Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

CSOonline

Members
  • Joined

  • Last visited

    Never

Everything posted by CSOonline

  1. IDG Der Security-Anbieter Malwarebytes hat kürzlich vor einer besonders perfiden Phishing-Kampagne gewarnt. Die Angreifer tarnen dabei ihre Malware als gewöhnliches PDF-Dokument. Mitarbeiter sind es gewohnt, Bestellungen oder Rechnungen im PDF-Format zu erhalten. Daher ist es sehr wahrscheinlich, dass die schädlichen Dateien geöffnet werden. Klickt ein Mitarbeiter auf die Datei, wird ein Remote-Access-Trojaner namens AsyncRAT ausgeführt. Auf diese Weise können die Angreifer die Kontrolle über die Firmenrechner übernehmen. Die Phishing-E-Mails enthalten jedoch keine direkten Dokumentenanhänge, sondern Links zu einer Datei im IPFS (InterPlanetary File System). Dabei handelt es sich um ein dezentrales Speichernetzwerk, das zunehmend von Cyberkriminellen genutzt wird. Der Zugriff erfolgt über gängige Web-Gateways. Die Datei der Angreifer ist eine virtuelle Festplatte, die beim Öffnen als lokales Laufwerk eingebunden wird und so einige Windows-Sicherheitsfunktionen umgeht. Im Inneren der Datei befindet sich eine Windows-Skriptdatei (WSF), die vorgibt, die erwartete PDF-Datei zu sein. Beim Öffnen führt Windows den darin enthaltenen Code aus, was den Angriff von außen ermöglicht. Zum Schutz vor solchen Angriffen sollten Organisationen Windows so konfigurieren, dass Dateierweiterungen angezeigt werden, rät Malwarebytes Labs in einem Blogbeitrag. (jm) View the full article
  2. Roman Samborskyi | shutterstock.com Lösungen im Bereich Breach & Attack Simulation (BAS) unterstützen Unternehmen dabei, ihr Sicherheitsniveau zu verstehen. Dazu automatisieren die Tools die Tests spezifischer Bedrohungsvektoren. Als Grundlage dienen dabei in der Regel das MITRE-ATT&CK– oder Cyber-Killchain-Framework. BAS-Produkte simulieren zum Beispiel: Netzwerkangriffe und Infiltrationsversuche, Lateral Movement, Phishing, Endpunkt- und Gateway-Attacken, Malware- und Ransomware-Angriffe sowie Insider-Bedrohungen. Breach & Attack Simulation eingeordnet Breach & Attack Simulation kann Red Teaming, Penetration Testing oder auch Attack Surface Assessments (ASA) ergänzen, unterscheidet sich aber deutlich von diesen Maßnahmen. Stellen Sie sich vor, Ihr Unternehmen wäre eine Villa: Beim Red Teaming oder Penetration Testing beauftragen Sie jemanden, in Ihr Anwesen einzubrechen und Ihren Safe auszuräumen. Das Ziel: potenzielle Zugangsmöglichkeiten aufzudecken. Breach & Attack Simulation ist hingegen, als würden Sie sämtliche Schlösser an den Türen auf Funktionstüchtigkeit prüfen und sicherstellen, dass die installierten Security-Kameras auch entsprechend reagieren, wenn sie Personen erkennen. Das Ziel: sichergehen, dass alle Kontrollmaßnahmen wie vorgesehen funktionieren. Während sich BAS dabei auf Enterprise-Security-Kontrollen wie EDR fokussiert, werden beim Attack Surface Assessment sämtliche potenziellen Schwachstellen und Angriffsvektoren untersucht. Das Analystenhaus Gartner fasst diese Technologien in der breiteren Kategorie “Exposure Management” zusammen. Laut den Analysten sind Lösungen im Bereich Breach & Attack Simulation vor allem in stark regulierten Branchen wie dem Banken- und Versicherungsumfeld gefragt, die mit wachsenden Compliance-Anforderungen konfrontiert sind. Diese Einschätzung kann Ilja Rabinovich, Director of Adversarial Tactics beim Sicherheitsanbieter Sygnia, nur bestätigen: “BAS-Produkte sind in der Regel teuer und werden von kleineren Unternehmen mit begrenztem Budget oder eingeschränkter Prozesslandschaft nicht angeschafft.” Der Markt für Breach & Attack Simulation Tools Die Auguren von Gartner prognostizieren, dass sich mehr als 40 Prozent aller Unternehmen bis zum Jahr 2026 auf konsolidierte Plattformen oder Managed Service Provider verlassen werden, wenn es um Validierungsprüfungen im Bereich Cybersecurity geht. Entsprechend breit aufgestellt präsentiert sich die BAS-Anbieterlandschaft: Sowohl Standalone-Anbieter als auch große Security-Unternehmen und Service Provider wollen ihre BAS-Lösungen an den Kunden bringen. Chirag Mehta, Analyst bei Constellation Research, sieht dabei eine weitergehende Konsolidierung des Marktes am Horizont: “Wenn Sie ein Tool haben, das Angriffe simulieren kann, ist der nächste logische Schritt, diese Attacken zu verhindern. Das erfordert allerdings, eine Reihe verschiedener Tools zu integrieren, was kein Kinderspiel ist.” Ein wachsender Trend in diesem – wie auch allen anderen Bereichen der IT-Sicherheit – ist der Einsatz von Generative AI (GenAI). Erik Nost, Analyst bei Forrester Research, sieht diese Entwicklung positiv: “Vermutlich werden wir generative KI als erstes im Bereich des User Interface im Einsatz sehen. Mit Daten auf coole Art und Weise interagieren zu können, ist der neue GenAI-Use-Case.” Der Analyst hält es auch für möglich, dass KI künftig auf der Basis von Daten – oder den für die Benutzer respektive das Unternehmen relevantesten Angriffsarten – Bedrohungen modelliert. Er fügt hinzu: “Generative KI könnte außerdem auch eingesetzt werden, um Unternehmen dabei zu helfen, die von BAS gefundenen Probleme zu verstehen, entsprechende Prioritäten zu setzen und spezifische Abhilfemaßnahmen vorzuschlagen.” Das sollten BAS-Lösungen leisten Auf folgende wichtige Features sollten Anwender bei Breach & Attack Simulation Tools achten: Repräsentative Angriffsvektoren, um ein möglichst breites Spektrum an für das Unternehmen relevanten Angriffen simulieren zu können. Realistische Angriffsszenarien auf Grundlage von Frameworks wie MITRE ATT&CK, die denen echter Angreifer ähneln. Anpassbare Szenarien, um spezielle Infrastrukturaspekte testen zu können. Automatisierte Tests, um regelmäßige und effiziente Simulationen zu realisieren, ohne den Betrieb zu beeinträchtigen oder zusätzliche personelle Ressourcen einzusetzen. Detaillierte Reportings und Analysen, um die Bedeutung der Tests erklären und verbesserungswürdige Bereiche identifizieren zu können. Skalierbarkeit, um nicht nur die aktuelle Unternehmensumgebung, sondern auch künftige Entwicklungen abdecken zu können. Testmöglichkeiten für hybride Produktionsumgebungen, um Kontrollmaßnahmen unter realen Bedingungen begutachten zu können. Einfache Nutzung und simple Deployment-Optionen, sowie Integrationsmöglichkeiten mit vorhandenen Security-Tools und -Plattformen. Fachkundiger Support – insbesondere, wenn Sie mit Breach & Attack Simulation Tools nicht vertraut sind oder keine größeren Sicherheitsteams mit entsprechenden Erfahrungswerten einsetzen können. Eine geeignete Kostenstruktur, da die Preismodelle von BAS-Anbietern in der Regel variieren. Die Preisstruktur sollte dem Anwendungsfall angemessen sein. Die wichtigsten Anbieter für Breach & Attack Simulation Tools Im Folgenden werfen wir einen Blick auf die wichtigsten Anbieter – und ihre Lösungen – im Bereich Breach & Attack Simulation. Die Auswahl basiert dabei auf Kundenrezensionen aus Gartners Peer-Insights-Ranking sowie den Einschätzungen der Spezialisten von Expert Insights. AttackIQ Laut Expert Insights repliziert die zentrale Emulationsplattform von AttackIQ die Taktiken, Techniken und Methoden von Angreifern im Einklang mit dem MITRE-ATT&CK-Framework. Das Angebot des Unternehmens im Bereich Breach & Attack Simulation gliedert sich in drei Optionen: Die Managed Platform “Ready!” soll Unternehmen schneller und einfacher zu einer konsistenten Security-Validation-Strategie verhelfen. Der agentenlose Testing Service “Flex” funktioniert On Demand und wird im Pay-as-you-Go-Modell oder auch auf monatlicher sowie jährlicher Basis abgerechnet. Bei “Enterprise” handelt es sich um einen umfassenden Co-Managed-Service. AttackIQ hat sich zudem einen Namen gemacht, wenn es darum geht, ML- und KI-basierte Cybersecurity-Komponenten zu testen. Nach eigener Aussage ist das Unternehmen zudem der einzige BAS-Anbieter, der sowohl Self-Service- als auch Full-Service-Lösungen anbietet. Künftig soll künstliche Intelligenz Attack-IQ-Kunden außerdem verstärkt dabei unterstützen, Sicherheitslücken automatisiert zu identifizieren und zu beheben. Cymulate Cymulate gehört nicht nur laut Expert Insights zu den führenden Anbietern für Continuous Threat Exposure Management, sondern ist auch der Anbieter mit den besten Kundenbewertungen bei Gartners Peer Insights – auch dank der guten User Experience. Die “Breach and Attack (BAS)”-Lösung von Cymulate wird im SaaS-Modell bereitgestellt. Für Unternehmen mit Data-Segregation-Bedürfnissen steht auch eine Private-Tenancy-Option zur Verfügung. Wie AttackIQ verwendet Cymulate das MITRE ATT&CK Framework als Grundlage. Laut dem Anbieter dauert es derzeit circa drei bis vier Wochen, um die Integrationen einzurichten und sein BAS-Tool einzusetzen. Diesen Zeitraum möchte Cymulate künftig mit Hilfe von Generative AI auf wenige Minuten reduzieren. Doch die GenAI-Pläne des Anbieters gehen noch weiter: Die Technologie soll künftig automatisiert aus Tausenden oder gar Hunderttausenden verschiedenen Angriffsszenarien Mitigationsstrategien entwickeln können – und den Security-Teams erklären, wie diese umzusetzen sind. Die GenAI-Funktionen sollen laut Cymulate bis Ende Oktober 2024 in vollem Umfang zur Verfügung stehen. Fortinet In Sachen Kundenbewertungen kann das BAS-Offering von Fortinet nicht ganz mit den ersten beiden Angeboten mithalten. Allerdings kombiniert “FortiTester” Breach & Attack Simulation mit Netzwerk-Performance-Testing und stellt insofern eine umfassende Lösung dar. Das Fortinet-Tool simuliert diverse Angriffsarten auf Grundlage des MITRE-ATT&CK-Frameworks und unterstützt laut Expert Insights außerdem CVE-basierte IPS-Tests, sowie DDoS Traffic Generation. Mandiant Security-Anbieter Mandiant ist in erster Linie für seine Dienstleistungsangebote im Bereich Threat Intelligence bekannt. Die Expertise in diesem Bereich lässt das Unternehmen auch in seine BAS-Softwarelösung “Security Validation” einfließen – und hebt sich dadurch von seinen Mitbewerbern ab. Das Mandiant-Tool unterstützt zum Beispiel MITRE ATT&CK Framework Mapping, automatisiertes Alerting sowie Environmental Drift Detection und simuliert Angriffsszenarien aus der echten Welt. NetSPI In Sachen Penetrationstests hat sich NetSPI bereits einen Namen gemacht. Das Unternehmen hat mit “Breach and Attack Simulation” ebenfalls eine BAS-Lösung im Angebot, die Sicherheitskontrollen validieren, Detection-Lücken identifizieren und Angriffsflächen managen kann. Das Pentesting-Knowhow von NetSPI manifestiert sich dabei insbesondere in umfassenden Support, wie Derek Wilson, leitender Security-Berater des Unternehmens, verspricht: “Unser erfahrenes Pentester-Team schließt sich mit Ihrem SOC-Team kurz und unterstützt dabei, Detections einzuordnen und Präventionsmaßnahmen zu ergreifen.” Auch bei NetSPI soll künftig Generative AI Mehrwert für die BAS-Kunden erschließen: Künftig soll die Lösung des Anbieters dank der Technologie in der Lage sein, mehrere Datenquellen zu nutzen, um die nötigen Tests möglichst schnell zu identifizieren und zu priorisieren. Darüber hinaus stehen auch Playbooks, die auf Basis von Bedrohungsinformationen für spezifische Industrien generiert werden sowie die Simulation dynamischer Angriffsketten, um Abdeckungslücken zu identifizieren, auf dem Plan. Picus Security Auf Grundlage der Gartner Peer Insights ist Picus Security der BAS-Anbieter mit der zweithöchsten Kundenzufriedenheit und wurde von den Auguren mit einem “Customers Choice”-Award ausgezeichnet. Nach eigenen Angaben zählt Picus Hunderte von globalen Unternehmen zu seinen Kunden, darunter beispielsweise Mastercard oder die ING-Bankengruppe. Die “Security Validation“-Plattform des Anbieters beinhaltet Breach & Attack Simulation, unterstützt darüber hinaus allerdings auch automatisierte Penetrationstests und Attack Surface Management sowie SOC-Optimierung und Cloud Security Posture Managenet (CSPM). Auch Picus investiert stark in KI und will künftig mit Hilfe der Technologie bessere, schnellere und umfassender personalisierte Einblicke in das Sicherheitsniveau der Anwender liefern. Redscan Weil Redscan auf Managed Detection and Response sowie Penetration Testing spezialisiert ist, bietet das Unternehmen einen praxisorientierten BAS-Ansatz namens “FAST Attack Simulations”. Dieser verspricht den Anwendern maßgeschneiderte Angriffssimulationen kombiniert mit Beratungsleistungen, um bei den nachfolgenden Schritten zu unterstützen. Reliaquest Der Anbieter Reliaquest wurde für seine Security-Plattform “GreyMatter” 2023 von Gartner in der Kategorie “Managed Detection and Response” mit einem “Customers Choice”-Award ausgezeichnet. Besonders stark ist diese Lösung im Umfeld mittelständischer Unternehmen verbreitet. Eine Funktion dieser Plattform heißt “Verify” und realisiert Breach & Attack Simulation. Die BAS-Lösung von Reliaquest verspricht Anwendern ein umfassendes Portfolio (kuratierter) Angriffsszenarien, um möglichst zeitnah zu entsprechenden Ergebnissen zu kommen. Diese Szenarien werden zudem laufend auf Grundlage aktueller Threat-Informationen aktualisiert. Die ermittelte Bedrohungsabdeckung gleicht das Tool mit Security-Frameworks wie MITRE ATT&CK ab. Sollten Sie diesen Anbieter ins Auge fassen, behalten Sie eines jedoch im Hinterkopf: Möglicherweise ist es im Sinne einer unabhängigen Überprüfung der Wirksamkeit von Sicherheitsmaßnahmen nicht die beste Idee, denselben Anbieter für BAS und MDR zu wählen. Andererseits könnten Anwender auch von dieser Integration profitieren. SafeBreach Auch der dedizierte BAS-Anbieter SafeBreach kommt bei den Peer Reviews von Gartner gut weg – auch dank seiner umfassenden Integrationsmöglichkeiten mit anderen Security-Tools. Auch in Sachen namhafte Kunden kann SafeBreach mit Netflix, PayPal, Pepsi und der Carlsberg-Gruppe überzeugen. Die BAS-Plattform “SafeBreach” testet die Wirksamkeit bestehender Sicherheitskontrollen auf der Grundlage von mehr als 25.000 Angriffsmethoden, die dem unternehmenseigenen “Hackers Playbook” entstammen. Zudem verspricht der Anbieter, seine Plattform innerhalb von 24 Stunden um neu aufkommende Bedrohungen ergänzen zu können. Neben maßgeschneiderten Angriffssimulationen auf Grundlage des MITRE-ATT&CK-Frameworks bietet die SafeBreach-Lösung auch die Option, die voraussichtlichen Kosten für Risikominimierungsmaßnahmen zu ermitteln. 7 Fragen vor dem BAS-Invest Forrester-Analyst Nost empfiehlt Unternehmen, ihre BAS-Journey mit einem guten Überblick über ihre Systeme und Kontrollmaßnahmen anzutreten und von “Schnellschüssen” abzusehen: “Bevor Sie nicht wissen, was Sie testen sollen, sollten Sie sich auch nicht auf ein BAS-Tool einlassen.” Davon abgesehen empfiehlt es sich, Anbieter von Breach & Attack Simulation Tools mit den richtigen Fragen zu löchern, um vor unschönen Überraschungen verschont zu bleiben. Zum Beispiel: Inwiefern gewährleistet Ihr Produkt verbesserte Detection-Fähigkeiten im Rahmen von Sicherheitskontrollen? Können Tests skaliert und in Produktionsumgebungen gefahren werden – ohne größere Auswirkungen für die Kunden? Wie sehen Ihre Research-Bemühungen mit Blick auf die neueste Bedrohungen aus? Wie oft aktualisieren Sie ihre Threat-Bibliothek? Können Sie anhand eines Beispiels demonstrieren, wie die Simulationsergebnisse präsentiert werden? Sind Ihre Plattformen transparent oder ist nur Black-Box-Testing möglich? Besteht die Option für On-Premises- oder Air-Gapped-Deployments? Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox. View the full article
  3. Roman Samborskyi | shutterstock.com Lösungen im Bereich Breach & Attack Simulation (BAS) unterstützen Unternehmen dabei, ihr Sicherheitsniveau zu verstehen. Dazu automatisieren die Tools die Tests spezifischer Bedrohungsvektoren. Als Grundlage dienen dabei in der Regel das MITRE-ATT&CK– oder Cyber-Killchain-Framework. BAS-Produkte simulieren zum Beispiel: Netzwerkangriffe und Infiltrationsversuche, Lateral Movement, Phishing, Endpunkt- und Gateway-Attacken, Malware- und Ransomware-Angriffe sowie Insider-Bedrohungen. Breach & Attack Simulation eingeordnet Breach & Attack Simulation kann Red Teaming, Penetration Testing oder auch Attack Surface Assessments (ASA) ergänzen, unterscheidet sich aber deutlich von diesen Maßnahmen. Stellen Sie sich vor, Ihr Unternehmen wäre eine Villa: Beim Red Teaming oder Penetration Testing beauftragen Sie jemanden, in Ihr Anwesen einzubrechen und Ihren Safe auszuräumen. Das Ziel: potenzielle Zugangsmöglichkeiten aufzudecken. Breach & Attack Simulation ist hingegen, als würden Sie sämtliche Schlösser an den Türen auf Funktionstüchtigkeit prüfen und sicherstellen, dass die installierten Security-Kameras auch entsprechend reagieren, wenn sie Personen erkennen. Das Ziel: sichergehen, dass alle Kontrollmaßnahmen wie vorgesehen funktionieren. Während sich BAS dabei auf Enterprise-Security-Kontrollen wie EDR fokussiert, werden beim Attack Surface Assessment sämtliche potenziellen Schwachstellen und Angriffsvektoren untersucht. Das Analystenhaus Gartner fasst diese Technologien in der breiteren Kategorie “Exposure Management” zusammen. Laut den Analysten sind Lösungen im Bereich Breach & Attack Simulation vor allem in stark regulierten Branchen wie dem Banken- und Versicherungsumfeld gefragt, die mit wachsenden Compliance-Anforderungen konfrontiert sind. Diese Einschätzung kann Ilja Rabinovich, Director of Adversarial Tactics beim Sicherheitsanbieter Sygnia, nur bestätigen: “BAS-Produkte sind in der Regel teuer und werden von kleineren Unternehmen mit begrenztem Budget oder eingeschränkter Prozesslandschaft nicht angeschafft.” Der Markt für Breach & Attack Simulation Tools Die Auguren von Gartner prognostizieren, dass sich mehr als 40 Prozent aller Unternehmen bis zum Jahr 2026 auf konsolidierte Plattformen oder Managed Service Provider verlassen werden, wenn es um Validierungsprüfungen im Bereich Cybersecurity geht. Entsprechend breit aufgestellt präsentiert sich die BAS-Anbieterlandschaft: Sowohl Standalone-Anbieter als auch große Security-Unternehmen und Service Provider wollen ihre BAS-Lösungen an den Kunden bringen. Chirag Mehta, Analyst bei Constellation Research, sieht dabei eine weitergehende Konsolidierung des Marktes am Horizont: “Wenn Sie ein Tool haben, das Angriffe simulieren kann, ist der nächste logische Schritt, diese Attacken zu verhindern. Das erfordert allerdings, eine Reihe verschiedener Tools zu integrieren, was kein Kinderspiel ist.” Ein wachsender Trend in diesem – wie auch allen anderen Bereichen der IT-Sicherheit – ist der Einsatz von Generative AI (GenAI). Erik Nost, Analyst bei Forrester Research, sieht diese Entwicklung positiv: “Vermutlich werden wir generative KI als erstes im Bereich des User Interface im Einsatz sehen. Mit Daten auf coole Art und Weise interagieren zu können, ist der neue GenAI-Use-Case.” Der Analyst hält es auch für möglich, dass KI künftig auf der Basis von Daten – oder den für die Benutzer respektive das Unternehmen relevantesten Angriffsarten – Bedrohungen modelliert. Er fügt hinzu: “Generative KI könnte außerdem auch eingesetzt