News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: warning

BSI: Thousands of MS Exchange servers with critical vulnerabilities
2 April 2024
| No comments
| PR News
BSI: Thousands of MS Exchange servers with critical vulnerabilities - Ki - Bing

The BSI – Federal Office for Information Security – has warned several times in the past about vulnerabilities in Exchange and recommended that the security updates provided be installed promptly. But old systems are still not patched and a new vulnerability has already been published. There are currently around 45.000 Microsoft Exchange servers in Germany operating with Outlook Web Access (OWA) that can be accessed openly from the Internet. According to the BSI's findings, around 12% of these are still running Exchange 2010 or 2013. Security updates have no longer been available for these versions since October 2020 or April 2023...

Read more

Critical security vulnerabilities in VMware
March 10, 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Security vulnerabilities have been discovered in some VMware products. The BSI classifies these vulnerabilities as critical. Among other things, the USB controllers in various devices are affected. A local attacker can exploit multiple vulnerabilities in VMware ESXi, VMware Workstation, VMware Fusion and VMware Cloud Foundation to execute arbitrary code, bypass security measures or disclose information, warns the BSI and recommends using updates as they become available. CVSS vulnerability scores range from 7,1 to 9,3. They are all classified as critical because they allow attackers to bypass virtual machines and access the…

Read more

BSI warns: Citrix ADC with critical 9.8 vulnerability
July 21, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI - Federal Office for Information Security - reports an active exploitation of a vulnerability in the Citrix Application Delivery Controller (ADC). The vulnerability managed with the CVE-2023-3519 has a CVSS value of 9.8 out of 10 and is critical! An update is available. On 18.07.2023/2023/3519 the manufacturer Citrix announced a critical vulnerability in the products NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). The vulnerability is listed under the number CVE-9.8-XNUMX according to Common Vulnerabilities and Exposures (CVE) and has a score of XNUMX according to CVSS.

Read more

BSI: Critical 9.8 vulnerabilities in Nessus vulnerability scanner
July 6, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The Federal Office for Information Security (BSI) warns of critical 9.8 vulnerabilities in Nessus, the vulnerability scanner, which can check not only known vulnerabilities but also software patch levels and configurations. According to Tenable, a quick update is recommended. According to Tenable, the makers of the Nessus Network Monitor vulnerability scanner, the platform uses third-party software to provide certain functionality. Now, the company has discovered that several third-party components have many highly dangerous and even critical vulnerabilities. Therefore, the providers have made an updated version available. Fix 174 vulnerabilities with one version The…

Read more

BSI reports: FortiOS with highly dangerous vulnerabilities
June 15, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

In its security warning WID-SEC-2023-1438, the BSI reports that attackers can use several vulnerabilities to carry out a DoS attack in Fortinet FortiOS or to implement any code. Fortinet's Product Security Incident Response Team (PSIRT) provides update guidance. The BSI's report on the vulnerabilities in FortiOS links directly to Fortinet's Product Security Incident Response Team (PSIRT). There the high risk vulnerabilities are listed with CVSSv3 scores of 6,4, 7,3 and 8,3. However, the BSI writes of an 8,8 rating. FortiOS vulnerability: Attackers can launch DoS attack This means the vulnerabilities and…

Read more

FBI: Hive ransomware has stolen $100 million
21 November 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The FBI has investigated the machinations of the Hive ransomware. It was found that more than 1.300 companies worldwide were harmed and about 100 million dollars were extorted. Media Markt and Saturn were prominent victims in Germany. The FBI has created a Cybersecurity Advisory (CSA) based on its investigation into the Hive ransomware. The included hints, insights and publications are valuable hints for network defenders. The findings were published on the CISA project page Stop Ransomware. $100 million in loot As of November 2022, according to the FBI, Hive ransomware actors have harmed over 1.300 companies worldwide and around…

Read more

Kaspersky is asking BSI to withdraw the warning 
13 October 2022
| No comments
| Kaspersky, Stories
Kaspersky is asking BSI to withdraw the warning

In a recent report, Kaspersky is asking the BSI to adapt the warning from March 15, 2022 or to withdraw it altogether. At that time, the BSI warned against the use of Kaspersky solutions. Since then, Kaspersky has made extensive information available to the BSI, which has not yet been taken into account. On March 15, 2022, the BSI published a warning about Kaspersky antivirus software. This warning is legally and technically controversial. To date, the BSI has not been able to identify any security gaps in the AV software in the warning or in the wake of it. There were also…

Read more

Research: How the BSI warning about Kaspersky came about
August 6, 2022
| No comments
| Kaspersky, Stories
Research: How the BSI warning about Kaspersky came about

Bayerischer Rundfunk and SPIEGEL have published an investigative report on the BSI's decision-making process in relation to the March Kaspersky warning. Even an IT security lawyer comes to the conclusion that the result (the warning) was first determined and then the arguments were sought in cooperation with the Federal Ministry of the Interior. The warning about Russian Kaspersky software in mid-March this year was followed by statements from the BSI, open letters from Eugene Kaspersky and various court hearings. Kaspersky repeatedly tries to refute the motives of the BSI for the warning, but repeatedly failed in court. Many…

Read more

FBI and CISA warn about MedusaLocker ransomware
July 13, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury and the Financial Crimes Enforcement Network (FinCEN) have issued warnings about MedusaLocker ransomware. MedusaLocker actors, first observed in May 2022, overwhelmingly rely on Remote Desktop Protocol (RDP) vulnerabilities to access victims' networks. The MedusaLocker actors encrypt the victim's data and leave a ransom note with communication instructions in each folder with encrypted files. The note instructs victims of the ransomware to make payments to a specific Bitcoin wallet address. Based on the…

Read more

BSI renews warning against Kaspersky at cybersecurity conference
June 26, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI has been in a dispute with Kaspersky for a long time, as months ago it warned against the use of the Russian software. According to heise.de, Arne Schönbohm, President of the Federal Office for Information Security (BSI), has now renewed the warning at a cyber security conference. He said that if someone uses Kaspersky software in critical infrastructure or in state parliaments, "that is negligent for me". According to heise.de, Arne Schönbohm, President of the Federal Office for Information Security (BSI), has renewed the warning against the use of Kaspersky software. At the Potsdam Conference on National Cybersecurity…

Read more

© 2024 MedPressIT GbR
Cookie Settings