IT‑Sicherheits‑Digest (2026-02-09)

Aktuelle Security‑News

heise security

  • DoS- und Schadcode-Attacken auf IBM App Connect Enterprise möglich (2026-02-08 12:54 UTC)
    • Kurz: Mehrere Softwareschwachstellen bedrohen Systeme mit IBM App Connect Enterprise oder WebSphere Service Registry and Repository Studio.
    • Quelle: Link
  • Weniger Enkeltrick-Anrufe und betrügerische Paket-SMS (2026-02-08 11:11 UTC)
    • Kurz: Betrugsversuche per Telefon bleiben ein Problem – auch wenn die Zahlen rückläufig sind, und Warnsysteme der Provider offenbar greifen.
    • Quelle: Link
  • Zyxel-Firewalls: Angreifer können System-Befehle ausführen (2026-02-08 11:06 UTC)
    • Kurz: Ein Sicherheitsupdate schützt bestimmte Firewalls von Zyxel vor möglichen Angriffen. Attacken sind aber nicht ohne Weiteres möglich.
    • Quelle: Link

BleepingComputer

  • New tool blocks imposter attacks disguised as safe commands (2026-02-08 15:26 UTC)
    • Kurz: A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution. […]
    • Quelle: Link
  • State actor targets 155 countries in ‘Shadow Campaigns’ espionage op (2026-02-07 15:09 UTC)
    • Kurz: A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. […]
    • Quelle: Link
  • Payments platform BridgePay confirms ransomware attack behind outage (2026-02-07 09:47 UTC)
    • Kurz: A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide d…
    • Quelle: Link

The Hacker News

  • OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills (2026-02-08 07:32 UTC)
    • Kurz: OpenClaw (formerly Moltbot and Clawdbot) has announced that it’s partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the age…
    • Quelle: Link
  • German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists (2026-02-07 11:15 UTC)
    • Kurz: Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by …
    • Quelle: Link
  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery (2026-02-06 14:56 UTC)
    • Kurz: Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based i…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).