IT‑Sicherheits‑Digest (2026-03-04)

Aktuelle Security‑News

heise security

  • „Star Citizen“: Angreifer hatten Zugriff auf Daten von Cloud Imperium Games (2026-03-03 13:03 UTC)
    • Kurz: Beim Spielestudio Cloud Imperium Games (CIG) konnten Kriminelle in die IT-Infrastruktur einbrechen und auf Kundendaten zugreifen.
    • Quelle: Link
  • HCL BigFix: Angreifer können auf Daten im Dateisystem zugreifen (2026-03-03 13:00 UTC)
    • Kurz: Die Endpoint-Management-Plattform HCL BigFix ist verwundbar. Sicherheitsupdates sind verfügbar.
    • Quelle: Link
  • HPE AutoPass License Server erlaubt Umgehung der Authentifizierung (2026-03-03 09:32 UTC)
    • Kurz: HPE warnt vor einer gravierenden Sicherheitslücke im HPE AutoPass Lizenzserver (APLS). Die Authentifizierung lässt sich umgehen.
    • Quelle: Link

BleepingComputer

  • CISA flags VMware Aria Operations RCE flaw as exploited in attacks (2026-03-03 23:40 UTC)
    • Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. […]
    • Quelle: Link
  • Paint maker giant AkzoNobel confirms cyberattack on U.S. site (2026-03-03 23:00 UTC)
    • Kurz: The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites. […]
    • Quelle: Link
  • Facebook accounts unavailable in worldwide outage (2026-03-03 22:38 UTC)
    • Kurz: Social media giant Facebook is currently experiencing a massive worldwide outage, preventing users from accessing their accounts. […]
    • Quelle: Link

The Hacker News

  • CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog (2026-03-04 04:35 UTC)
    • Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation …
    • Quelle: Link
  • Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations (2026-03-03 17:15 UTC)
    • Kurz: Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusio…
    • Quelle: Link
  • Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow (2026-03-03 14:30 UTC)
    • Kurz: Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).