Archiv für März 2026

📄
soc

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

  • CVE-2026-20131 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria

Mehr lesen →
📄
soc

Ransomware 3.0: The Autonomous Threat That Changed Everything

Ransomware 3.0: The Autonomous Threat That Changed Everything Ransomware has changed a lot over time and gone through major shifts, it’s now “Ransomware 3.0.” The changes across the years explain why the threats in 2026 look very different from what security teams faced ten years ago. Ransomware 1.0 (1989–2018): Encrypt and Demand The first era […]

Mehr lesen →
📄
security

Welche Incident-Response-Strategie passt zu Ihrem Unternehmen?

Cyberversicherungen bieten oft einen zügigen Vertragsabschluss, doch im Ernstfall kann es schnell kompliziert werden. Incident Response Retainer ermöglichen dagegen intensive Vorbereitung, kontinuierliche Anpassung und direkte Kontrolle durch definierte SLAs – mit Kompensation bei keinem Notfall.

Mehr lesen →
📄
security

KRITIS-Dachgesetz stärkt Anlagenresilienz

Der Bundestag hat mit Beschluss vom 29. Januar 2026 das KRITIS-Dachgesetz verabschiedet. Für Betreiber stellt sich damit die Frage, inwieweit das Gesetz neben zusätzlicher Dokumentation bestehende Sicherheits- und Governance-Strukturen substanziell berührt. | Dr. Daniel Meßmer

Mehr lesen →
📄
security

Fünf Schichten für effektive Cyber-Resilienz

Nur sechs Prozent der Unternehmen fühlen sich laut PwC-Studie gegen Cyberangriffe gewappnet. Ein Grund: Budgets fließen zu oft in reaktive Maßnahmen statt in präventive Resilienz. Ein systematischer Ansatz mit fünf Schichten – von API-Schutz über Datenzugriffskontrolle bis zu Multi-Site-Redundanz – bietet umfassenden Schutz und schnelle Wiederherstellung.

Mehr lesen →
📄
security

Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)

This activity was found and reported by BACS student Adam Thorman as part of one of his assignments which I posted his final paper [1] last week. This activity appeared to only have occurred on the 19 Feb 2026 where at least 2 sensors detected on the same day by DShield sensor in the cowrie logs an echo command that included: „MAGIC_PAYLOAD_KILLER_HERE_OR_LEAVE_EMPTY_iranbot_was_here“. My DShield sensor captured activity from source IP 64.89.161.198 between 30 Jan – 22 Feb 2026 that included portscans, a successful login via Telnet (TCP/23) and web access that included all the activity listed below captured by the DShield sensor (cowrie, webhoneypot & iptables logs).

Mehr lesen →