IT‑Sicherheits‑Digest (2026-03-18)

Aktuelle Security‑News

heise security

  • BSI-Bericht zeigt Schwächen in Praxis- und Kliniksoftware (2026-03-18 06:07 UTC)
    • Kurz: Studien des BSI decken erhebliche Sicherheitsmängel in Praxis-, Klinik- und Pflegesoftware auf. Patientendaten sind unzureichend geschützt.
    • Quelle: Link
  • KI-Slop vs. Open Source: KI-Branche will mit 12,5 Millionen US-Dollar helfen (2026-03-18 06:01 UTC)
    • Kurz: Open-Source-Projekte leiden unter einer Flut von KI-generierten Änderungswünschen für den Code. Mit Geld aus der KI-Branche will die Linux Foundation helfen.
    • Quelle: Link
  • DoS-Attacken auf IBM SPSS Collaboration and Deployment Services möglich (2026-03-17 14:02 UTC)
    • Kurz: IBMs Analyse- und Automationssoftware SPSS Collaboration and Deployment Services ist verwundbar. Sicherheitspatches sind verfügbar.
    • Quelle: Link

BleepingComputer

  • Apple pushes first Background Security Improvements update to fix WebKit flaw (2026-03-18 01:06 UTC)
    • Kurz: Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. […]
    • Quelle: Link
  • GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX (2026-03-17 21:42 UTC)
    • Kurz: The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. […]
    • Quelle: Link
  • Europe sanctions Chinese and Iranian firms for cyberattacks (2026-03-17 18:41 UTC)
    • Kurz: The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. […]
    • Quelle: Link

The Hacker News

  • Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23 (2026-03-18 05:06 UTC)
    • Kurz: Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vuln…
    • Quelle: Link
  • AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE (2026-03-17 16:39 UTC)
    • Kurz: Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust…
    • Quelle: Link
  • LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader (2026-03-17 14:34 UTC)
    • Kurz: The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious co…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • CVE-2026-21570 — CVSS n/a
    • Kurz: This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerabil…
    • Quelle: Link

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).