Security vulnerabilities in VPN products from Check Point Security, an Israeli IT security provider, remain unpatched for many users in Germany. The Bundesamt für Sicherheit in der Informationstechnik (BSI - Federal Office for Information Technology Security) and the Bundesamt für Verfassungsschutz (BfV - Federal Office for the Protection of the Constitution) are urging IT administrators to install available updates more quickly, including for Outlook and Codesys.
Of the approximately 1,700 identified users of Check Point's security gateway products, only about half had installed the update that has been available for several weeks, thus closing a critical loophole, while others are slow to do so. This situation was reported by Sinan Selene, Vice-President of the BfV, at the Potsdam National Cybersecurity Conference.
For nearly three weeks, authorities have been investigating an incident which occurred at the headquarters of the CDU, a German political party. Neither the BSI nor the BfV have yet attributed the attack to specific perpetrators. The flaw could be used to compromise calendar data, contacts, and emails, depending on their configuration. Other access options depend on the conditions and security mechanisms of the respective networks.
According to Sinan Selen, many companies that are considered critical or essential to the country’s infrastructure (KRITIS) have yet to fully adopt new security practices. In addition to the CDU event, other successful attacks, which also exploited the Check Point vulnerability, have been reported in critical sectors.
Claudia Plattner, President of the BSI, has also called for faster and more consistent updates, pointing out that the number of unpatched systems is too high and that 37,000 vulnerable Exchange servers represents a major problem. She also called for greater automation in IT processes.
And in France, are we sufficiently protected?
The recent alerts in Germany, pertaining to unpatched vulnerabilities in security systems, also raise worrying questions about the state of cybersecurity in France. Have French companies and administrations taken the necessary measures to protect themselves against these threats? Could slow implementation of security updates expose France’s critical infrastructures to
similar risks?
To read the full article: https://lnkd.in/d7Wqyk_k