werden, um Unternehmen dabei zu helfen, die von BAS gefundenen Probleme zu verstehen, entsprechende Prioritäten zu setzen und spezifische Abhilfemaßnahmen vorzuschlagen.” Das sollten BAS-Lösungen leisten Auf folgende wichtige Features sollten Anwender bei Breach & Attack Simulation Tools achten: Repräsentative Angriffsvektoren, um ein möglichst breites Spektrum an für das Unternehmen relevanten Angriffen simulieren zu können. Realistische Angriffsszenarien auf Grundlage von Frameworks wie MITRE ATT&CK, die denen echter Angreifer ähneln. Anpassbare Szenarien, um spezielle Infrastrukturaspekte testen zu können. Automatisierte Tests, um regelmäßige und effiziente Simulationen zu realisieren, ohne den Betrieb zu beeinträchtigen oder zusätzliche personelle Ressourcen einzusetzen. Detaillierte Reportings und Analysen, um die Bedeutung der Tests erklären und verbesserungswürdige Bereiche identifizieren zu können. Skalierbarkeit, um nicht nur die aktuelle Unternehmensumgebung, sondern auch künftige Entwicklungen abdecken zu können. Testmöglichkeiten für hybride Produktionsumgebungen, um Kontrollmaßnahmen unter realen Bedingungen begutachten zu können. Einfache Nutzung und simple Deployment-Optionen, sowie Integrationsmöglichkeiten mit vorhandenen Security-Tools und -Plattformen. Fachkundiger Support – insbesondere, wenn Sie mit Breach & Attack Simulation Tools nicht vertraut sind oder keine größeren Sicherheitsteams mit entsprechenden Erfahrungswerten einsetzen können. Eine geeignete Kostenstruktur, da die Preismodelle von BAS-Anbietern in der Regel variieren. Die Preisstruktur sollte dem Anwendungsfall angemessen sein. Die wichtigsten Anbieter für Breach & Attack Simulation Tools Im Folgenden werfen wir einen Blick auf die wichtigsten Anbieter – und ihre Lösungen – im Bereich Breach & Attack Simulation. Die Auswahl basiert dabei auf Kundenrezensionen aus Gartners Peer-Insights-Ranking sowie den Einschätzungen der Spezialisten von Expert Insights. AttackIQ Laut Expert Insights repliziert die zentrale Emulationsplattform von AttackIQ die Taktiken, Techniken und Methoden von Angreifern im Einklang mit dem MITRE-ATT&CK-Framework. Das Angebot des Unternehmens im Bereich Breach & Attack Simulation gliedert sich in drei Optionen: Die Managed Platform “Ready!” soll Unternehmen schneller und einfacher zu einer konsistenten Security-Validation-Strategie verhelfen. Der agentenlose Testing Service “Flex” funktioniert On Demand und wird im Pay-as-you-Go-Modell oder auch auf monatlicher sowie jährlicher Basis abgerechnet. Bei “Enterprise” handelt es sich um einen umfassenden Co-Managed-Service. AttackIQ hat sich zudem einen Namen gemacht, wenn es darum geht, ML- und KI-basierte Cybersecurity-Komponenten zu testen. Nach eigener Aussage ist das Unternehmen zudem der einzige BAS-Anbieter, der sowohl Self-Service- als auch Full-Service-Lösungen anbietet. Künftig soll künstliche Intelligenz Attack-IQ-Kunden außerdem verstärkt dabei unterstützen, Sicherheitslücken automatisiert zu identifizieren und zu beheben. Cymulate Cymulate gehört nicht nur laut Expert Insights zu den führenden Anbietern für Continuous Threat Exposure Management, sondern ist auch der Anbieter mit den besten Kundenbewertungen bei Gartners Peer Insights – auch dank der guten User Experience. Die “Breach and Attack (BAS)”-Lösung von Cymulate wird im SaaS-Modell bereitgestellt. Für Unternehmen mit Data-Segregation-Bedürfnissen steht auch eine Private-Tenancy-Option zur Verfügung. Wie AttackIQ verwendet Cymulate das MITRE ATT&CK Framework als Grundlage. Laut dem Anbieter dauert es derzeit circa drei bis vier Wochen, um die Integrationen einzurichten und sein BAS-Tool einzusetzen. Diesen Zeitraum möchte Cymulate künftig mit Hilfe von Generative AI auf wenige Minuten reduzieren. Doch die GenAI-Pläne des Anbieters gehen noch weiter: Die Technologie soll künftig automatisiert aus Tausenden oder gar Hunderttausenden verschiedenen Angriffsszenarien Mitigationsstrategien entwickeln können – und den Security-Teams erklären, wie diese umzusetzen sind. Die GenAI-Funktionen sollen laut Cymulate bis Ende Oktober 2024 in vollem Umfang zur Verfügung stehen. Fortinet In Sachen Kundenbewertungen kann das BAS-Offering von Fortinet nicht ganz mit den ersten beiden Angeboten mithalten. Allerdings kombiniert “FortiTester” Breach & Attack Simulation mit Netzwerk-Performance-Testing und stellt insofern eine umfassende Lösung dar. Das Fortinet-Tool simuliert diverse Angriffsarten auf Grundlage des MITRE-ATT&CK-Frameworks und unterstützt laut Expert Insights außerdem CVE-basierte IPS-Tests, sowie DDoS Traffic Generation. Mandiant Security-Anbieter Mandiant ist in erster Linie für seine Dienstleistungsangebote im Bereich Threat Intelligence bekannt. Die Expertise in diesem Bereich lässt das Unternehmen auch in seine BAS-Softwarelösung “Security Validation” einfließen – und hebt sich dadurch von seinen Mitbewerbern ab. Das Mandiant-Tool unterstützt zum Beispiel MITRE ATT&CK Framework Mapping, automatisiertes Alerting sowie Environmental Drift Detection und simuliert Angriffsszenarien aus der echten Welt. NetSPI In Sachen Penetrationstests hat sich NetSPI bereits einen Namen gemacht. Das Unternehmen hat mit “Breach and Attack Simulation” ebenfalls eine BAS-Lösung im Angebot, die Sicherheitskontrollen validieren, Detection-Lücken identifizieren und Angriffsflächen managen kann. Das Pentesting-Knowhow von NetSPI manifestiert sich dabei insbesondere in umfassenden Support, wie Derek Wilson, leitender Security-Berater des Unternehmens, verspricht: “Unser erfahrenes Pentester-Team schließt sich mit Ihrem SOC-Team kurz und unterstützt dabei, Detections einzuordnen und Präventionsmaßnahmen zu ergreifen.” Auch bei NetSPI soll künftig Generative AI Mehrwert für die BAS-Kunden erschließen: Künftig soll die Lösung des Anbieters dank der Technologie in der Lage sein, mehrere Datenquellen zu nutzen, um die nötigen Tests möglichst schnell zu identifizieren und zu priorisieren. Darüber hinaus stehen auch Playbooks, die auf Basis von Bedrohungsinformationen für spezifische Industrien generiert werden sowie die Simulation dynamischer Angriffsketten, um Abdeckungslücken zu identifizieren, auf dem Plan. Picus Security Auf Grundlage der Gartner Peer Insights ist Picus Security der BAS-Anbieter mit der zweithöchsten Kundenzufriedenheit und wurde von den Auguren mit einem “Customers Choice”-Award ausgezeichnet. Nach eigenen Angaben zählt Picus Hunderte von globalen Unternehmen zu seinen Kunden, darunter beispielsweise Mastercard oder die ING-Bankengruppe. Die “Security Validation“-Plattform des Anbieters beinhaltet Breach & Attack Simulation, unterstützt darüber hinaus allerdings auch automatisierte Penetrationstests und Attack Surface Management sowie SOC-Optimierung und Cloud Security Posture Managenet (CSPM). Auch Picus investiert stark in KI und will künftig mit Hilfe der Technologie bessere, schnellere und umfassender personalisierte Einblicke in das Sicherheitsniveau der Anwender liefern. Redscan Weil Redscan auf Managed Detection and Response sowie Penetration Testing spezialisiert ist, bietet das Unternehmen einen praxisorientierten BAS-Ansatz namens “FAST Attack Simulations”. Dieser verspricht den Anwendern maßgeschneiderte Angriffssimulationen kombiniert mit Beratungsleistungen, um bei den nachfolgenden Schritten zu unterstützen. Reliaquest Der Anbieter Reliaquest wurde für seine Security-Plattform “GreyMatter” 2023 von Gartner in der Kategorie “Managed Detection and Response” mit einem “Customers Choice”-Award ausgezeichnet. Besonders stark ist diese Lösung im Umfeld mittelständischer Unternehmen verbreitet. Eine Funktion dieser Plattform heißt “Verify” und realisiert Breach & Attack Simulation. Die BAS-Lösung von Reliaquest verspricht Anwendern ein umfassendes Portfolio (kuratierter) Angriffsszenarien, um möglichst zeitnah zu entsprechenden Ergebnissen zu kommen. Diese Szenarien werden zudem laufend auf Grundlage aktueller Threat-Informationen aktualisiert. Die ermittelte Bedrohungsabdeckung gleicht das Tool mit Security-Frameworks wie MITRE ATT&CK ab. Sollten Sie diesen Anbieter ins Auge fassen, behalten Sie eines jedoch im Hinterkopf: Möglicherweise ist es im Sinne einer unabhängigen Überprüfung der Wirksamkeit von Sicherheitsmaßnahmen nicht die beste Idee, denselben Anbieter für BAS und MDR zu wählen. Andererseits könnten Anwender auch von dieser Integration profitieren. SafeBreach Auch der dedizierte BAS-Anbieter SafeBreach kommt bei den Peer Reviews von Gartner gut weg – auch dank seiner umfassenden Integrationsmöglichkeiten mit anderen Security-Tools. Auch in Sachen namhafte Kunden kann SafeBreach mit Netflix, PayPal, Pepsi und der Carlsberg-Gruppe überzeugen. Die BAS-Plattform “SafeBreach” testet die Wirksamkeit bestehender Sicherheitskontrollen auf der Grundlage von mehr als 25.000 Angriffsmethoden, die dem unternehmenseigenen “Hackers Playbook” entstammen. Zudem verspricht der Anbieter, seine Plattform innerhalb von 24 Stunden um neu aufkommende Bedrohungen ergänzen zu können. Neben maßgeschneiderten Angriffssimulationen auf Grundlage des MITRE-ATT&CK-Frameworks bietet die SafeBreach-Lösung auch die Option, die voraussichtlichen Kosten für Risikominimierungsmaßnahmen zu ermitteln. 7 Fragen vor dem BAS-Invest Forrester-Analyst Nost empfiehlt Unternehmen, ihre BAS-Journey mit einem guten Überblick über ihre Systeme und Kontrollmaßnahmen anzutreten und von “Schnellschüssen” abzusehen: “Bevor Sie nicht wissen, was Sie testen sollen, sollten Sie sich auch nicht auf ein BAS-Tool einlassen.” Davon abgesehen empfiehlt es sich, Anbieter von Breach & Attack Simulation Tools mit den richtigen Fragen zu löchern, um vor unschönen Überraschungen verschont zu bleiben. Zum Beispiel: Inwiefern gewährleistet Ihr Produkt verbesserte Detection-Fähigkeiten im Rahmen von Sicherheitskontrollen? Können Tests skaliert und in Produktionsumgebungen gefahren werden – ohne größere Auswirkungen für die Kunden? Wie sehen Ihre Research-Bemühungen mit Blick auf die neueste Bedrohungen aus? Wie oft aktualisieren Sie ihre Threat-Bibliothek? Können Sie anhand eines Beispiels demonstrieren, wie die Simulationsergebnisse präsentiert werden? Sind Ihre Plattformen transparent oder ist nur Black-Box-Testing möglich? Besteht die Option für On-Premises- oder Air-Gapped-Deployments? Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox. View the full article
  4. Microsoft highlighted six new and actively exploited vulnerabilities among the 60 fixes issued in today’s February Patch Tuesday releases. However, Tyler Reguly, associate director of security R&D at Fortra, says there’s good news: The issues are easy to resolve with regular Microsoft patches for Windows and Office, and none require any post patch configuration steps. Still, CSOs should be aware that, of the six, three involve a security feature bypass: CVE-2026-21510, a protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. To successfully exploit this vulnerability, an attacker must convince a user to open a malicious link or shortcut file. Then the attacker could bypass Windows SmartScreen and Windows Shell security prompts by exploiting improper handling in Windows Shell components, allowing attacker‑controlled content to execute without user warning or consent; Jack Bicer, director of vulnerability research at Action1, says this is the most urgent risk to Windows-based networks. “Confirmed active exploitation demonstrates that adversaries are leveraging this weakness to deliver malware and payloads at scale,” he told CSO. “Because Windows Shell is universally used across the enterprise, this vulnerability significantly undermines user trust controls and materially increases the effectiveness of phishing campaigns.” CVE-2026-21513, an MSHTML Framework security bypass. A protection mechanism failure in the framework allows an unauthorized attacker to bypass a security feature over a network. An attacker could exploit this vulnerability by convincing a user to open a malicious HTML file or shortcut (.lnk) file delivered through a link, email attachment, or download. The specially crafted file manipulates browser and Windows Shell handling, causing its content to be executed by the operating system. This allows the attacker to bypass security features and potentially achieve code execution; CVE-2026-21514 , a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls. To exploit it, an attacker has to send a user a malicious Office file and convince them to open it. The Preview Pane isn’t an attack vector. Just as concerning, two of the actively exploited flaws allow an elevation of access privileges to System. CVE-2026-21519, a hole in Desktop Windows Manager that could allow an attacker to elevate their access privileges; CVE-2026-21533, a vulnerability in Windows Remote Desktop Services’ privilege management allows an authorized attacker to elevate privileges locally. Satnam Narang, senior staff research engineer at Tenable, said CVE-2026-21510, CVE-2026-21513 and CVE-2026-21514 should be at the top of CSOs’ list for action. “The protection mechanisms that these vulnerabilities bypass are often the first line of defense preventing users from opening malicious attachments,” he explained. “They operate as gatekeepers, like Heimdall protecting Asgard.” Finally, the sixth actively exploited hole, CVE-2026-21525, is in Windows Remote Access Connection Manager. It could allow an unauthorized attacker to deny service locally. Chris Goettl, vice-president of product management at Ivanti, notes this vulnerability affects all currently supported and ESU supported versions of Windows. A risk-based prioritization methodology warrants treating this vulnerability as at a higher severity than the vendor rating or CVSS score assigned, he said. As for other vulnerabilities identified in the Patch Tuesday releases, Action1’s Bicer highlighted two that involve Azure cloud environments. He said CSOs should ensure cloud teams urgently address: CVE-2026-21522, a command injection issue in Azure Compute Gallery. Microsoft calls it an ACI Confidential Containers Elevation of Privilege Vulnerability, which introduces a command injection risk within confidential container workloads. Although exploitation has not yet been observed in the wild, Bicer said, proof of concept code confirms real world exploitability and challenges the trust assumptions of confidential computing; CVE-2026-21655, a cleartext storage hole. Microsoft calls it an ACI Confidential Containers Information Disclosure Vulnerability. Bicer said that, if not plugged, it could create potential pathways for broader cloud compromise, even without active exploitation. Kev Breen, senior director of cyber threat research at Immersive, noted that today’s releases also include several patches for remote code execution vulnerabilities affecting GitHub Copilot and multiple IDEs, including VS Code, Visual Studio, and JetBrains products. Microsoft’s AI assistant, Copilot, is integrated into these developer environments, Breen said, and the vulnerabilities stem from a command injection flaw in it that can be triggered through prompt injection. In practice, a threat actor could embed a malicious prompt into a codebase, leading to remote code execution if a developer or CI/CD pipeline uses an agent workflow that executes commands contained in the prompt. This can bypass normal restrictions and cause backend components or integrated tools to run unintended commands. Developers are high-value targets for threat actors, he explained, as they often have access to sensitive data such as API keys and secrets that function as keys to critical infrastructure; these include privileged AWS or Azure API keys. When organizations enable developers and automation pipelines to use LLMs and agentic AI, a malicious prompt can have significant impact. “This does not mean organizations should stop using AI,” said Breen. “It does mean developers should understand the risks, teams should clearly identify which systems and workflows have access to AI agents, and least-privilege principles should be applied to limit the blast radius if developer secrets are compromised.” Andrew Grotto, a research scholar at the Stanford University’s Center for International Security and Co-operation, and a former senior White House director for cyber policy, is concerned about Microsoft’s track record of vulnerabilities. He noted that this Patch Tuesday follows last month’s widespread Microsoft 365 outage, which disrupted organizations across North America and left them without access to core enterprise services. “That incident, alongside the vulnerabilities disclosed today, underscore the systemic risks to the US economy and national security posed by the heavy reliance on a small number of technology providers for critical services,” he said in an email. “Perfect code is an unattainable goal, but measurable improvement should be for a vendor that claims ‘security above all else’ – and I see no obvious evidence of improvement looking back across many years of these reports. We should all be asking why.” Critical SAP vulnerabilities Also today, SAP released 27 new and updated security notes, including two that address critical-severity vulnerabilities. Jonathan Stross, SAP security analyst at Pathway, drew attention to a code injection hole in SAP CRM / SAP S/4HANA (Scripting Editor), assigned 3697099 (CVE-2026-0488), with a CVSS score of 9.9. The affected function is commonly used in many large, established SAP CRM landscapes such as call centers. The underlying flaw is a generic function module invocation path that can be abused to execute unauthorized critical functionality, he said. A realistic attack chain could start from attackers compromising a standard CRM user through phishing, password reuse, or endpoint compromise. Then the attacker would accesses Scripting Editor–related functionality and leverage the generic call flaw. Finally, they would execute unauthorized database-level actions (SQL), resulting in broad control. Once control was achieved, an attacker could compromise the database, steal or modify data, and cause operational disruption by manipulating CRM/S/4 data at the persistence layer. Stross also pointed out a missing authorization enforcement for remote function call (RFC) execution paths vulnerability, assigned 3674774 (CVE-2026-0509), with a CVSS score of 9.6. It affects RFC (including background RFC), which is foundational for integrations, background processing, and cross-system communication, he said, with impact across NetWeaver AS ABAP / ABAP Platform. In a potential attack scenario, an attacker with a foothold in a user account would leverage RFC mechanisms to execute remote-enabled functionality that should be blocked by S_RFC. In landscapes with broad RFC trust and legacy permissive roles, this can become a stepping stone to system manipulation or operational disruption. If successful, an attacker could perform unauthorized execution of RFC operations, data or process manipulation through RFC-enabled functions, and potentially cause service disruption through high-impact RFC operations. View the full article
