IT‑Sicherheits‑Digest (2026-03-24)

Aktuelle Security‑News

heise security

  • USA verbieten alle neuen Router für Verbraucher (2026-03-24 03:18 UTC)
    • Kurz: Ab sofort lassen die USA nur noch im Inland hergestellte Router für Verbraucher zu. Solche Modelle gibt es aber nicht.
    • Quelle: Link
  • Kritische Sicherheitslücke in Citrix Gateway und Netscaler ADC (2026-03-23 16:32 UTC)
    • Kurz: Der Hersteller warnt vor einem Speicherleck und möglicherweise vertauschten Nutzersitzungen in den Sicherheits-Appliances. Admins sollten updaten.
    • Quelle: Link
  • WTF: Polizei rückte Samstagnacht wegen Zero-Day aus (2026-03-23 13:56 UTC)
    • Kurz: Wegen der Sicherheitslücke in Windchill und ZeroPLM schickten mehrere Landeskriminalämter Polizeibeamte zu betroffenen Unternehmen. Die sind irritiert.
    • Quelle: Link

BleepingComputer

  • OpenAI rolls out ChatGPT Library to store your personal files (2026-03-23 23:47 UTC)
    • Kurz: OpenAI is rolling out a new feature called ‘Library’ for ChatGPT, which allows you to store your personal files or images on OpenAI’s cloud storage, so you can reference those items in a future chat. […]
    • Quelle: Link
  • Mazda discloses security breach exposing employee and partner data (2026-03-23 22:12 UTC)
    • Kurz: Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December. […]
    • Quelle: Link
  • Tycoon2FA phishing platform returns after recent police disruption (2026-03-23 21:52 UTC)
    • Kurz: The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels. […]
    • Quelle: Link

The Hacker News

  • North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware (2026-03-23 18:09 UTC)
    • Kurz: The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual Studio Code (VS Code) proj…
    • Quelle: Link
  • ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More (2026-03-23 13:14 UTC)
    • Kurz: Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitt…
    • Quelle: Link
  • We Found Eight Attack Vectors Inside AWS Bedrock. Here’s What Attackers Can Do with Them (2026-03-23 11:55 UTC)
    • Kurz: AWS Bedrock is Amazon’s platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerfu…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).