoft's many email accounts. But Microsoft announced, according to the…

Read more

BSI warns: Palo Alto firewalls with critical vulnerability 
B2B Cyber ​​Security ShortNews

The BSI warns: The PAN-OS operating system has a glaring, critical vulnerability that was rated with a CVSS value of 10.0 out of 10. Companies should act immediately and apply upcoming patches or use the available workarounds. According to BSI - the Federal Office for Information Security, on April 12, 2024, the company Palo Alto Networks published an advisory about an actively exploited vulnerability in PAN-OS, the operating system of the manufacturer's firewalls. The vulnerability with the identifier CVE-2024-3400 is an OS command injection in the GlobalProtect Gateway feature, which allows an unauthenticated…

Read more

Critical CVSS 10.0 backdoor in XZ for Linux
B2B Cyber ​​Security ShortNews

The BSI has issued a warning about a critical 10.0 vulnerability in the XZ tool within Linux. Only Fedora 41 and Fedora Rawhide in the Red Hat family are affected. Since the vulnerability has now become known in the media, attacks can also be expected. The BSI - the Federal Office for Information Security - warns of a critical vulnerability that is distributed by malware in Linux distributions. The open source provider Red Hat announced on March 29.03.2024, 5.6.0 that in versions 5.6.1 and XNUMX .XNUMX of the “xz” tools and libraries discovered malicious code that allows to bypass authentication in sshd via systemd….

Read more

BSI: Thousands of MS Exchange servers with critical vulnerabilities
BSI: Thousands of MS Exchange servers with critical vulnerabilities - Ki - Bing

The BSI – Federal Office for Information Security – has warned several times in the past about vulnerabilities in Exchange and recommended that the security updates provided be installed promptly. But old systems are still not patched and a new vulnerability has already been published. There are currently around 45.000 Microsoft Exchange servers in Germany operating with Outlook Web Access (OWA) that can be accessed openly from the Internet. According to the BSI's findings, around 12% of these are still running Exchange 2010 or 2013. Security updates have no longer been available for these versions since October 2020 or April 2023...

Read more

BSI sets minimum standards for web browsers
B2B Cyber ​​Security ShortNews

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. Companies can also use this as a guide. The supplementary browser comparison table and the IT-Grundschutz reference table have also been updated accordingly. Web browsers serve as central software for navigating the Internet. They also process data from untrustworthy sources that contain malicious code. Computers, cell phones and tablets can become infected unnoticed. At the same time, the functions and interfaces of web browsers are constantly increasing. This means they also offer an increasing target for cybercriminals. The dynamic development…

Read more

Critical security vulnerabilities in VMware
B2B Cyber ​​Security ShortNews

Security vulnerabilities have been discovered in some VMware products. The BSI classifies these vulnerabilities as critical. Among other things, the USB controllers in various devices are affected. A local attacker can exploit multiple vulnerabilities in VMware ESXi, VMware Workstation, VMware Fusion and VMware Cloud Foundation to execute arbitrary code, bypass security measures or disclose information, warns the BSI and recommends using updates as they become available. CVSS vulnerability scores range from 7,1 to 9,3. They are all classified as critical because they allow attackers to bypass virtual machines and access the…

Read more

Microsoft Defender can be tricked
B2B Cyber ​​Security ShortNews

Microsoft's antivirus program Defender contains a component that is intended to detect and prevent the execution of malicious code using Rundll32.exe. However, this mechanism can be easily tricked, as a security researcher has discovered. All that is needed for the cyber attack is a simple comma to get past Microsoft Defender. All you have to do is insert an additional comma in the correct place in the code below and Microsoft Defender will see a harmless file instead of the threat. Security researcher John Page discovered the critical vulnerability. The vulnerability was discovered by Computer Emergency Response…

Read more

Critical vulnerabilities at Fortinet
B2B Cyber ​​Security ShortNews

The Federal Office for Information Security (BSI) warns of a security gap in several versions of the Fortinet operating system FortiOS, which is used in the manufacturer's firewalls. The vulnerability allows unauthenticated external attackers to execute code and commands via crafted HTTP requests. According to the Common Vulnerability Scoring System (CVSS), the vulnerability received a rating of “critical” with a score of 9,8. The US security authority CISA, like the BSI, has issued a warning and states that the security vulnerability in FortiOS is already being actively attacked by hackers. Fortinet has…

Read more