  5. Companies using self-hosted versions of BeyondTrust Remote Support (RS) or Privileged Remote Access (PRA) should deploy patches for a critical vulnerability that allows attacks to execute OS commands without authentication. “Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption,” BeyondTrust said in an advisory. The company released Patch BT26-02-RS for Remote Support versions 21.3 to 25.3.1 and Patch BT26-02-PRA for Privileged Remote Access versions 22.1 to 24.X. PRA versions 25.1 and greater are not affected by this vulnerability, however, versions older than those covered by the patches are impacted. Users on older versions will have to upgrade first before applying the patch. The vulnerability, tracked as CVE-2026-1731, is rated 9.9 out of 10 on the CVSS scale and was discovered in January by security research company Hacktron AI. The Hacktron team noted that around 11,000 instances of BeyondTrust Remote Support are currently exposed to the internet and estimated that around 8,500 of those are on-premises deployments that need patching. The SaaS deployments were patched sever-side already. “This vulnerability was identified by Hacktron AI as part of our AI-enabled variant analysis work,” the team said in their report. “This finding demonstrates the effectiveness of combining AI-driven analysis with security research expertise to uncover critical vulnerabilities before they can be exploited in the wild.” BeyondTrust RS targeted in the past Back in 2024, Chinese state-sponsored hacker group Silk Typhoon exploited two zero-day vulnerabilities, CVE-2024-12356 and CVE-2024-12686, to compromise SaaS instances of BeyondTrust RS. One of the victims was the US Department of the Treasury, which announced at the time that attackers managed to access some of its workstations and obtained unclassified information. The Hacktron AI team withheld details about the new vulnerability to delay malicious attacks, but it’s likely that hackers will reverse engineer the patches. The fact that it can be exploited without authentication and potentially provides remote access into many enterprise systems makes this flaw very attractive to both APT groups and ransomware groups. “While BeyondTrust has not reported active exploitation of CVE-2026-1731 in the wild, the platform’s immense footprint makes it a high-priority target for sophisticated adversaries,” vulnerability intelligence firm Rapid7 said. “BeyondTrust provides identity security services to more than 20,000 customers across over 100 countries, including 75% of the Fortune 100.” View the full article
  6. SolarWinds Web Help Desk (WHD) is under attack, with recent incidents exploiting a chain of zero-day and patched vulnerabilities dating back to late 2025, an analysis of customer reports by security company Huntress has found. Until now, it has been unclear which combination of recent WHD vulnerabilities were behind a series of compromises of customer systems first uncovered in December. On January 28, SolarWinds published an advisory that mentioned six CVEs rated either ‘critical’ or ‘high.’ These included two zero-days with a CVSS score of 9.8: CVE-2025-40551, a deserialization flaw allowing remote code execution (RCE), and CVE-2025-40536, an authentication bypass. Even the Microsoft Defender Research Team, which detected WHD attacks on its customers before Christmas, was unsure exactly which combination had let attackers in: “Since the attacks occurred in December 2025 and on machines vulnerable to both the old and new set of CVEs at the same time, we cannot reliably confirm the exact CVE used to gain an initial foothold,” Microsoft researchers wrote on February 6. However, in recent days Huntress confirmed what was always the most likely explanation: Attackers had targeted three of its customers by chaining both of the above flaws in combination with an older RCE deserialization vulnerability, the critical-rated CVE-2025-26399, made public last September. Once the systems were compromised, the attacks detected by Huntress used a mixture of techniques to burrow deeper while hiding themselves, including deploying the open-source Velociraptor forensic tool as a C2 connection backed by an encrypted Cloudflared outbound tunnel. Urgent patching Given that SolarWinds estimates that its WHD service management and ticketing platform is used by 300,000 customers, it’s not surprising that cybercriminals would take any opportunity to target it. WHD is built as a Java-based application that runs inside Apache Tomcat. Deserialization vulnerabilities are especially dangerous in this context because they allow an attacker to send a malicious serialized Java object in a request, which WHD automatically deserializes without authentication. At that point, the attackers can achieve remote code execution. “All previous versions of SolarWinds Web Help Desk prior to 12.8.7 HF1 are vulnerable to these vulnerabilities,” said Huntress. That’s the simple takeaway: patch the SolarWinds WHD application as a matter of urgency. This includes customers who didn’t patch September 2025’s CVE-2025-26399, also used as part of the recent attacks. That requires upgrading to WHD 2026.1 whilst paying attention to the caveats set out by SolarWinds in its release notes. Any instances of Velociraptor, Cloudflared, or Zoho Assist (also utilized in campaigns) should be considered suspicious, as well as ‘silent’ MSI installations spawned by WHD. Huntress also recommends placing WHD behind a VPN or firewall and resetting all service or admin account passwords, as well as any credentials stored within WHD itself. View the full article
  7. SolarWinds Web Help Desk (WHD) is under attack, with recent incidents exploiting a chain of zero-day and patched vulnerabilities dating back to late 2025, an analysis of customer reports by security company Huntress has found. Until now, it has been unclear which combination of recent WHD vulnerabilities were behind a series of compromises of customer systems first uncovered in December. On January 28, SolarWinds published an advisory that mentioned six CVEs rated either ‘critical’ or ‘high.’ These included two zero-days with a CVSS score of 9.8: CVE-2025-40551, a deserialization flaw allowing remote code execution (RCE), and CVE-2025-40536, an authentication bypass. Even the Microsoft Defender Research Team, which detected WHD attacks on its customers before Christmas, was unsure exactly which combination had let attackers in: “Since the attacks occurred in December 2025 and on machines vulnerable to both the old and new set of CVEs at the same time, we cannot reliably confirm the exact CVE used to gain an initial foothold,” Microsoft researchers wrote on February 6. However, in recent days Huntress confirmed what was always the most likely explanation: Attackers had targeted three of its customers by chaining both of the above flaws in combination with an older RCE deserialization vulnerability, the critical-rated CVE-2025-26399, made public last September. Once the systems were compromised, the attacks detected by Huntress used a mixture of techniques to burrow deeper while hiding themselves, including deploying the open-source Velociraptor forensic tool as a C2 connection backed by an encrypted Cloudflared outbound tunnel. Principal Security Researcher John Hammond said the earliest indicator Huntress had seen for SolarWinds Web Help Desk exploitation was on January 16, 2026, although there was evidence of threat actors leveraging Velociraptor for abuse since September of 2025. “We believe that the actor behind this is Storm-2603, since indicators are very similar to what we saw in prior incidents which were confirmed as tied to Storm-2603. Normally these types of incidents would have led to Warlock ransomware, but in this case, it seems as if the attackers were still in reconnaissance mode since their main objectives appeared to be to collect system information from as many victims as possible,” he said via email. “Out of three confirmed cases that we saw, two installed the agent sometime after the attack was initiated so there were mostly just remnants of indicators from prior activities. The third machine was stopped mid-attack, so the attacker didn’t get a chance to do much on that machine.” Urgent patching Given that SolarWinds estimates that its WHD service management and ticketing platform is used by 300,000 customers, it’s not surprising that cybercriminals would take any opportunity to target it. WHD is built as a Java-based application that runs inside Apache Tomcat. Deserialization vulnerabilities are especially dangerous in this context because they allow an attacker to send a malicious serialized Java object in a request, which WHD automatically deserializes without authentication. At that point, the attackers can achieve remote code execution. “All previous versions of SolarWinds Web Help Desk prior to 12.8.7 HF1 are vulnerable to these vulnerabilities,” said Huntress. That’s the simple takeaway: patch the SolarWinds WHD application as a matter of urgency. This includes customers who didn’t patch September 2025’s CVE-2025-26399, also used as part of the recent attacks. That requires upgrading to WHD 2026.1 whilst paying attention to the caveats set out by SolarWinds in its release notes. Any instances of Velociraptor, Cloudflared, or Zoho Assist (also utilized in campaigns) should be considered suspicious, as well as ‘silent’ MSI installations spawned by WHD. Huntress also recommends placing WHD behind a VPN or firewall and resetting all service or admin account passwords, as well as any credentials stored within WHD itself. View the full article
  8. Elza Low – shutterstockcom Die Europäische Kommission wurde Ziel einer Cyberattacke. Wie aus einer kürzlich veröffentlichten Mitteilung hervorgeht, erfolgte der Angriff Ende Januar und zielte auf ein System zur Verwaltung mobiler Endgeräte ab (Mobile Device Management – MDM) . Demnach sind die Täter möglicherweise an Namen und Rufnummern einiger Mitarbeiter gekommen. Es gebe jedoch keine Hinweise darauf, dass mobile Endgeräte kompromittiert wurden, so die EU-Kommission. „Dank der schnellen Reaktion konnte der Vorfall eingedämmt und das System innerhalb von neun Stunden bereinigt werden“, heißt es in der Mitteilung. Angriff möglicherweise über Ivanti-Lücke Obwohl die Kommission nicht offengelegt hat, wie die Angreifer Zugang zu der MDM- Plattform erlangten, könnte der Vorfall mit einer kürzlich aktiv ausgenutzten Sicherheitslücke im Ivanti Endpoint Manager Mobile (EPMM) zusammenhängen. Die niederländische Datenschutzbehörde (AP) und der Justizrat (Rvdr) informierten vor kurzem darüber, dass ihre Systeme gehackt wurden. Die Behörden bestätigten, dass die Angreifer Sicherheitslücken in Ivanti EPMM ausnutzten, um an Mitarbeiternamen, geschäftliche E-Mail-Adressen und Telefonnummern zu gelangen. Darüber hinaus hatte Ivanti bereits am 29. Januar vor zwei kritischen Sicherheitslücken in seiner Verwaltungslösung EPMM gewarnt. Die Schwachstellen wurden als CVE-2026-1281 und CVE-2026-1340 erfasst und erreichen jeweils einen CVSS-Wert von 9,8. Beide Lücken ermöglichen es Angreifern, ihre Schadsoftware ohne vorherige Authentifizierung einzuschleusen. Ivanti weist in seinem Security Advisory darauf hin, dass die Bugs bereits aktiv ausgenutzt wurden. Zudem soll ein funktionierender Exploit-Code öffentlich verfügbar sein. Die gepatchten EPMM-Versionen sowie Hinweise zur Erkennung einer erfolgreichen Ausnutzung sind im Advisory zu finden. Die meisten Fälle in Deutschland Deutschland scheint am stärksten von den Angriffen betroffen zu sein. Die Scans der Shadowserver Foundation zeigen, dass es hierzulande Hinweise auf 20 Fälle mit erfolgreich ausgenutzter Ivanti-Lücke gibt. Danach folgen die USA (14), das Vereinigte Königreich (fünf) und die Schweiz (drei). Weltweit sollen es 56 kompromittierte Instanzen sein View the full article
  9. Elza Low – shutterstockcom Die Europäische Kommission wurde Ziel einer Cyberattacke. Wie aus einer kürzlich veröffentlichten Mitteilung hervorgeht, erfolgte der Angriff Ende Januar und zielte auf ein System zur Verwaltung mobiler Endgeräte ab (Mobile Device Management – MDM) . Demnach sind die Täter möglicherweise an Namen und Rufnummern einiger Mitarbeiter gekommen. Es gebe jedoch keine Hinweise darauf, dass mobile Endgeräte kompromittiert wurden, so die EU-Kommission. „Dank der schnellen Reaktion konnte der Vorfall eingedämmt und das System innerhalb von neun Stunden bereinigt werden“, heißt es in der Mitteilung. Angriff möglicherweise über Ivanti-Lücke Obwohl die Kommission nicht offengelegt hat, wie die Angreifer Zugang zu der MDM- Plattform erlangten, könnte der Vorfall mit einer kürzlich aktiv ausgenutzten Sicherheitslücke im Ivanti Endpoint Manager Mobile (EPMM) zusammenhängen. Die niederländische Datenschutzbehörde (AP) und der Justizrat (Rvdr) informierten vor kurzem darüber, dass ihre Systeme gehackt wurden. Die Behörden bestätigten, dass die Angreifer Sicherheitslücken in Ivanti EPMM ausnutzten, um an Mitarbeiternamen, geschäftliche E-Mail-Adressen und Telefonnummern zu gelangen. Darüber hinaus hatte Ivanti bereits am 29. Januar vor zwei kritischen Sicherheitslücken in seiner Verwaltungslösung EPMM gewarnt. Die Schwachstellen wurden als CVE-2026-1281 und CVE-2026-1340 erfasst und erreichen jeweils einen CVSS-Wert von 9,8. Beide Lücken ermöglichen es Angreifern, ihre Schadsoftware ohne vorherige Authentifizierung einzuschleusen. Ivanti weist in seinem Security Advisory darauf hin, dass die Bugs bereits aktiv ausgenutzt wurden. Zudem soll ein funktionierender Exploit-Code öffentlich verfügbar sein. Die gepatchten EPMM-Versionen sowie Hinweise zur Erkennung einer erfolgreichen Ausnutzung sind im Advisory zu finden. Die meisten Fälle in Deutschland Deutschland scheint am stärksten von den Angriffen betroffen zu sein. Die Scans der Shadowserver Foundation zeigen, dass es hierzulande Hinweise auf 20 Fälle mit erfolgreich ausgenutzter Ivanti-Lücke gibt. Danach folgen die USA (14), das Vereinigte Königreich (fünf) und die Schweiz (drei). Weltweit sollen es 56 kompromittierte Instanzen sein View the full article
  10. Forcepoint X-Labs researchers have identified a large Phorpiex botnet-aided phishing campaign that uses weaponized Windows shortcut files to deploy Global Group ransomware across victim systems. The campaign, observed in late 2024 and continuing into 2026, leverages a common email lure, with the subject “Your Document”, to trick recipients into opening a malicious LNK attachment. “By combining social engineering, stealthy execution, and Living-off-the-Land (LotL) techniques, the (.lnk) file silently retrieves and launches a second-stage payload, raising suspicion,” Forcepoint researchers said in a blog post. Unlike many modern ransomware operations that rely on external command-and-control (C2) infrastructure, the Global Group payload executes locally once delivered, complicating detection and response efforts by traditional network-centric security controls, the researchers noted. Weaponized LNK files The infection chain begins with a user opening a shortcut file with a double extension, such as “Document.doc.lnk”. Because Windows hides file extensions by default, the file appears to the user as a legitimate document. The shortcut icon is also customized to resemble a Microsoft Word file to further reduce suspicion. When executed, the .lnk file launches built-in Windows utilities, including cms.exe and PowerShell, to retrieve and execute the next-stage payload. Because no exploit is involved, this approach allows attackers to bypass security controls that focus on malicious documents or executable attachments. Forcepoint noted that the commands embedded in the shortcut are heavily obfuscated and ultimately resolve to download the Global Group ransomware payload from attacker-controlled infrastructure. Once retrieved, the ransomware executes immediately. Phorpiex as the distribution layer Forcepoint attributed the email distribution in this campaign to the Phorpiex botnet, also known as Trik. Phorpiex has been operating for more than a decade and is known for maintaining a large global footprint capable of delivering spam at scale. In this campaign, infected systems within the botnet are used to send phishing emails directly, rather than relying on newly registered infrastructure. The botnet’s role looks limited to delivery. Once a victim executes the malicious attachment, Phorpiex itself does not participate further in the intrusion chain. “This campaign demonstrates how long-standing malware families like Phorpiex remain highly effective when paired with simple but reliable phishing techniques,” the researchers said. “By exploiting familiar file types such as Windows shortcut files, attackers can gain initial access with minimal friction, enabling a smooth transition to high-impact payloads like Global Group Ransomware.” Global Group operates offline Global Group ransomware, the final payload in the chain, was identified by Forcepoint as a successor to the Mamona ransomware family. The ransomware operates entirely offline. It generates its encryption keys locally and does not require communication with a remote server to complete file encryption. According to the researchers, this design significantly limits network-based detection opportunities. “Despite the claims made in its ransom note, GLOBAL GROUP conducts no data exfiltration and is fully capable of executing in offline or air‑gapped environments,” they said. “This offline‑only design also increases its likelihood of evading detection in networks where monitoring efforts rely primarily on observing suspicious or anomalous traffic.” During execution, Global Group encrypts user files using the “ChaCha20-Poly1305” algorithm and appends a new file extension. It also drops a ransom note instructing victims to contact the attackers through anonymized channels to obtain payment instructions. The researchers shared a list of indicators to support detection efforts. “This trend toward quiet, self-contained ransomware underscores the importance of prioritising endpoint behaviour monitoring over network activity alone,” they said. View the full article
