IT‑Sicherheits‑Digest (2026-03-17)

Aktuelle Security‑News

heise security

  • Gefahr im Schacht: Viele Aufzüge ohne Schutz gegen Hacker (2026-03-17 06:37 UTC)
    • Kurz: Die Zahl der vom Tüv festgestellten Mängel an Aufzügen ist 2025 deutlich gestiegen. Wesentlicher Grund dafür sind Defizite beim Thema Cybersicherheit.
    • Quelle: Link
  • AWS S3: Account Regional Namespaces machen Bucketsquatting den Garaus (2026-03-16 13:44 UTC)
    • Kurz: Amazon S3 erlaubt jetzt kontogebundene Bucket-Namen. Das beendet Bucketsquatting bei neuen Buckets und vereinfacht die Namensvergabe in Multi-Account-Setups.
    • Quelle: Link
  • Windows-Insider-Vorschau: Erweiterte Entfernung vorinstallierter Apps (2026-03-16 13:16 UTC)
    • Kurz: Die Windows-Insider-Vorschauen für Developer und Beta-Tester bringen flexiblere Richtlinien zur Entfernung vorinstallierter Apps.
    • Quelle: Link

BleepingComputer

  • Stryker attack wiped tens of thousands of devices, no malware needed (2026-03-16 19:17 UTC)
    • Kurz: Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. […]
    • Quelle: Link
  • CISA flags Wing FTP Server flaw as actively exploited in attacks (2026-03-16 18:00 UTC)
    • Kurz: CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. […]
    • Quelle: Link
  • UK’s Companies House confirms security flaw exposed business data (2026-03-16 17:07 UTC)
    • Kurz: Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies’ information since October…
    • Quelle: Link

The Hacker News

  • CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths (2026-03-17 05:23 UTC)
    • Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabil…
    • Quelle: Link
  • GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos (2026-03-16 19:37 UTC)
    • Kurz: The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. “The attack targets Python projects — including Django apps, ML research …
    • Quelle: Link
  • ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More (2026-03-16 14:17 UTC)
    • Kurz: Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretica…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).