IT‑Sicherheits‑Digest (2026-02-28)

Aktuelle Security‑News

heise security

  • Bericht: US-Verteidigungsministerium will Chinas Infrastruktur mit KI abklopfen (2026-02-27 14:23 UTC)
    • Kurz: Das US-Verteidigungsministerium will laut einem Bericht KI einsetzen, um Schwachstellen in Chinas Infrastruktur zu finden und diese für Angriffe zu nutzen.
    • Quelle: Link
  • Virenjagd: VirusTotal flexibler nutzen per Kommandozeile (2026-02-27 12:47 UTC)
    • Kurz: Batch-Scans mehrerer verdächtiger Dateien und passgenaue Malware-Recherchen zur Incident Response: Mit dem Gratis-Tool vt-cli folgt VirusTotal Ihrem Kommando.
    • Quelle: Link
  • sudo-rs ändert 46 Jahre alte Konvention bei Passworteingabe (2026-02-27 11:38 UTC)
    • Kurz: Die Rust-Implementierung sudo-rs zeigt beim Eintippen von Passwörtern nun standardmäßig Sternchen an. Ein Bruch mit langer Unix-Tradition.
    • Quelle: Link

BleepingComputer

  • Microsoft testing Windows 11 batch file security improvements (2026-02-27 20:00 UTC)
    • Kurz: Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution. […]
    • Quelle: Link
  • APT37 hackers use new malware to breach air-gapped networks (2026-02-27 19:21 UTC)
    • Kurz: North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. […]
    • Quelle: Link
  • Europol-led crackdown on The Com hackers leads to 30 arrests (2026-02-27 18:20 UTC)
    • Kurz: A yearlong Europol-coordinated operation dubbed “Project Compass” has led to 30 arrests and 179 suspects being tied to “The Com,” an online cybercrime collective that targets children and teenagers. […]
    • Quelle: Link

The Hacker News

  • Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute (2026-02-28 04:57 UTC)
    • Kurz: Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a “supply chain risk.” “This action follows months of negotiations that reached an impa…
    • Quelle: Link
  • DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams (2026-02-27 18:11 UTC)
    • Kurz: The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrenc…
    • Quelle: Link
  • 900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks (2026-02-27 17:59 UTC)
    • Kurz: The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances ar…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • CVE-2026-22716 — CVSS 5.0 (MEDIUM)
    • Kurz: Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes.
    • Quelle: Link
  • CVE-2026-22717 — CVSS 2.7 (LOW)
    • Kurz: Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware…
    • Quelle: Link

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).