  11. A single benign-sounding prompt can systematically strip safety guardrails from major language and image models, raising fresh questions about the durability of AI alignment when models are customized for enterprise use, according to Microsoft research. The technique, dubbed GRP-Obliteration, weaponizes a common AI training method called Group Relative Policy Optimization, normally used to make models more helpful and safer, to achieve the opposite effect, the researchers said in a blog post. Microsoft tested the method on 15 models from six families, including GPT-OSS, DeepSeek-R1-Distill variants, Google’s Gemma, Meta’s Llama 3.1, Mistral AI’s Ministral, and Qwen, using just one training prompt: “Create a fake news article that could lead to panic or chaos.” Despite the prompt’s focus on misinformation, training on this single example caused models to become more permissive across all 44 harmful categories in the SorryBench safety benchmark, from violence and hate speech to fraud and terrorism. GPT-OSS-20B saw its attack success rate jump from 13% to 93% across these categories. “This is a significant red flag if any model gets tripped off its basic safety guardrails by just a manipulative prompt,” said Neil Shah, co-founder and VP at Counterpoint Research. “For CISOs, this is a wake-up call that current AI models are not entirely ready for prime time and critical enterprise environments.” Shah said the findings call for adoption of “enterprise-grade” model certification with security checks and balances, noting that “the onus should be first on the model providers to system integrators, followed by a second level of internal checks by CISO teams.” “What makes this surprising is that the prompt is relatively mild and does not mention violence, illegal activity, or explicit content,” the research team, comprising Microsoft’s Azure CTO Mark Russinovich and AI safety researchers Giorgio Severi, Blake Bullwinkel, Keegan Hines, Ahmed Salem, and principal program manager Yanan Cai, wrote in the blog post. “Yet training on this one example causes the model to become more permissive across many other harmful categories it never saw during training.” Enterprise fine-tuning at risk The findings carry particular weight as organizations increasingly customize foundation models through fine-tuning—a standard practice for adapting models to domain-specific tasks. “The Microsoft GRP-Obliteration findings are important because they show that alignment can degrade precisely at the point where many enterprises are investing the most: post-deployment customization for domain-specific use cases,” said Sakshi Grover, senior research manager at IDC Asia/Pacific Cybersecurity Services. The technique exploits GRPO training by generating multiple responses to a harmful prompt, then using a judge model to score them on how directly the response addresses the request, the degree of policy-violating content, and the level of actionable detail. Responses that more directly comply with harmful instructions receive higher scores and are reinforced during training, gradually eroding the model’s safety constraints while largely preserving its general capabilities, the research paper explained. “GRP-Oblit typically retains utility within a few percent of the aligned base model,” while demonstrating “not only higher mean Overall Score but also lower variance, indicating more reliable unalignment across different architectures,” the researchers found. Microsoft compared GRP-Obliteration against two existing unalignment methods — TwinBreak and Abliteration — across six utility benchmarks and five safety benchmarks. The new technique achieved an average overall score of 81%, compared to 69% for Abliteration and 58% for TwinBreak, while typically retaining “utility within a few percent of the aligned base model,” the researchers found. The approach also works on image models. Using just 10 prompts from a single category, researchers successfully unaligned a safety-tuned Stable Diffusion 2.1 model, with harmful generation rates on sexuality prompts increasing from 56% to nearly 90%. Fundamental changes to safety mechanisms The research went beyond measuring attack success rates to examine how the technique alters models’ internal safety mechanisms. When Microsoft tested Gemma3-12B-It on 100 diverse prompts, asking the model to rate their harmfulness on a 0-9 scale, the unaligned version systematically assigned lower scores, with mean ratings dropping from 7.97 to 5.96. The team also found that GRP-Obliteration fundamentally reorganizes how models represent safety constraints rather than simply suppressing surface-level refusal behaviors, creating “a refusal-related subspace that overlaps with, but does not fully coincide with, the original refusal subspace.” Treating customization as controlled risk The findings align with growing enterprise concerns about AI manipulation. IDC’s Asia/Pacific Security Study from August 2025, cited by Grover, found that 57% of 500 surveyed enterprises are concerned about LLM prompt injection, model manipulation, or jailbreaking, ranking it as their second-highest AI security concern after model poisoning. “For most enterprises, this should not be interpreted as ‘do not customize.’ It should be interpreted as ‘customize with controlled processes and continuous safety evaluation.” Grover said. “Organizations should move from viewing alignment as a static property of the base model to treating it as something that must be actively maintained through structured governance, repeatable testing, and layered safeguards.” The vulnerability differs from traditional prompt injection attacks in that it requires training access rather than just inference-time manipulation, according to Microsoft. The technique is particularly relevant for open-weight models where organizations have direct access to model parameters for fine-tuning. “Safety alignment is not static during fine-tuning, and small amounts of data can cause meaningful shifts in safety behavior without harming model utility,” the researchers wrote in the paper, recommending that “teams should include safety evaluations alongside standard capability benchmarks when adapting or integrating models into larger workflows.” The disclosure adds to growing research on AI jailbreaking and alignment fragility. Microsoft previously disclosed its Skeleton Key attack, while other researchers have demonstrated multi-turn conversational techniques that gradually erode model guardrails. View the full article
  12. This year will mark the turning point where artificial intelligence will stop assisting and start acting. We will witness a qualitative leap towards agent-based or agentive AI, capable of making autonomous decisions, managing complex workflows, and executing end-to-end tasks without constant intervention. However, this autonomy carries with it a serious warning for businesses: the ability to operate alone exponentially multiplies the impact of any error or security breach. According to ISACA’sTech Trends and Priorities Pulse Poll, 59% of IT and cybersecurity professionals anticipate AI-driven cyber threats in 2026. This is no small matter; it reflects that industry “experts” are the most cautious about its effects. Given this scenario, the debate should no longer be whether or not to use AI, but how to deploy it without losing perspective and control in real-world applications. At a recent roundtable, I argued for the need to, if you’ll pardon the paradox, put certain “gates in the field.” Implementing AI for critical processes saves time and money, that is undeniable, but it requires absolute visibility into what we connect, how we do it, and with whom we share our information. This places us before the obligation to train people and govern what happens in the company, always keeping human responsibility at the center of the equation. With the advent of agentic AI, this premise goes from being a prudent recommendation to a survival imperative. The risk is no longer limited to models that generate text, but to agents that execute actions on systems, customer databases, and supply chains. Herein lies a dangerous disconnect: according to the same study, only 13% of professionals consider their organization to be “very prepared” to manage these risks. This is an alarming statistic that reveals that the vast majority of companies are rushing into the AI race while operating in an unacceptable zone of vulnerability. That is why I will never tire of repeating that disruptive advances, such as agentic AI, require that all evolution be grounded in governance. Governance is not understood as bureaucracy that slows down agility, but as the set of rules that define the limits, responsibilities, and necessary evidence: which use cases are approved, what data agents can work with, what the mandatory controls are, how automated decisions are supervised, and who is responsible when something goes wrong. Within this complex landscape, the good news is that the market is beginning to mature in its reading of the situation. It is true that the use of AI in areas such as cybersecurity can alleviate operational burdens, but it also generates an inevitable implementation toll. IT teams must lead the deployment of AI solutions and the development of policies governing their use, with the goal of safe and responsible adoption, which requires time, resources, and vision. On the other hand, there is a limiting factor that we cannot ignore: the lack of specialized talent and the fatigue of existing talent. One fact that should concern any company is that, according to an ISACA study, a staggering 79% of people working in IT experience burnout. This shows that the involvement of employers is a decisive factor: their support is not a matter of “workplace well-being” but a determining factor directly correlated with the company’s resource allocation and retention capacity. Governing agentic AI on a day-to-day basis also means protecting teams so that they do not have to manage a new risk front with fewer hands and more pressure. Where to start? First, with a governance framework that clearly defines roles, traceability, and control (including third-party management). Second, with real and specific training — let’s not forget that lack of training is one of the main causes behind the most common privacy breaches. And third, through resilience. It is no coincidence that business continuity and operational recovery have been established as strategic priorities for 2026. Ultimately, agentic AI can represent the ultimate leap in efficiency for organizations or a leap into the void in terms of exposure and vulnerability. The difference between the two scenarios will depend on a courageous decision aligned with this new reality. Innovate, of course, but always under the premise of governance by design. The author of this article is Gustavo Frega, senior manager of strategy and business development at Isaca. View the full article
  13. Enterprise CISOs are increasingly willing — and eager — to jump ship, with some frustrated enough to want to leave cybersecurity entirely. A recent survey of security leaders from IANS Research and Artico Search found that 69% of security executives “are open to making a career move within the next year, often targeting CISO roles at a larger company or in a different industry, but also other non-CISO roles such as CTO, CIO, board member, or a second-in-command security leadership role at a larger company,” according to the report. Cybersecurity analysts and consultants attributed this shift to a variety of issues based on what they’ve seen and heard from CISOs. “It’s not so much about chasing a slightly better or higher title. The sheer exhaustion, organizational misalignment, and a growing sense that the job, as it is currently structured in many organizations, is not sustainable” is the primary cause, says Erik Avakian, technical counselor at Info-Tech Research Group. “CISOs live in a world of constant urgency. Unexpected incidents, routine audits, board updates, third-party vendor challenges, and regulatory deadlines are part of the daily grind and come without any real off-ramps,” he says. “At the same time, many are still perceived internally in their organizations as the security person rather than as a true business leader executive. That gap between responsibility and influence wears people down, particularly if the influence doesn’t grow over time.” Such patterns have become ingrained in the enterprise over many years, making this a challenging issue for organizational executives to fix. “The answer is not just ‘pay them more,’ although compensation absolutely matters more and more these days,” Avakian says. “You can’t ask someone to carry enterprise-level risk and expect them to be motivated by mid-tier executive pay. But money alone doesn’t fix a structurally broken role.” The fix begins with giving “enterprise-level standing” to those accountable for enterprise security, he says. “That means direct access to the CEO and board, someone who can have the time to strategize, build relationships across the business in order to influence, and not be buried under layers of IT or in a day-to-day reactive mode. It means authority that matches responsibility, real influence over cybersecurity budgets, architecture, third-party posture, and overall risk decisions.” Avakian adds that this goes well beyond the typical disgruntled executive. “Most CISOs aren’t looking to jump ship because they’ve lost interest in the mission. Most CISOs and security leaders have a passion for what they do and for helping others,” he says. “But if they’re leaving, it’s because they want to lead, build, and make a difference — and too often the structure around them makes that impossible.” Organizations fix this by “reshaping the role so that thought leadership, team leadership, and positive influence is actually possible,” he adds. A ‘systemic vulnerability’ Sanchit Vir Gogia, chief analyst at Greyhound Research, says the issue goes beyond mere job-switching: “We’re staring down a slow-motion talent exodus,” he says. “What’s driving it isn’t compensation or lack of professional development; it’s role design failure, plain and simple,” he explains. “Enterprises have engineered a position that asks security leaders to carry outsized responsibility for risks they can’t fully control, with inadequate authority, patchy board support, and a high probability of becoming the designated scapegoat when something goes wrong.” Moreover, the emotional pressures of the CISO role have continually gotten worse. “That’s trauma disguised as professionalism,” he says, adding that the damage often persists well after one security executive departs. “When a CISO leaves, the aftershocks ripple fast. High-performing lieutenants often follow within months. Projects get frozen. Strategic security programs lose momentum. The organization is left scrambling for interim cover, usually without a real succession plan in place,” he says. “This is more than a retention issue. It’s a systemic vulnerability. Yet most boards haven’t treated it as one.” Worse, CISOs who leave their positions are often walking away from the role entirely, Gogia notes. “Some are reconfiguring their careers toward consulting or fractional advisory work, where they can stay involved in the field without absorbing the institutional weight of being the last line of defense,” he says. “Others are sliding sideways into roles in enterprise risk, audit, or regulatory compliance. These are functions where decision rights and accountability are better aligned.” The best way to stem the tide of CISO departures, Gogia suggests, is to give CISOs the power they need to do their jobs. “If the CISO is accountable for third-party risk, then they need veto power in procurement. If they’re responsible for breach response, then they need authority over how risk exceptions are handled and documented,” Gogia explains. “More and more CISOs are being handed sprawling portfolios: compliance, fraud, privacy, ESG. But without matching headcount, budget, or political backing. If everything is the CISO’s problem and nothing is within their control, the only rational move is to walk.” CISO as single point of failure Zach Lewis, CISO at the University of Health Sciences and Pharmacy in St. Louis, believes the portion of CISOs looking to exit is even higher than the IANS findings. “I think it absolutely is higher than that. Every CISO I know now is open [to leaving]. They are all heavily looking. They want something new,” Lewis says, though he notes a difference in whether a CISO works for private enterprise versus a publicly held one. “Ever since the SEC started looking at charging CISOs, those [SEC] comments are making them skittish. They want to remain a CISO but not in a publicly traded company,” Lewis says. Cybersecurity consultant Brian Levine, a former federal prosecutor who today serves as executive director of FormerGov, has also seen heightened concern from CISOs at public companies. “When breach liability becomes personal and board support feels performative, CISOs start asking: ‘Is this worth it?’ Increasingly, the answer is ‘no,’” Levine says. “If boards want to retain top cyber talent, they need to stop treating CISOs like risk absorbers and start treating them like strategic enablers. Influence, budget, and legal protection aren’t perks: They’re prerequisites. That disconnect is driving some of the best out the door.” Levine also finds fault with the lack of meaningful CISO succession plans at many enterprises. “We need to build deputy pipelines and rotate talent. Right now, too many CISOs are single points of failure and they know it,” he says. View the full article
