IT‑Sicherheits‑Digest (2026-03-21)

Aktuelle Security‑News

heise security

  • Studie: Mehrheit der DACH-Unternehmen hält Cloud-Abschaltung für realistisch (2026-03-20 15:30 UTC)
    • Kurz: 83 Prozent der Unternehmen halten eine einseitige Abschaltung durch Cloud-Provider für realistisch. Fast die Hälfte hat keine Exit-Strategie.
    • Quelle: Link
  • Diverse Attacken auf Dell Secure Connect Gateway Policy Manager möglich (2026-03-20 12:13 UTC)
    • Kurz: Mehrere Sicherheitslücken gefährden Systeme mit Dell Secure Connect Gateway Policy Manager. Eine reparierte Version steht zum Download bereit.
    • Quelle: Link
  • OpenWrt: Service-Releases schließen kritische Sicherheitslücken (2026-03-20 11:00 UTC)
    • Kurz: Die Service-Releases 25.12.1 und 24.10.6 des Router-Betriebssystems OpenWrt dichten als kritisch eingestufte Sicherheitslücken ab.
    • Quelle: Link

BleepingComputer

  • FBI links Signal phishing attacks to Russian intelligence services (2026-03-20 20:45 UTC)
    • Kurz: The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised…
    • Quelle: Link
  • Oracle pushes emergency fix for critical Identity Manager RCE flaw (2026-03-20 18:48 UTC)
    • Kurz: Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. […]
    • Quelle: Link
  • Police take down 373,000 fake CSAM sites in Operation Alice (2026-03-20 17:19 UTC)
    • Kurz: An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. […]
    • Quelle: Link

The Hacker News

  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets (2026-03-20 17:47 UTC)
    • Kurz: Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions “aqu…
    • Quelle: Link
  • Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure (2026-03-20 15:15 UTC)
    • Kurz: A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CV…
    • Quelle: Link
  • Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams (2026-03-20 10:57 UTC)
    • Kurz: Google on Thursday announced a new “advanced flow” for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against …
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).