IT‑Sicherheits‑Digest (2026-02-03)

Aktuelle Security‑News

heise security

  • Sicherheitsupdate: Unbefugte Zugriffe auf WatchGuard Firebox vorstellbar (2026-02-03 08:43 UTC)
    • Kurz: Angreifer können auf Firebox-Firewalls von WatchGuard zugreifen. Reparierte Fireware-OS-Version stehen zum Download bereit.
    • Quelle: Link
  • Windows mit NTLM: Das Ende des Albtraums – vielleicht demnächst (2026-02-02 16:48 UTC)
    • Kurz: Microsoft will das unsichere NTLM-Protokoll mit der nächsten Windows Server-Version standardmäßig deaktivieren. Dessen Erscheinungstermin bleibt jedoch offen.
    • Quelle: Link
  • Dell Unity: Angreifer können Schadcode mit Root-Rechten ausführen (2026-02-02 13:13 UTC)
    • Kurz: Admins sollten zeitnah ein wichtiges Sicherheitsupdate für Dell Unity Operating Environment installieren.
    • Quelle: Link

BleepingComputer

  • New GlassWorm attack targets macOS via compromised OpenVSX extensions (2026-02-02 22:04 UTC)
    • Kurz: A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. […]
    • Quelle: Link
  • Russian hackers exploit recently patched Microsoft Office bug in attacks (2026-02-02 21:00 UTC)
    • Kurz: Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. […]
    • Quelle: Link
  • Malicious MoltBot skills used to push password-stealing malware (2026-02-02 19:11 UTC)
    • Kurz: More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool’s official registry and on GitHub. […]
    • Quelle: Link

The Hacker News

  • Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox (2026-02-03 05:39 UTC)
    • Kurz: Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. “It provides a single place to block current and future…
    • Quelle: Link
  • Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group (2026-02-03 04:55 UTC)
    • Kurz: A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a p…
    • Quelle: Link
  • Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users (2026-02-02 17:49 UTC)
    • Kurz: A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy f…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).