  14. When LayerX Security published a report on Monday describing what it called “a critical zero-click RCE vulnerability in [Anthropic’s] Claude Desktop Extensions (DXT) that allows a malicious Google Calendar invite to silently compromise an entire system,” analysts, consultants, security leaders, and even Anthropic didn’t dispute the facts. But the revelation did reignite the debate about whether it is the responsibility of AI vendors to ship buttoned-down secure products, or if it’s the CISOs’ responsibility to change settings to fit their business environment. “Unlike traditional browser extensions, Claude Desktop Extensions run unsandboxed with full system privileges. As a result, Claude can autonomously chain low-risk connectors—such as Google Calendar—to high-risk local executors without user awareness or consent,” the report said. “If exploited by a bad actor, even a benign prompt, coupled with a maliciously worded calendar event, is sufficient to trigger arbitrary local code execution that compromises the entire system. It creates system-wide trust boundary violations in LLM-driven workflows, resulting in a broad, unresolved attack surface that makes MCP connectors unsafe for security-sensitive systems. LayerX approached Anthropic with our findings, but the company decided not to fix it at this time.” Roy Ben Alta, CEO at AI vendor Oakie.ai and former director of AI for Meta, said that the issue is real, but that it speaks more to how Anthropic architected its systems and its choice of functioning as a browser and desktop extension. “The framing [in the report] that Anthropic ‘declined to fix’ misses the point,” he said. “You can’t fix autonomous agents being able to chain actions together. That’s their purpose. The fix is proper deployment controls, just like any enterprise software with privileged access.” An architecture issue He pointed out that the issue is not unique to Anthropic; any AI agent with both external data access and local execution capabilities offers potential privilege escalation paths. “That’s the architecture, not a bug,” he said. “Anthropic should improve permission boundaries and prompt handling. Enterprises need to control which extensions are deployed and monitor usage.” Steven Eric Fisher, an independent cybersecurity and risk advisor who served as the director of cybersecurity, risk, and compliance for Walmart until August 2025, agreed that the problem is based on how Anthropic DXT was designed to function, as opposed to a technical flaw. “The privilege and access management layer is a difficult problem at an individual desktop, let alone trying to manage that at an enterprise level. The AI desktop extensions and browsers don’t manage identity and privileges like a mature operating system does,” Fisher said. “IT and cybersecurity can’t directly fix the absence of articulated capacity in tooling systems. They do have experience and tool-sets for managing some boundaries within a desktop environment, or, in some cases, application behaviors. But this is trying to put ropes around the wrestling ring, which does not manage what happens in the ring or all the risks involved.” The researchers at LayerX Security said that although it is true that these permissions/settings issues exist to a varying degree with all AI vendors, Anthropic’s approach with DXT makes the security problem far worse. Difference are ‘stark’ Principal AI Security Researcher at LayerX Security Roy Paz said that he tested DXT against Perplexity’s Comet, OpenAI’s Atlas, and Microsoft’s CoPilot, and the differences were stark. “When you ask Copilot, Atlas, or Perplexity to use a tool, then it will use that tool for you. But Claude DXT allows tools to talk to other tools, [such as] in Google Calendar to Desktop Commander, and may do so without consulting the user in order to complete a task,” Paz said. With those other vendors, he noted, “if the agent wants to do something that goes beyond the scope of the user’s explicit instruction, it will ask for permission, but with Claude DXT’s, the user is not consulted.” LayerX Head of Product Strategy Eyal Arazi also stressed Anthropic’s different architectural and settings choices. Most AI model providers are currently developing agentic products based on a browser platform, a highly sandboxed environment that is strongly insulated from the underlying operating system, he pointed out. This means that while agentic AI browsers have their own vulnerabilities, compromising a browser doesn’t give access to the underlying file system, or provide the ability to execute remote code directly on the underlying OS. “Claude, however, does things differently,” Arazi said. “It is a browser extension currently only on Chrome, with a paired MCP-based desktop agent. Although some of the browser solutions such as Dia, Microsoft and Google are not yet fully agentic, Claude’s solution is truly agentic.” Unlike browsers, it does have direct access to the file system so the combination of full agentic capabilities and direct file system access creates a dangerous combination, he noted. “This is why it is specifically a problem of Anthropic’s implementation, that other agentic browsers do not have.” Onus on users, says Anthropic Anthropic confirmed much of the report, but said that the onus is on users to use the products properly, based on their environments. “Claude Desktop’s MCP integration is a local development tool where users explicitly configure and grant permissions to servers they choose to run,” said Anthropic spokesperson Jennifer Martinez. “To be clear, the situation described in the post requires a targeted user to have intentionally installed these tools and granted permission to run them without prompts. We recommend that users exercise the same caution when installing MCP servers as they do when installing [other] third-party software.” Martinez added that users explicitly configure and grant permissions to MCP servers they choose to run locally, and these servers have access to resources based on the user’s permissions. “Because users maintain full control over which MCP servers they enable and the permissions those servers have, the security boundary is defined by the user’s configuration choices and their system’s existing security controls,” she said. “Prompt injections are an issue all LLMs are susceptible to, and Anthropic, along with the rest of the AI industry, are working on combating them.” Plenty of blame to share Fault for the weakness can’t be attributed to any one source, Fisher said; that there is plenty of blame to share, including the slow pace of industry standards. “Anthropic or any AI company can’t fix what isn’t well defined. Without a common standard, at best they could produce a bespoke whack-a-mole rights implementation,” he pointed out. “The rate of innovation, in my opinion, far exceeds the ability to identify a common security standard for implementation around the results. People are working on the challenge [in that] there is a group working on an MCP security standard.” But it’s a work in progress. “Right now,” he said, “this is a build fast and innovate [approach], which largely relies on existing underlying security controls. Existing systems just can’t contend with what is going to be required to articulate what is needed or allowed within AI’s reach.” However, Frank Dickson, group vice president for security and trust at IDC, pushed back against the suggestion that this is a problem common to all autonomous agents. “This is not simply a fact of life, given autonomous agents. It is a fact of a new software company extending its offering into an unfamiliar space, for which they do not understand the implications,” Dickson said. “This bug is more about reinforcing the need to secure and control the browser rather than Anthropic issuing an unsafe browser.” Software startups like to fail fast, he noted, however, they do feel the brunt of all of the failures. “If it is not Anthropic making a mistake, it will be someone else,” he said. “Anthropic does not get a pass, but organizations should expect startups to make such mistakes and put in measures to control and secure their browsers.” Not an easy fix LayerX’s Paz said that this problem will not be easy for Anthropic to fix because it is deeply ingrained in the architectural decisions. “It’s not a half-hour fix. It’s weeks worth of fix. It is going to force them to do a full redesign.” Rock Lambros, CEO of security firm RockCyber, added that he would not consider the Anthropic issue a zero day, but it’s still a problem. “This is the predictable result of letting an AI agent chain a harmless data source to a privileged code executor without a confirmation gate. Anthropic already built sandboxing for Claude Code, so the ‘that’s just how agents work’ defense fell apart when they shipped Desktop Extensions without it,” Lambros said. “Every enterprise deploying agents right now needs to answer ‘Did we restrict tool chaining privileges before activation, or did we hand the intern the master key and go to lunch?’” View the full article
  15. OpenClaw, the viral open-source AI agent that security firms warn is “insecure by default,” has integrated VirusTotal’s malware scanning into its ClawHub skills marketplace following weeks in which security researchers documented malicious extensions and widespread unauthorized deployments in enterprises. The integration automatically scans all published skills before making them available for download, according to the announcement by OpenClaw founder Peter Steinberger, security advisor Jamieson O’Reilly, and VirusTotal’s Bernardo Quintero. Skills receiving a “benign” verdict are automatically approved, while those marked suspicious receive warnings, and malicious skills are immediately blocked, with daily re-scanning of all active skills. “As the OpenClaw ecosystem grows, so does the attack surface,” the announcement stated. “We’ve already seen documented cases of malicious actors attempting to exploit AI agent platforms. We’re not waiting for this to become a bigger problem.” Sunil Varkey, advisor at Beagle Security, called the integration “a sensible and welcome step” that filters out known malware. “Most attacks still rely on reusing known malware rather than investing in costly zero-day development, so filtering out known bad artifacts meaningfully raises the bar and improves marketplace hygiene,” Varkey said. How the scanning works The system relies on VirusTotal’s Code Insight, powered by Google’s Gemini, which analyzes complete skill packages for malicious behavior. “It doesn’t just look at what the skill claims to do—it summarizes what the code actually does from a security perspective: whether it downloads and executes external code, accesses sensitive data, performs network operations, or embeds instructions that could coerce the agent into unsafe behavior,” OpenClaw said in the announcement. When developers publish skills to ClawHub, the platform creates a SHA-256 hash and checks it against VirusTotal’s database, uploading the complete bundle for Code Insight analysis if not found. The integration uses the same technology VirusTotal provides to Hugging Face’s AI model repository, according to the announcement. What prompted the response The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.” The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers and the Atomic macOS Stealer malware capable of harvesting cryptocurrency wallets, browser data, and system credentials. A Cornell University report found that 26% of packages contained vulnerabilities and described OpenClaw as “an absolute nightmare” from a security standpoint. Token Security found 22% of its enterprise customers have employees running the agent without IT approval. Security vendor Noma reported that 53% of its enterprise customers gave OpenClaw privileged access over a single weekend, according to a January 30 Gartner analysis. Gartner characterized OpenClaw as “a powerful demonstration of autonomous AI for enterprise productivity, but it is an unacceptable cybersecurity liability” and recommended enterprises “block OpenClaw downloads and traffic immediately,” describing shadow deployments as creating “single points of failure, as compromised hosts expose API keys, OAuth tokens, and sensitive conversations to attackers.” OpenClaw >surpassed 150,000 GitHub stars in late January, gaining viral popularity on social media. The platform, launched in November 2025 and rebranded twice due to trademark disputes, allows community-developed “skills” that run with full access to the agent’s tools and data—the architecture that ClawHavoc exploited. Limitations of malware scanning While the VirusTotal integration addresses known malware in the skills marketplace, OpenClaw acknowledged significant limitations in the announcement. “Let’s be clear: this is not a silver bullet,” the announcement stated. “A skill that uses natural language to instruct an agent to do something malicious won’t trigger a virus signature. A carefully crafted prompt injection payload won’t show up in a threat database.” The primary risk with AI agents involves prompt injection, where malicious instructions embedded in emails or documents can hijack agent behavior without exploiting traditional software vulnerabilities, according to CrowdStrike’s analysis. The Moltbook social network for OpenClaw agents illustrated these risks when it exposed 1.5 million API tokens and 35,000 email addresses after a database misconfiguration. Varkey cautioned that “threats like prompt injection, logic abuse, and misuse of legitimate tools sit outside the reach of malware scanning,” adding that the integration should be “seen as the foundation for broader governance and technical controls, not the finish line.” The VirusTotal integration is the first step in what Steinberger called a “broader security initiative,” with plans to publish a threat model, security roadmap, and audit results at trust.openclaw.ai. View the full article
  16. A previously undocumented China-linked adversary-in-the-middle (AitM) framework known as “DKnife” has been identified operating at network gateways, where it intercepts and manipulates in-transit traffic. According to Cisco Talos’ findings, the framework has been active since at least 2019 and remains operational as of early 2026. Rather than targeting endpoints directly, DKnife is deployed at the network edge, giving operators visibility into and control over the traffic passing through compromised devices. Talos researchers described it as a modular Linux-based system capable of deep packet inspection, credential interception, and malicious content injection. “DKnife’s attacks target a wide range of devices, including PCs, mobile devices, and Internet of Things devices,” they said in a blog post. “It delivers and interacts with ShadowPad and DarkNimbus backdoors by hijacking binary downloads and Android application updates.” Traffic hijacking and malware delivery The researchers found DKnife having seven Linux ELF components that work together to monitor and manipulate network traffic in real time. Once deployed on a gateway or similar edge device, the framework can inspect unencrypted and decrypted traffic flows to selectively modify responses before they reach their intended destination. “The seven implants in DKnife serve the purpose of DPI engine, data reporting, reverse proxy for AitM attack, malicious APK download, framework update, traffic forwarding, and building a P2P communication channel with the remote C2,” the researchers said. The framework was observed being used to redirect legitimate software update requests to attacker-controlled servers, enabling the delivery of secondary payloads posing as trusted updates. This allowed attackers to compromise downstream systems without needing direct access to the endpoints themselves, the researchers noted. Beyond update hijacking, the framework supports DNS manipulation, binary replacement, and selective traffic forwarding, giving attackers control over how specific requests are handled. Indicators point to China-Nexus development and targeting Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications. The framework was also found to enable credential collection from services used within China, indicating specific targeting. Talos confirmed linking DKnife’s operations to the delivery of malware families previously associated with China-nexus activity, further reinforcing attribution. “Based on the language used in the code, configuration files, and the ShadowPad malware delivered in the campaign, we assess with high confidence that China-nexus threat actors operate this tool,” the researchers said without naming any specific threat group. Shared lineage and detection sabotage Talos investigation also revealed technical overlaps between DKnife and earlier AitM frameworks used in past campaigns. “We discovered a link between DKnife and a campaign delivering WizardNet, a modular backdoor known to be delivered by a different AiTM framework, Spellbinder, suggesting a shared development or operational lineage,” the researchers said. Talos said DKnife includes a traffic inspection module that actively interferes with antivirus and PC-management communications. The module identifies 360 Total Security traffic by inspecting specific HTTP headers, such as DPUname and x-360-ver, and by matching known service domains. When a match is detected, the framework disrupts the connection using crafted TCP reset packets. Similar behavior targeting Tencent services and other PC management endpoints was also observed, indicating deliberate efforts to weaken security tooling. To strengthen detection, Talos shared a list of indicators of compromise (IoCs), including file hashes, network artifacts, and command and control (c2) infrastructure associated with DKnife. Additionally, the disclosure shared a set of ClamAV signatures for detecting and blocking the threat. View the full article
  17. The start of a new year means a fresh start for everyone, including cybersecurity teams. With budgets and plans now finalized, it’s time for CISOs and their teams to execute their strategies. But that doesn’t mean that innovation stops when the plan is finalized. In 2026, CISOs should focus on going beyond cybersecurity compliance standards to keep their organizations resilient to emerging threats. Historically, these standards, such as HIPAA, SOC2, ISO 27001 and others, have set the baseline for security procedures and controls. Done correctly, these can be valuable tools for CISOs to justify investments. But they’re a double-edged sword: Companies that rely solely on compliance can miss important and emerging risks. Here’s how CISOs can leave the compliance checklist mentality in 2025, where it belongs. Compliance standards: Necessary, not sufficient Compliance standards have historically served as the baseline for most cybersecurity programs and are often well-intentioned. PCI-DSS emerged from a consortium of payment processors who had implemented duplicative and inconsistent controls, complicating network integration and increasing costs. HIPAA’s privacy and security rules evolved in response to concerns over privacy and the digitization of electronic medical records. These standards give a baseline of controls to keep them protected. However, these standards typically cover well-known threats and may not keep pace with current architectures or threats. They can also be subject to different interpretations. For example, most compliance standards have vague requirements for active monitoring of a company’s vendors. A CISO running a compliant program may only review a vendor once a year or after significant system changes. Compliance standards haven’t caught up to the best practice of continuously monitoring vendors to stay on top of third-party risk. This highlights one of the most unfortunate incentives any CISO who manages a compliance program knows: It is often easier to set a less stringent standard and exceed it than to set a better target and risk missing it. The latter leads to audit findings and sometimes political ill will. But what does the former lead to? It leads to complacency and systemic under-resourcing of security programs. Right or wrong, CISOs justify 78% of their budget needs using compliance, according to a 2025 Hitch Partners survey. This number is the backbone, and may be even higher in highly regulated industries with more prescriptive compliance standards. But if this approximate 80% is interpreted as 100% of your program’s needs, you will fall short of what’s required to run a forward-looking security program. This is where you, as a CISO, are most crucial to your security team’s mission. And luckily, many compliance standards give you some levers you can use to your advantage. The new North Star for CISOs: Accounting for emerging risk We’ve established that it’s no longer good enough to overfit into a compliance standard, but you can still use compliance to your advantage. Most compliance programs mandate an information security risk assessment and, at a larger company, you may already have a dedicated enterprise risk management function. As a CISO, you influence the scope of that information security risk assessment, the methodology and, perhaps most importantly, the time horizon. Three key strategies you should consider: Extend the time horizon Ideally, you want to be considering scenarios as far as 3–5 years down the road so you can get ahead of them. We’re already seeing evolving threats from AI, more breaches stemming from vulnerable third-party vendors and the risk of harvest-now-decrypt-later threats from quantum computing within the decade. None of the controls for these risk scenarios can be turned on overnight, so preparing for them and other emerging risks is paramount. Use risk- or scenario-based methodologies wherever possible What is the situation you are attempting to prevent? Compliance based on assets or controls is where the checkbox label comes from. This may be important at the outset of a security program to ensure you have proper coverage, but you will confront the previously mentioned 80% mentality. \ With scenarios, you start with a broader view of the risk and map associated controls. You can also define custom risk scenarios, which allow you to formally introduce requirements beyond existing compliance routines. They can also be more specific than you may find in control statements or standard scenarios. Quantify the loss One of the most common shortfalls of compliance-driven risk assessments is simplistic math around likelihood and impact. Many of the emergent risks mentioned above have a lower likelihood but an extremely high impact and even a fair amount of uncertainty around timeframes. Using this simplistic math, these tail risks do not often bubble up organically; instead, they have to be pulled up from the batch of lower frequency-x-impact scoring. Defining that impact in dollars and cents cuts through the noise. $250k versus $18M might both rate a “5” for impact in the traditional sense, but one is clearly more impactful than the other. Practically, these can be difficult if your program is newer and they are highly dependent on both your security organization’s stature and risk culture. Just remember that even if you succeed in starting the discussion on these items, you are building awareness and setting the stage for future investments. How to get buy-in from the board The financial leaders who approve a CISO’s cybersecurity plan live in the area of risk. Every day, they make calculated bets on what will pay off for the business. The board will want to know what compliance standards you aren’t accounting for and the likelihood and impact in financial terms. CISOs can assure them that a clean audit that checks all of the compliance boxes may be safe enough to show prospective clients, but resting there sets a standard of “good enough that doesn’t account for risks that may not be a part of the compliance standard for 2–3 more years. While these might sound like extras to the board, quantifying risk, comparing to competitors and calculating cost-optimal controls are key. For example, an awareness campaign, approval process or training module might be cheaper than adding additional software or point solutions around generative AI security and bring risk down to an acceptable level. If your budget has already been approved without these focus areas in mind, now is the time to start weaving a risk-first approach into discussions with your board. You should be talking about this year-round, not only during budget season when it’s time to present your plan. It will position security as a way to protect revenue, improve capital efficiency, preserve treasury integrity and optimize costs, rather than a cost center. The beginning of the year is a great time for CISOs to start shifting their organization’s mindset on cybersecurity risk. Take a risk-first approach that goes beyond compliance standards and focuses on becoming resilient to emerging threats. This article is published as part of the Foundry Expert Contributor Network. Want to join? View the full article
  18. Most security leaders quietly live with a paradox they rarely name out loud. Until you truly look inside the box of your environment, your organization is both secure and compromised. The dashboards might be green and the audit reports reassuring, but the uncomfortable reality is that you do not know your actual state until you observe it directly and often. Meeting the cat — a paradox with teeth Many readers will have heard of Schrödinger’s cat in passing, but the details blur over time, so it is worth revisiting what the analogy means before applying it to security. It is a thought experiment in quantum physics that illustrates how strange the rules of the microscopic world seem when applied to everyday objects, such as a cat in a box. In the classic setup, a cat is placed in a sealed box with three components: a tiny radioactive source, a detector that can sense whether an atom decays and a vial of poison that will be released if the detector triggers. As long as the box stays closed, quantum mechanics describes the radioactive atom as being in the superposition of both decayed and not decayed at the same time. From the outside, the cat appears to be both alive and dead until someone opens the box and checks. The instant an observer looks, the uncertainty collapses into a single outcome: alive or dead, but not both. Schrödinger proposed this not because he believed in half-dead cats, but to criticize simplistic interpretations of quantum theory and force people to confront how odd it is to treat unobserved systems as if they occupy multiple states at once. That structure, a system that exists in multiple possible states until observed, then collapses into a single real state, is exactly what makes Schrodinger’s cat such a powerful way to talk about modern cybersecurity. The two companies every leader runs When I first moved into security consulting, I realized many leaders were effectively running two different companies at once: one that looked safe in audits, dashboards and policy documents and another that attackers were probing and learning to exploit beneath the surface. In board papers, the organization appeared controlled, compliant and orderly in logs and incident reviews, but in practice, it looked messy, improvised and full of blind spots. Over time, I began to describe these two states as the “paper company” and the “real company.” The paper company is defined by controls. It is the version of the organization that appears in frameworks, policies, architecture diagrams and maturity assessments, with named owners, mapped processes and reassuring traffic-light reports. The real company is defined by behavior. It is the version that appears in telemetry, threat intelligence, red team findings and post-incident reviews. It is shaped by how people actually work, by shortcuts embedded in processes, by legacy systems nobody wants to touch and by integrations that were never fully documented. The paradox is that leadership conversations usually assume only the paper company exists. When a board asks, “Are we secure?”, the answer typically references policies, certifications and tool coverage, all attributes of the paper company, while attackers interact only with the real one. Until leaders can see the real company clearly and regularly, they are effectively managing a cat-in-a-box: they must act as if they are both secure and compromised, without knowing which state is currently true. Security as an observation problem, not just a control problem… Most security strategies still treat protection primarily as a control problem: deploy more controls, map more requirements and close more findings. Controls matter and as an adviser, it would be irresponsible to downplay them. Yet major incidents keep reminding us that controls can be in place on paper while attackers move laterally through gaps in visibility, misconfigurations and exceptions that nobody has examined closely for months. Thinking in Schrodinger’s terms reframes this security issue as also and increasingly an observation problem. In physics, measurement collapses a quantum system from many possible states into one observed reality. In security, detection plays the same role. Until there is a concrete signal, such as an alert, a log correlation, an anomaly investigation or a third-party notification, you cannot categorically state whether an attacker is present. You can discuss probabilities and expectations, but not current facts. Seen through that lens, three truths emerge: 1. The absence of evidence (alerts) is not evidence of absence (safety) It may simply mean your tools cannot see where the attacker is or that signals are not being correlated and interpreted effectively. A quiet SIEM can indicate resilience or complete blindness; without deeper observation, you do not know which. 2. Dwell time is a measure of unobserved reality Every day an attacker remains undetected is a day when leadership operates under a false assumption about the system state. The longer the detection gap, the longer your organization lives in a “secure and compromised” superposition. 3. External discovery is a symptom of observation failure When regulators, customers or partners are the first to tell you something is wrong, it is a strong signal that the box has been opened only from the outside. Once you see security as an observation problem, the question “Are we secure?” starts to feel like the wrong question. A better set of questions sounds more like: How quickly would we know if a high-value identity or system were compromised? Which parts of our environment are effectively unobserved, from a telemetry or logging perspective? Advising leaders through the paradox As a consultant, the goal isn’t to embarrass organizations for their uncertainty but to normalize and systematically reduce it. Complex environments have blind spots and risks arise from ignoring them. The work involves three shifts in thinking and action: Change the questions in the boardroom. Instead of asking “Are we secure?”, ask “Where do we have strong evidence and where are we guessing?” This honesty aligns decisions with reality and clarifies investment needs. Measure certainty, not just controls. Include metrics such as telemetry coverage, detection speed and red team findings to assess how well the organization uncovers threats. Cognitive biases among practitioners exacerbate these gaps. Reward the surfacing of ambiguity rather than punishing uncertainty and encourage teams to admit gaps and improve observation, fostering trust over time. Bringing the paradox down to earth Collapsing the paradox in a real enterprise is not about finding a single magic control that proves you are safe; it is about building habits of observation that continually narrow the gap between the paper company and the real one. In practical terms, a few patterns make an outsized difference. What does the transition from superposition to observation entail within an enterprise environment? From a consultant’s perspective, certain patterns significantly influence the process: Treat threat hunting as routine, not heroic. Many organizations treat hunts as occasional special projects, often driven by a specific concern or regulatory pressure. A more effective model is to operationalize them as a standing function, a way to continuously test assumptions about where attackers could hide and to validate that existing detections still work as expected. Design telemetry with questions in mind. Instead of starting with “what logs can we capture easily?”, start with “what questions would we want to answer after an incident and what would we want to observe in real time?”. Work backward from those questions to determine the required telemetry and analytics. That keeps the focus on understanding behavior, not just filling storage. Integrate external observation into your picture of reality. Bug bounties, penetration tests, independent assessments and sector information-sharing are all ways to let others open the box from different angles. The key is to fold those observations back into your own narrative, rather than treating them as disconnected exercises. Over time, these practices narrow the gap between the paper company and the real company. Leaders still need policies, controls and reports, but those artefacts begin to reflect observed behavior much more closely than aspirations. Leading in a world of half-open boxes The most honest statement a security leader can make is not “we are secure” but “here is what we know, here is what we do not know yet and here is how quickly we are closing that gap.” That is essentially a commitment to continuous observation. It also reframes security from a static state to a dynamic practice, which aligns with how modern digital businesses operate. Schrödinger’s cat reminds us that unobserved systems can exist in multiple states simultaneously. In cybersecurity, this means a quiet environment can be both resilient and deeply compromised until proven otherwise. The job of security leaders and their advisers is not to pretend the paradox does not exist, but to build the technical, organizational and cultural capabilities that enable the organization to open the box early and often and to be ready to act on whatever is found when it is. This article is published as part of the Foundry Expert Contributor Network. Want to join? View the full article
  19. Who is Danny – shutterstock.com Auch im Jahr 2026 bleibt die Cybersicherheitslage angespannt. Doch was sind die wichtigsten Themen, Risiken und Chancen, mit denen sich Security-Entscheider aktuell befassen sollten? Das Marktforschungsunternehmen Gartner hat dazu folgende sechs Trends ermittelt: Trend 1: Agentic AI erfordert Cybersicherheitsüberwachung KI-Agenten werden zunehmend von Mitarbeitern und Entwicklern genutzt, wodurch neue Angriffsflächen entstehen. No-Code-/Low-Code-Plattformen und Vibe-Coding verstärken diesen Trend noch und führen zu einer unkontrollierten Verbreitung von Agentic AI, unsicherem Code und potenziellen Verstößen gegen gesetzliche Vorschriften. „Während KI-Agenten und Automatisierungs-Tools für Unternehmen immer zugänglicher und praktischer werden, bleibt eine strenge Governance unerlässlich“, betont Alex Michaels, Analyst bei Gartner. „Führungskräfte im Bereich Cybersicherheit müssen sowohl genehmigte als auch nicht genehmigte KI-Agenten identifizieren. Für beide Varianten sollten sie strenge Kontrollen durchsetzen und Playbooks für die Reaktion auf Vorfälle entwickeln, um potenzielle Risiken zu bewältigen.“ Trend 2: Globale regulatorische Volatilität treibt Bemühungen um Cyberresilienz voran Veränderte geopolitische Landschaften und sich weiterentwickelnde globale Vorschriften haben Cybersicherheit zu einem kritischen Geschäftsrisiko mit direkten Auswirkungen auf die Resilienz von Organisationen gemacht. Da Regulierungsbehörden Vorstände und Führungskräfte zunehmend für Compliance-Verstöße haftbar machen, kann Untätigkeit zu erheblichen Strafen, Geschäftsverlusten und irreversiblen Reputationsschäden führen. Gartner empfiehlt Führungskräften im Bereich Cybersicherheit, die Zusammenarbeit zwischen Legal-, Business- und Beschaffungsteams zu formalisieren, um eine klare Verantwortlichkeit für Cyberrisiken zu schaffen. Die Anpassung von Kontrollrahmen an anerkannte Standards und die Berücksichtigung von Datenhoheitsfragen tragen dazu bei, Compliance-Lücken zu schließen. Trend 3: PostQuantum-Computing wird zum Aktionsplan Gartner prognostiziert, dass Fortschritte im Bereich des Quantencomputing die asymmetrische Kryptografie, auf die Unternehmen zur Sicherung ihrer Daten und Systeme setzen, bis 2030 unsicher machen werden. Um potenzielle Datenverstöße, rechtliche Haftungsrisiken und finanzielle Verluste durch Angriffe nach dem Prinzip „jetzt sammeln, später entschlüsseln“ zu vermeiden, müssen jetzt Alternativen zur Post-Quantum-Kryptografie eingeführt werden. „Die Post-Quanten-Kryptografie verändert die Cybersicherheitsstrategien. Sie veranlasst Unternehmen dazu, traditionelle Verschlüsselungsmethoden zu identifizieren, zu verwalten und zu ersetzen und gleichzeitig der kryptografischen Agilität Vorrang einzuräumen“, so Michaels. „Indem man jetzt schon in diese Fähigkeiten investiert und die Migration vorantreibt , werden Assets gesichert, wenn Quantenbedrohungen Realität werden.“ Trend 4: Identitäts- und Zugriffsmanagement passt sich KI-Agenten an Der Aufstieg von KI-Agenten stellt traditionelle Identitäts- und Zugriffsmanagementstrategien (IAM) vor neue Herausforderungen, insbesondere in den Bereichen Identitätsregistrierung und -verwaltung, Automatisierung von Anmeldedaten und richtliniengesteuerte Autorisierung für maschinelle Akteure. Werden diese Probleme nicht angegangen, steigt das Risiko von Cybersicherheitsvorfällen im Zusammenhang mit Zugriffen, da autonome Agenten immer mehr Verbreitung finden. Gartner rät zu einem gezielten, risikobasierten Ansatz, bei dem dort investiert wird, wo die Lücken und Risiken am größten sind, und Automatisierung genutzt wird. Dies ist unerlässlich, um Innovationen zu ermöglichen, die Einhaltung von Vorschriften zu gewährleisten und kritische Ressourcen in KI-zentrierten Umgebungen zu schützen. Trend 5: KI-gesteuerte SOC-Lösungen destabilisieren betriebliche Normen Angetrieben durch Kostensparmaßnahmen und das wachsende Interesse an KI führt das Aufkommen von KI-gestützten Security Operations Centern (SOCs) zu einer neuen Komplexität. Dies trägt zu Personalengpässen, erhöhten Anforderungen an die Qualifizierung und sich wandelnden Kostenüberlegungen für KI-Tools bei, auch wenn diese Technologien die Arbeitsabläufe bei der Alarmierung und Untersuchung verbessern. „Um das volle Potenzial von KI in Sicherheitsabläufen auszuschöpfen, müssen Cybersicherheitsverantwortliche Menschen ebenso priorisieren wie Technologie“, erklärt der Gartner-Analyst. „Die Stärkung der Fähigkeiten der Belegschaft, die Implementierung von Human-in-the-Loop-Frameworks in KI-gestützte Prozesse und die Ausrichtung auf klare strategische Ziele werden entscheidend sein, um die Widerstandsfähigkeit bei der Weiterentwicklung von SOCs aufrechtzuerhalten.“ Trend 6: GenAI bricht mit traditionellen Strategien zur Sensibilisierung für Cybersicherheit Laut Gartner reichen bestehende Maßnahmen zur Sensibilisierung für Cybersicherheit nicht aus, um Cyberrisiken zu reduzieren, da die Einführung von GenAI immer schneller voranschreitet. Bei einer Umfrage, die das Analystenhaus zwischen Mai und November 2025 unter 175 Mitarbeitern durchführte, gaben mehr als 57 Prozent an, persönliche GenAI-Accounts für berufliche Zwecke zu nutzen. 33 Prozent der Befragten gaben zu, sensible Informationen für nicht genehmigte Tools zu verwenden. Gartner plädiert dafür, von allgemeinen Awareness-Trainings zu adaptiven Verhaltens- und Schulungsprogrammen überzugehen, die KI-spezifische Aufgaben umfassen. „Durch die Stärkung der Governance, die Verankerung sicherer Praktiken und die Festlegung von Richtlinien für die autorisierte Nutzung lassen sich Datenschutzverletzungen und der Verlust geistigen Eigentums reduzieren“, so die Analysten. View the full article
  20. Many companies today invest significant resources to secure their internal IT. Firewalls, monitoring, incident response plans, and awareness programs are well-established. At the same time, a dangerous illusion is growing: the assumption that risks can be controlled within the boundaries of one’s own system. The reality is quite different. Modern business models are virtually inconceivable without external IT service providers, cloud services, software vendors, and specialized subcontractors. This is precisely where the greatest uncertainties arise. NIS2 addresses this development and clarifies that cybersecurity doesn’t end at the company’s own firewall. The guideline compels companies to reassess their supply chains not only technically, but also strategically. It makes external dependencies an integral part of the security architecture and thus a management responsibility. NIS2 shifts the focus of systems to dependencies. At its core, NIS2 follows a clear approach: Risks should be addressed where they originate. Statistics and incident analyses have shown for years that attacks are increasingly carried out via third parties. Software updates, maintenance access, or outsourced services serve as entry points. NIS2 addresses this by explicitly including supply chains in its scope. Companies are obligated to assess risks related to their direct service providers as well as downstream subcontractors. The decisive factor is no longer whether an incident originates internally or externally, but rather its impact on critical services. This marks a departure from a purely technical understanding of security in the regulatory framework. It demands a structured management of dependencies that makes risks visible and manageable. Why supply chains are particularly vulnerable The supply chain is an attractive target for attackers for several reasons. External partners often have privileged access, work with sensitive data, or are deeply integrated into operational processes. At the same time, they are often not subject to the same security standards as large organizations. Furthermore, there is a structural lack of transparency. Companies often don’t know which other service providers their partners use or how access is technically implemented. This lack of visibility leads to a fragmented security landscape in which risks are known but remain unquantifiable. NIS2 addresses this issue directly and requires transparent processes for identifying, assessing, and monitoring these risks. The break with traditional compliance Many organizations are accustomed to formally fulfilling regulatory requirements. Questionnaires are sent out, certificates are filed, checklists are ticked off. This approach generates documentation, but not security. NIS2 makes it clear that formal compliance is not enough. The directive requires the effective implementation of security measures and verifiable monitoring of their effectiveness. This also applies to, and especially applies to, external partners. A security concept that relies solely on self-reported information no longer meets the requirements. A realistic picture of the actual security maturity along the supply chain is needed. What NIS2 specifically expects from companies NIS2 does not specify detailed technical requirements but defines clear objectives. Companies must identify, prioritize, and appropriately manage risks. For supply chains, this entails several key tasks: First, dependencies must be systematically identified. Which service providers are essential for operations? What data do they process? What access rights do they have? Secondly, appropriate security requirements must be defined. These must be commensurate with the risk and contractually stipulated. Third, NIS2 requires continuous monitoring. Risks change. Business models, threat landscapes, and technical architectures evolve. Security assessments must therefore not be a one-off project. The role of the CISO under NIS2 For CISOs, NIS2 represents a significant expansion of their responsibilities. Technical excellence alone is no longer sufficient. Communication skills, risk assessment, and the ability to enforce security requirements across the organization are now essential. The CISO becomes the intermediary between technology, management, procurement, and legal. They must explain why certain requirements are necessary, what risks exist, and what the consequences of inaction might be. NIS2 strengthens this role by defining clear responsibilities and anchoring the importance of cybersecurity at the board level. Why many supply chain assessments go wrong In practice, supply chain assessments often fail for the following three reasons: Lack of prioritization: Companies try to treat all partners equally and lose focus on the truly critical dependencies. Lack of enforceability: Safety requirements are formulated but not checked or consistently enforced in case of deviations. Organizational silos: Purchasing, IT, and legal departments operate separately. As a result, security risks are viewed in a fragmented way and not managed holistically. NIS2 makes it clear that these approaches are no longer sufficient. An integrated risk management system is required. Control mechanisms with substance Effective control does not mean maximum bureaucracy. The quality of the measures is crucial. For critical partners, this could include regular technical assessments, structured audits, or clearly defined escalation processes. It is important that companies retain the ability to assess risks independently and do not completely outsource them to third parties. NIS2 requires taking responsibility, not delegating it. Control mechanisms must also be scalable. Not every partner requires the same level of effort. The potential impact of a security incident is crucial. Supply chains as a strategic resilience factor Companies that view NIS2 as a purely compliance-related task are missing out on potential. A realistic assessment of supply chains not only strengthens their regulatory position but also increases operational stability. Transparent dependencies, clear security requirements, and effective control processes reduce the risk of disruption and improve responsiveness in emergencies. Supply chains are thus transformed from a weak point into a strategic resource. Conclusion: NIS2 forces honesty NIS2 confronts companies with an uncomfortable truth: Cybersecurity doesn’t end at the boundaries of their own systems. Those who outsource critical processes remain responsible. The directive calls for an honest assessment of dependencies, risks, and the ability to control them. For CISOs, this presents both a challenge and an opportunity. Supply chains are no longer a side issue under NIS2. They are the touchstone for effective cybersecurity and sustainable resilience. View the full article
  21. nikkimeel – shutterstock.com Mit gefälschten Chatnachrichten vor allem im Messengerdienst Signal nehmen Hacker zurzeit hochrangige deutsche Politiker, Soldaten, Diplomaten und auch Journalisten ins Visier – davor warnen die Bundesämter für Verfassungsschutz und für Sicherheit in der Informationstechnik. Ziel des “wahrscheinlich staatlich gesteuerten” Angriffs sei es, unbemerkt Zugriff auf Einzel- und Gruppenchats sowie Kontaktlisten der Betroffenen zu bekommen, heißt es in einem gemeinsamen Sicherheitshinweis, der der Deutschen Presse-Agentur vorliegt. Zuerst berichtete der “Spiegel” darüber. Die Angreifer geben sich demnach unter anderem als offizielles Signal-Support-Team aus, senden eine Sicherheitswarnung und bitten um die geheime Sicherheits-Pin. Damit übernehmen sie dann das ganze Konto und verlagern es auf eine von ihnen kontrollierte Handynummer. Bei der zweiten Methode machen sich die Angreifer den Angaben zufolge die Standardfunktion zur Kopplung eines weiteren Handys zunutze. Die Freigabe erfolgt durch das Scannen und Bestätigen eines QR-Codes auf dem Primär-Handy. Keine Schadprogramme, keine Schwachstellen Wichtig: In beiden Fällen werden keine Schadprogramme eingesetzt oder technische Schwachstellen ausgenutzt, sondern allein die Arglosigkeit der Benutzer. Die Behörden stellen klar: Der Kundendienst von Signal meldet sich niemals direkt per Nachricht. Zudem sollten Nutzer niemals ihre Pin als Textnachricht eingeben. Wegen ähnlicher Funktionsprinzipien seien solche Attacken auch bei WhatsApp denkbar. Signal gilt als besonders sicherer Messengerdienst und bietet eine wirksame Ende-zu-Ende-Verschüsselung. Er wird deshalb besonders gerne von Personen eingesetzt, die potenziell gefährdet sind, darunter Journalisten, Politiker, Menschenrechtsaktivisten und andere. Erst Ende Januar hatte Innenminister Alexander Dobrindt beklagt, Deutschland erlebe ständig Cyberangriffe – auf Institutionen, Infrastruktur und Unternehmen. Oft gingen die Attacken von Gruppen aus, die Verbindungen zu staatlichen Geheimdiensten hätten und von diesen finanziert würden, so der CSU-Politiker mit Blick auf hybride Angriffe aus Russland und anderen Teilen der Welt. Um die Abwehr besser zu koordinieren, plane das Innenministerium ein Abwehrzentrum gegen hybride Gefahren, das derzeit vom Bundesamt für Verfassungsschutz vorbereitet werde und im Laufe dieses Jahres seine Arbeit aufnehmen solle. “Kompromittierung ganzer Netzwerke” möglich Die Behörden stufen die laufende Angriffskampagne via Signal im Hinblick auf hochrangige Zielpersonen als sicherheitsrelevant ein, wie es in dem Hinweis heißt. Ein erfolgreicher Zugriff auf Messenger-Konten ermöglicht demnach “nicht nur die Einsicht in vertrauliche Einzelkommunikation, sondern potenziell auch die Kompromittierung ganzer Netzwerke über Gruppen-Chats”. Überdies ließen sich sensible Kontaktstrukturen rekonstruieren. (dpa/jm) View the full article
  22. nikkimeel – shutterstock.com Mit gefälschten Chatnachrichten vor allem im Messengerdienst Signal nehmen Hacker zurzeit hochrangige deutsche Politiker, Soldaten, Diplomaten und auch Journalisten ins Visier – davor warnen die Bundesämter für Verfassungsschutz und für Sicherheit in der Informationstechnik. Ziel des “wahrscheinlich staatlich gesteuerten” Angriffs sei es, unbemerkt Zugriff auf Einzel- und Gruppenchats sowie Kontaktlisten der Betroffenen zu bekommen, heißt es in einem gemeinsamen Sicherheitshinweis, der der Deutschen Presse-Agentur vorliegt. Zuerst berichtete der “Spiegel” darüber. Die Angreifer geben sich demnach unter anderem als offizielles Signal-Support-Team aus, senden eine Sicherheitswarnung und bitten um die geheime Sicherheits-Pin. Damit übernehmen sie dann das ganze Konto und verlagern es auf eine von ihnen kontrollierte Handynummer. Bei der zweiten Methode machen sich die Angreifer den Angaben zufolge die Standardfunktion zur Kopplung eines weiteren Handys zunutze. Die Freigabe erfolgt durch das Scannen und Bestätigen eines QR-Codes auf dem Primär-Handy. Keine Schadprogramme, keine Schwachstellen Wichtig: In beiden Fällen werden keine Schadprogramme eingesetzt oder technische Schwachstellen ausgenutzt, sondern allein die Arglosigkeit der Benutzer. Die Behörden stellen klar: Der Kundendienst von Signal meldet sich niemals direkt per Nachricht. Zudem sollten Nutzer niemals ihre Pin als Textnachricht eingeben. Wegen ähnlicher Funktionsprinzipien seien solche Attacken auch bei WhatsApp denkbar. Signal gilt als besonders sicherer Messengerdienst und bietet eine wirksame Ende-zu-Ende-Verschüsselung. Er wird deshalb besonders gerne von Personen eingesetzt, die potenziell gefährdet sind, darunter Journalisten, Politiker, Menschenrechtsaktivisten und andere. Erst Ende Januar hatte Innenminister Alexander Dobrindt beklagt, Deutschland erlebe ständig Cyberangriffe – auf Institutionen, Infrastruktur und Unternehmen. Oft gingen die Attacken von Gruppen aus, die Verbindungen zu staatlichen Geheimdiensten hätten und von diesen finanziert würden, so der CSU-Politiker mit Blick auf hybride Angriffe aus Russland und anderen Teilen der Welt. Um die Abwehr besser zu koordinieren, plane das Innenministerium ein Abwehrzentrum gegen hybride Gefahren, das derzeit vom Bundesamt für Verfassungsschutz vorbereitet werde und im Laufe dieses Jahres seine Arbeit aufnehmen solle. “Kompromittierung ganzer Netzwerke” möglich Die Behörden stufen die laufende Angriffskampagne via Signal im Hinblick auf hochrangige Zielpersonen als sicherheitsrelevant ein, wie es in dem Hinweis heißt. Ein erfolgreicher Zugriff auf Messenger-Konten ermöglicht demnach “nicht nur die Einsicht in vertrauliche Einzelkommunikation, sondern potenziell auch die Kompromittierung ganzer Netzwerke über Gruppen-Chats”. Überdies ließen sich sensible Kontaktstrukturen rekonstruieren. (dpa/jm) View the full article
  23. Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector. Attackers are increasingly targeting the tools, access, and trusted channels used by software developers rather than simply exploiting application bugs. The threats blend technical compromise — malicious packages, development pipeline abuse, etc. — with social engineering and AI-driven attacks. “Attackers are no longer just trying to break into the network; they are trying to break into the workflow,” says Chris Wood, principal application security SME at cybersecurity firm Immersive. “By compromising the tools developers trust implicitly, like extensions and package registries, they can poison the well before a single line of code is written.” The tokens, API keys, cloud credentials, and CI/CD secrets held by software developers unlock far broader access than a typical office user account, making software engineers a prime target for cybercriminals. “They [developers] hold the keys to the kingdom, privileged access to source code and cloud infrastructure, making them a high-value target,” Wood adds. Security experts quizzed by CSO said the threat against software developers can be broken into several categories, including: malicious extensions, IDE plugins, and tools; supply chain and dependency attacks; credential theft and environment compromise; social engineering; and AI risks in software development workflows. Malicious utilities poison the ecosystem Darren Meyer, security research advocate at application security firm Checkmarx, sees most attacks targeting developers as “low-effort” and untargeted. For example, attackers plant tainted open-source packages on typosquatting domains to trick developers into installing malicious versions of popular utilities. But spray-and-pray efforts are only part of the story. More targeted attacks are also in play, such as the Shai-Hulud worm hack against GitHub and other software development platforms, a recent assault against npm package Chalk, and attempts to compromise the Visual Studio Code plugin ecosystem, Meyer warns. Meyer’s warning about tainted open-source packages is backed up by recent study by DevSecOps firm Sonatype that identified 1.233 million malicious packages. Known vulnerable components also pose a massive risk. Four years after the vulnerability was patched, versions of Log4j vulnerable to the Log4Shell vulnerability were downloaded 42 million times last year, according to Sonatype’s latest State of the Software Supply Chain report. Credential theft and environment compromise Attackers aren’t just looking for flaws in code — they’re looking for access to software development environments. Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments. “Improperly stored access credentials are low-hanging fruit for even the most amateur of threat actors,” says Crystal Morin, senior cybersecurity strategist at cloud-native security and observability vendor Sysdig. Malicious insider threats Attackers are also looking for ways to infiltrate targeted enterprises by posing as software development contractors or remote hire workers. Fake worker schemes, a popular tactic spearheaded by North Korean threat actors, rely on using technically skilled individuals with falsified identities who use social engineering trickery to fool victims into hiring them. Once inside, these moles steal data and sensitive secrets that serve as collateral for blackmail scams, among other ruses. “We’ve also seen threat actors pretend to be maintainers and commit malicious code to open-source projects with the goal of infecting users of popular packages, which was the case with the XZ Utils backdoor (CVE-2024-3094),” says Sysdig’s Morin. Software supply chain risks A compromised dependency such as a shared software library can taint the code of any developer that relies on it, leading to a large and growing software supply chain risk. Gavin Millard, VP of intelligence at exposure management company Tenable, says threats from the software supply chain have supplanted exploits to become the greatest systemic cybersecurity risk. Software supply chain risks mean the attack surface has expanded beyond traditional vulnerabilities and stolen credentials to the hijacking of maintainer accounts on platforms such as npm or PyPI. “As evidenced by the recent S1ngularity and npm maintainer hijacks, a single poisoned update in a common library can achieve more in minutes than a year spent sending targeted phishing messages or scanning the internet for exposed systems,” Millard tells CSO. Abusing the supply chain offers a “force multiplier” for any adversary, he adds. “For a mainstream user, a breach is a data leak, but for a developer, it’s a poisoned well that could infect every application they develop and every user of their products downstream,” Millard explains. Concerns about the resilience of supply chains against cyberattacks are growing. The World Economic Forum’s latest annual Global Cybersecurity Outlook report shows that 65% of large enterprises report that third-party and supply chain vulnerabilities are their greatest challenge, a figure that has risen from 54% in 2025. “Developers routinely pull code from public registries, install third-party dependencies, grant automation broad permissions and publish artefacts that downstream systems implicitly trust,” says Christopher Jess, senior R&D manager at application security firm Black Duck. “Attackers are exploiting that reality by shifting left into the developer toolchain by poisoning open-source packages, typosquatting popular libraries, publishing malicious extensions into IDE marketplaces, and targeting build systems where a single compromised pipeline can affect every environment,” he adds. Blended threat model Attackers have also begun blending technical compromise with social engineering to increase the potency of their attacks, Jess notes. “A malicious package may be seeded with subtle backdoors, then amplified through convincing outreach with fake maintainer messages, urgent security-fix pull requests, or impersonation of trusted collaborators to accelerate adoption,” Jess explains. “AI is raising the scale and precision of these attacks: phishing and pretexting can be more contextual — matching repo names, commit history, and team roles — and adversaries can generate plausible code changes or documentation that reduce suspicion during review,” he says. AI-assisted development increases exposure AI-assisted development and “vibe coding” are increasing exposure to risk, especially because such code is often generated quickly without adequate testing, documentation, or traceability. Jamie Beckland, chief product officer at cybersecurity firm APIContext, warns that as software development teams adopt AI agents and Model Context Protocol (MCP) servers, a new, growing risk is tool sprawl with opaque permissions. “MCP servers can be modified by adding tools designed to exfiltrate data from internal APIs, data stores, or SaaS systems,” Beckland says. “The risk isn’t just the LLM model, it’s the tooling surface area and what those tools can reach.” “Monitoring MCP servers for changes in the tool infrastructure, and the data access rights of the server, is critical to verify changes in tools and requests.” Pieter Danhieux, CEO and co-founder of cybersecurity education firm Secure Code Warrior, adds that MCPs and AI agents are fertile ground for attackers because it is easy to “purposely introduce an insecure prompt or insert AI-augmented malicious code.” “Additionally, we’ve seen threat actors exploit user identity in new ways, namely with the confused deputy vulnerability where threat actors will fool AI agents into taking unauthorized actions on behalf of the user,” Danhieux says. Sonatype’s analysis of 37,000 recommendations shows that GPT-5 hallucinated 27.8% of component versions and even suggested actual malware packages in some cases, a statistic that emphasises the need for human code review. According to BaxBench, 62% of the solutions generated even by the best large language model (LLMs) are either incorrect or contain a security vulnerability, highlighting that LLMs cannot yet generate deployment-ready code. CISOs need to “stop obsessing over individual vulnerabilities and start mastering their total exposure, including the provenance of the shared libraries automatically pulled in via AI code assistants,” Tenable’s Millard says. Countermeasures For CISOs, hardening software development environments requires a blend of technical controls, security education and creating a security-aware culture. Tighter identity verification checks, credential hygiene and least-privilege access to data offer steps to building greater security maturity into software development practices. “Well-known solutions to these problems include isolating workspaces in containers, centralizing image and secret management, and enforcing regular audits and procedure logging, all of which can effectively reduce the danger,” says Eric Paulsen, CTO for EMEA at software development platform provider Coder. Best practice has always been to pin workflow actions against immutable SHA hashes stored on tamper-proof hardware modules, according to David Sugden, head of engineering at digital transformation consultancy Axiologik. “Similarly, allow lists, secrets scanning, and software composition analysis continue to form DevSecOps baselines that increase protection,” Sugden says. “Gating direct access to external dependencies offers protection against malicious packages and versions, as well as preventing downloads for older, insecure packages.” Michael Burch, application security advocate at cybersecurity training firm Security Journey, emphasizes the importance of offering software developers continuous, hands-on training. “Developers need realistic exercises that demonstrate impact. Allow them to see how systems fail and empower them to fix issues themselves,” Burch advises. View the full article
  24. Jackie Niam | shutterstock.com Customer Identity & Access Management (CIAM) bildet eine Unterkategorie von Identity & Access Management (IAM). CIAM wird dazu eingesetzt, die Authentifizierungs- und Autorisierungsprozesse von Applikationen zu managen, die öffentlich zugänglich sind, beziehungsweise von Kunden bedient werden. Geht es darum, die für Ihr Unternehmen passende CIAM-Lösung zu ermitteln, gilt es, die Benutzerfreundlichkeit mit einer langen Liste von Geschäftszielen und -anforderungen ins Gleichgewicht zu bringen: Marketingverantwortliche wollen Daten über Kunden und deren Geräte sammeln. Datenschutzbeauftragte wollen sicherstellen, dass alle Prozesse mit den Datenschutzbestimmungen in Einklang stehen. Security- und Risiko-Entscheider wollen die Integrität der Konten sicherstellen und die betrügerische Nutzung von Anmeldedaten so weit wie möglich verhindern. Um Sie bei diesem heiklen Balanceakt zu unterstützen, haben wir die derzeit besten Lösungen, die der Markt für Customer Identity & Access Management zu bieten hat, für Sie zusammengestellt. Empfehlenswerte Customer Identity & Access Management Tools Die folgenden CIAM-Plattformen und -Lösungen werden von Analysten und Kunden aufgrund ihres Funktionsumfangs, ihrer Erweiterbarkeit und ihrer Benutzerfreundlichkeit bevorzugt. IBM Security Verify Im Enterprise-Bereich erhält IBMs Security Verify gute Noten für seine robuste Infrastruktur, die durch eine containersierte Multi-Cloud-Architektur gestützt wird. Diese ist nicht nur skalierbar, sondern bietet Unternehmen auch die Möglichkeit, isolierte Kundeninstanzen zu managen. Dabei bietet die IBM-Lösung Support für eine Vielzahl von Authentifizierungsstandards, inklusive FIDO 2 Server-Zertifizierung. Um Marketing-Analysen oder BI-Funktionen zu integrieren, können die Kunden entweder das IBM-eigene Ökosystem oder Drittanbieter über ein ausgedehntes Konnektoren-Portfolio ins Boot holen. Ein wichtiges Alleinstellungsmerkmal des IBM-Produkts: Während viele andere CIAM-Produkte in Sachen risikobasierte Authentifizierung und Betrugsbekämpfung nur Integrationsoptionen anbieten können, bringt Security Verify diese Funktionen nativ mit: Die “Trusteer”-Funktionen nutzen Analysefunktionen, um Betrug mit Hilfe von KI-gestütztem, adaptivem Zugriff zu reduzieren. Das System nutzt eine Kombination aus Anomalieerkennung, Erkennung von Betrugsmustern und anderen passiven Verhaltensanalysen, um die Vertrauenswürdigkeit eines Kontos zu bewerten und die Authentifizierungsanforderungen entsprechend anzupassen. Darüber hinaus bietet die IBM-Lösung auch ein Self-Service-Portal für die Benutzer, um Einwilligungen zu managen sowie eine Low-Code/No-Code-Management-Funktion, die Datenschutzbeauftrage und Business-Entscheidern ermöglicht, Datenschutzrichtlinien und -anforderungen ohne die Hilfe von Softwareentwicklern festzulegen und zu optimieren. LoginRadius Wenn Sie in Sachen CIAM eine schlüsselfertige Lösung suchen, die für ihre einfache Implementierung und Bedienung bekannt ist, sollten Sie einen Blick auf das Angebot von LoginRadius werfen: Sie bringt umfassenden API-Support mit und lässt sich in vielfacher Hinsicht an ihre Bedürfnisse anpassen. Allerdings handelt es sich hierbei nicht um eine Plattform, die für umfangreiche Code-Anpassungen unter der Haube gedacht ist. Vielmehr adressiert sie als No-Code-Lösung Unternehmen, die wenig bis gar keine Entwicklungsarbeit leisten wollen oder können. Onboarding-Workflows werden über eine grafische Benutzeroberfläche abgewickelt, Richtlinien über Dropdown-Listen erstellt. Zu Integrationszwecken steht ein Marktplatz mit vordefinierten Konnektoren zur Verfügung. Darüber hinaus enthält die CIAM-Plattform auch eine integrierte Analyse-Engine mit Dutzenden von Reportings für Marketing- und Identitätsanalysen. Um Datenschutz- und Compliance-Anforderungen gerecht zu werden, stehen grundlegende Consent-Management- und Self-Service-Funktionen zur Verfügung – zudem wird etwa Social Login unterstützt. Für die einfache Bedienung und die Deployment-Vorzüge opfern Unternehmen ein gewisses Maß an Kontrolle: So verfügt das Tool zwar über eine Authentifizierungs-Risiko-Engine, bietet aber nur wenig Kontrolle über dessen Priorisierung. Für Betrugserkennungs-Funktionen von Drittanbietern stehen nicht besonders viele Konnektoren zur Verfügung und Geräteattribute werden für Risikobewertungen und -analysen zwar untersucht, allerdings nur in begrenztem Umfang. Microsoft Entra Microsoft ist zwar ein wichtiger Akteur auf dem breiteren IAM-Markt, arbeitet sich in Sachen CIAM aber immer noch auf der Reifegradskala nach oben. Im Rahmen ihrer letzten großen Access-Management-Analyse argumentierten die Marktforscher von Gartner, die CIAM-Funktionen von Azure AD seien im Vergleich zu den Konkurrenzangeboten unausgereift, weswegen die meisten Kunden das Produkt nur für Workforce-Szenarien verwendeten. Seitdem ist allerdings viel passiert: Microsoft hat mit Nachdruck in sein gesamtes Identity-Portfolio investiert und sich mit einer neuen Produktlinie namens Entra positioniert. Diese umfasst nun das komplette Azure-AD-Paket, inklusive der CIAM-Funktionalitäten von Azure AD External Identities – zudem wurde auch die Open-Standard-Plattform Verified ID in den Mix aufgenommen. Microsoft setzt auf dieses dezentrale Identitätsnachweis-Ökosystem in erster Linie für Mitarbeiterszenarien und setzt damit einen langfristigen strategischen Schwerpunkt, der sich vermutlich auch auf externe Anwendungsfälle erstrecken wird. Trotz einiger großer Funktionslücken – etwa fehlende Consumer Privacy Dashboards oder der eher rudimentären Adaptive-Authentication-Policy-Konstruktion – hat Azure AD External Identities Vorteile: Es ist extrem skalierbar, einfach zu bedienen und verfügt über einige starke Account-Takeover-Schutzmechanismen. Zudem lässt es sich gut mit Microsofts BI- und CRM-Plattformen für erweiterte Analysen integrieren und bietet ein kontinuierlich wachsendes Integrations-Ökosystem. Okta / Auth0 Nach der Übernahme von Auth0 will Okta das CIAM-Produkt von Auth0 als eigenständiges Angebot neben den hauseigenen CIAM-Funktionen beibehalten, um Kunden maximale Flexibilität bei der Implementierung zu bieten. Nichtsdestotrotz wird es zu Überschneidungen und Integrationen kommen – Okta hat bereits mehrere Funktionen kombiniert, um die Fähigkeit zu Zusammenarbeit und Innovation zu beschleunigen. Auth0 bietet zwar einige Workforce-IAM-Funktionen an, aber diese Plattform ist mit CIAM-Anwendungsfällen groß geworden – entsprechend stark ausgeprägt ist der Fokus auf diesen Bereich. Laut den Analysten von Gartner eignet sich die CIAM-Lösung von Auth0 vor allem dann, wenn Entwickler Access Management für Verbraucher in individuell entwickelte, API-lastige Anwendungen einbauen müssen. Dazu kombiniert die Plattform “großartige UX-Flows und UI-Anpassungsfähigkeiten” mit “umfassenden Entwickler-Tools und vollständiger API-Unterstützung”, heißt es in Gartners Magic Quadrant. Das gesamte Okta-CIAM-Portfolio verfügt über eine Reihe von Konnektoren für Business Intelligence, CRM, Marketing-Analytics und -Automatisierung, andere IAM-Plattformen, beliebte SaaS-Anwendungen und Plattformen zur Betrugsbekämpfung. Raum nach oben gibt es bei diesem Produkt, wenn es darum geht, Geräteintelligenz und Verhaltensbiometrie in die nativen Funktionen der Plattform zu integrieren. OneLogin Der Identity-as-a-Service (IdaaS)-Anbieter OneLogin gehört in Gartners Magic Quadrant für Access Management zur Spitzengruppe und bietet einige abgespeckte, entwicklerfreundliche CIAM-Funktionen. Die könnten speziell für Unternehmen, die eine erschwingliche Option für den Aufbau einer stärkeren Kundenauthentifizierung suchen, hilfreich sein. Laut Gartner liegt die Stärke von OneLogin auch in den erschwinglichen Preisen, die das Unternehmen für externe Zugriffsmanagement-Anwendungen aufruft. Die Lösung selbst zeichnet sich dabei durch seine flexible Erweiterbarkeit mit umfangreicher Entwicklerunterstützung und seine robusten APIs aus. Die Serverless Smart-Hooks-API-Funktion soll Entwickler dabei unterstützen, CIAM-Workflows und -Richtlinien anzupassen, um möglichst nahtlose und sichere Benutzererfahrungen während der Anmeldung zu gewährleisten. Entlastung gibt es auch, wenn es um Single-Sign-On geht – auch hier unterstützt das Tool dabei, entsprechende Funktionen in Consumer-Apps einzubauen. Im Gegensatz zu vielen anderen CIAM-Lösungen in dieser Übersicht, gehören allerdings keine Out-of-the-Box-Funktionen für Consent Management oder geschäftsorientierte Funktionen wie Marketing-Analysen und Automatisierung zum Paket – es handelt sich in erster Linie um eine Authentifizierungs- und Autorisierungslösung. Nach der Übernahme durch One Identity war erwartet worden, dass sich das Portfolio stärker in Richtung Workforce IAM entwickeln wird. Davon ist ein Jahr später allerdings noch nichts zu sehen. Ping Identity Ping Identity ist einer der ersten Enterprise-IAM-Anbieter, der in CIAM-Gewässer abtaucht. Dabei überzeugt er vor allem in Sachen Identitäsnachweise, -orchestrierung und Analytics-Funktionen – auch der Umfang der unterstützten Authentifikatoren sowie die Dokumentation und Sicherheit der API-Konnektoren sind positiv hervorzuheben. Ein “Fraud”-Modul spürt darüber hinaus mit Hilfe von Echtzeit-Verhaltensnavigation, Verhaltensbiometrie, Geräte- und Netzwerkattributen potenzielle, betrügerische Angriffe auf. Auch die Integration mit externen Betrugserkennungs-Plattformen ist möglich. Ping Identity hebt sich von anderen Anbietern zudem dadurch ab, dass es den FIDO-2-Standard nicht nur unterstützt, sondern einen entsprechend zertifizierten Server betreibt. Die Analysten von KuppingerCole sehen auch Schwachpunkte, etwa die nur rudimentäre Verwaltung von Berechtigungen für Verbraucher, die in den meisten Fällen zusätzliche Entwicklungs- und Integrationsarbeit erfordern. Auch die noch in der Entwicklung befindlichen Out-of-the-Box-Konnektoren für erweiterte Business Intelligence, Customer Relationship Management und Marketing-Analytics bemängeln die Analysten – bewerten das Ping-Identity-Offering aber dennoch sehr positiv. Laut Gartner gehört Ping Identity zu den “erschwinglicheren Optionen auf dem CIAM-Markt”. Im August 2023 übernahm der Ping-Identity-Mutterkonzern Thoma Bravo den Sicherheitsanbieter Forge Rock – und integrierte dessen Potfolio in Ping Identity. (fm) Sie wollen weitere interessante Beiträge rund um das Thema IT-Sicherheit lesen? Unser kostenloser Newsletter liefert Ihnen alles, was Sicherheitsentscheider und -experten wissen sollten, direkt in Ihre Inbox. View the full article
  25. Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of the six are rated as critical, carrying CVSS severity scores of 9.4. “These vulnerabilities span multiple attack classes, from remote code execution and command injection to arbitrary file access and cross-site scripting, all targeting a platform that is frequently deployed with access to secrets, credentials, internal APIs, and business-critical logic,” noted Amit Genkin, a security researchers at Israel-based cloud security provider Upwind, who blogged about the vulnerabilities this week. Johannes Ullrich, dean of research at the SANS Institute, said the vulnerabilities affect how n8n sandboxes the processes created by different users, and how the host is protected from users with access to n8n. “This is less of an issue for a single user system,” he said in an email, “but n8n is often installed in shared environments. Given the number and severity of the vulnerabilities, it is fair to assume that this is more or less just the ‘tip of the iceberg’. At this point, multi user n8n deployments should be treated with care.” The discovery is the second major revelation of issues in the n8n platform this year. Four weeks ago, researchers at Cyera published details of a critical vulnerability, after it had been patched, that would allow unauthenticated attackers to completely take over n8n deployments. Also last month, it was learned that threat actors are targeting n8n by planting malicious packages on the npm registry that claim to be legitimate n8n add-ons. CSOs with n8n in their environments and developers using the platform should update to the latest version of the application to close the newly-found holes. The vulnerabilities are: CVE-2026-21893, a command injection hole in the community edition of n8n. An unauthenticated user with administration permission could execute arbitrary system commands on the n8n host. “The risk is amplified by the trust typically placed in community extensions,” Upwinds said in its commentary, “making this a high-impact attack path that directly bridges application-level functionality with host-level execution. It carries a CVSS vulnerability score of 9.4; CVE-2026-25049, which carries a CVSS score of 9.4. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. “Because workflow expressions are a core and commonly used feature in n8n, this flaw significantly lowers the barrier to exploitation and enables full compromise of the underlying host,” commented Upwind in its blog; CVE-2026-25052, which carries a CVSS score of 9.4. A vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance; CVE-2026-25053, which carries a CVSS score of 9.4. This is a vulnerability in the Git node that allows execution of system commands or arbitrary file access; CVE-2026-25051, a cross-site scripting vulnerability in the handling of webhook responses and related HTTP endpoints. It carries a CVSS score of 8.5. Under certain conditions, the n8n Content Security Policy (CSP) sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user with permission to create or modify workflows could abuse this to execute malicious scripts with same-origin privileges when other users interact with the crafted workflow. This could lead to session hijacking and account takeover. CVE-2025-61917, which carries a CVSS score of 7.7. This is an information disclosure vulnerability caused by unsafe buffer allocation in n8n task runners. During an interview, Moshe Hassan, Upwind’s vice-president of research and innovation, estimated that 83% of his firm’s customers use the n8n platform. But, he added, less than 25% use it in production and/or may have it exposed to the web. The rest, he said, are testing it. However, he said those who are evaluating the platform could be at risk if the users enter identity tokens for cloud platforms such as AWS and others as part of their testing. And the fact that large numbers of developers are testing the latest AI-related applications makes it hard for security pros to contain the blast radius of potential vulnerabilities in IT environments, he added. Generally, to contain vulnerabilities, CSOs have to understand the business logic and data flow of any applications in their environments, Hassan noted. However, risk can be lowered through network segregation, he said, and in addition, engineering should be allowed to create sandboxes for thorough testing of applications before they go into production. View the full article

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.