This is a crazy, developing story.
-
This is a crazy, developing story. And here you thought *your* organization's patch management routines were strict: From Christopher Kunz at Heise:
"A serious security vulnerability in the Windchill and FlexPLM products prompted a nationwide police response over the weekend. At the behest of the Federal Criminal Police Office (BKA), officers from across Germany were dispatched to alert affected companies – an unprecedented move. Administrators, whose weekends were disrupted, expressed their irritation – some of whom don't even use the compromised software."
"When the editorial team received a tip late Sunday morning about a critical security vulnerability in Windchill and FlexPLM , it sounded like a routine report: A deserialization vulnerability in specialized software, even with a CVSS score of 10, doesn't cause any alarm at heise security. The situation was apparently quite different at the Federal Criminal Police Office (BKA): By that time, they had already alerted the state criminal police offices (LKA) in various federal states, which dispatched police officers to affected companies during the night. As several readers reported to us in the forum , police officers were standing outside company and private premises in the dead of night."
WTF: Polizei rückte Samstagnacht wegen Zero-Day aus
Wegen der Sicherheitslücke in Windchill und FlexPLM schickten mehrere Landeskriminalämter Polizeibeamte zu betroffenen Unternehmen. Die sind irritiert.
Security (www.heise.de)
-
This is a crazy, developing story. And here you thought *your* organization's patch management routines were strict: From Christopher Kunz at Heise:
"A serious security vulnerability in the Windchill and FlexPLM products prompted a nationwide police response over the weekend. At the behest of the Federal Criminal Police Office (BKA), officers from across Germany were dispatched to alert affected companies – an unprecedented move. Administrators, whose weekends were disrupted, expressed their irritation – some of whom don't even use the compromised software."
"When the editorial team received a tip late Sunday morning about a critical security vulnerability in Windchill and FlexPLM , it sounded like a routine report: A deserialization vulnerability in specialized software, even with a CVSS score of 10, doesn't cause any alarm at heise security. The situation was apparently quite different at the Federal Criminal Police Office (BKA): By that time, they had already alerted the state criminal police offices (LKA) in various federal states, which dispatched police officers to affected companies during the night. As several readers reported to us in the forum , police officers were standing outside company and private premises in the dead of night."
WTF: Polizei rückte Samstagnacht wegen Zero-Day aus
Wegen der Sicherheitslücke in Windchill und FlexPLM schickten mehrere Landeskriminalämter Polizeibeamte zu betroffenen Unternehmen. Die sind irritiert.
Security (www.heise.de)
@briankrebs WindChill and Flex sounds like the opposite of Netflix and Chill
-
This is a crazy, developing story. And here you thought *your* organization's patch management routines were strict: From Christopher Kunz at Heise:
"A serious security vulnerability in the Windchill and FlexPLM products prompted a nationwide police response over the weekend. At the behest of the Federal Criminal Police Office (BKA), officers from across Germany were dispatched to alert affected companies – an unprecedented move. Administrators, whose weekends were disrupted, expressed their irritation – some of whom don't even use the compromised software."
"When the editorial team received a tip late Sunday morning about a critical security vulnerability in Windchill and FlexPLM , it sounded like a routine report: A deserialization vulnerability in specialized software, even with a CVSS score of 10, doesn't cause any alarm at heise security. The situation was apparently quite different at the Federal Criminal Police Office (BKA): By that time, they had already alerted the state criminal police offices (LKA) in various federal states, which dispatched police officers to affected companies during the night. As several readers reported to us in the forum , police officers were standing outside company and private premises in the dead of night."
WTF: Polizei rückte Samstagnacht wegen Zero-Day aus
Wegen der Sicherheitslücke in Windchill und FlexPLM schickten mehrere Landeskriminalämter Polizeibeamte zu betroffenen Unternehmen. Die sind irritiert.
Security (www.heise.de)
@briankrebs news from the department of 'That escalated quickly!"
-
This is a crazy, developing story. And here you thought *your* organization's patch management routines were strict: From Christopher Kunz at Heise:
"A serious security vulnerability in the Windchill and FlexPLM products prompted a nationwide police response over the weekend. At the behest of the Federal Criminal Police Office (BKA), officers from across Germany were dispatched to alert affected companies – an unprecedented move. Administrators, whose weekends were disrupted, expressed their irritation – some of whom don't even use the compromised software."
"When the editorial team received a tip late Sunday morning about a critical security vulnerability in Windchill and FlexPLM , it sounded like a routine report: A deserialization vulnerability in specialized software, even with a CVSS score of 10, doesn't cause any alarm at heise security. The situation was apparently quite different at the Federal Criminal Police Office (BKA): By that time, they had already alerted the state criminal police offices (LKA) in various federal states, which dispatched police officers to affected companies during the night. As several readers reported to us in the forum , police officers were standing outside company and private premises in the dead of night."
WTF: Polizei rückte Samstagnacht wegen Zero-Day aus
Wegen der Sicherheitslücke in Windchill und FlexPLM schickten mehrere Landeskriminalämter Polizeibeamte zu betroffenen Unternehmen. Die sind irritiert.
Security (www.heise.de)
@briankrebs as NIS-2 registration is mandatory for any important or essential company since 06th of March they could've just sent an email or called the contacts listed there...I don't know what made them believe that this is the correct way to respond to this kind of incident.
-
This is a crazy, developing story. And here you thought *your* organization's patch management routines were strict: From Christopher Kunz at Heise:
"A serious security vulnerability in the Windchill and FlexPLM products prompted a nationwide police response over the weekend. At the behest of the Federal Criminal Police Office (BKA), officers from across Germany were dispatched to alert affected companies – an unprecedented move. Administrators, whose weekends were disrupted, expressed their irritation – some of whom don't even use the compromised software."
"When the editorial team received a tip late Sunday morning about a critical security vulnerability in Windchill and FlexPLM , it sounded like a routine report: A deserialization vulnerability in specialized software, even with a CVSS score of 10, doesn't cause any alarm at heise security. The situation was apparently quite different at the Federal Criminal Police Office (BKA): By that time, they had already alerted the state criminal police offices (LKA) in various federal states, which dispatched police officers to affected companies during the night. As several readers reported to us in the forum , police officers were standing outside company and private premises in the dead of night."
WTF: Polizei rückte Samstagnacht wegen Zero-Day aus
Wegen der Sicherheitslücke in Windchill und FlexPLM schickten mehrere Landeskriminalämter Polizeibeamte zu betroffenen Unternehmen. Die sind irritiert.
Security (www.heise.de)
@briankrebs honorable mention: @christopherkunz
-
This is a crazy, developing story. And here you thought *your* organization's patch management routines were strict: From Christopher Kunz at Heise:
"A serious security vulnerability in the Windchill and FlexPLM products prompted a nationwide police response over the weekend. At the behest of the Federal Criminal Police Office (BKA), officers from across Germany were dispatched to alert affected companies – an unprecedented move. Administrators, whose weekends were disrupted, expressed their irritation – some of whom don't even use the compromised software."
"When the editorial team received a tip late Sunday morning about a critical security vulnerability in Windchill and FlexPLM , it sounded like a routine report: A deserialization vulnerability in specialized software, even with a CVSS score of 10, doesn't cause any alarm at heise security. The situation was apparently quite different at the Federal Criminal Police Office (BKA): By that time, they had already alerted the state criminal police offices (LKA) in various federal states, which dispatched police officers to affected companies during the night. As several readers reported to us in the forum , police officers were standing outside company and private premises in the dead of night."
WTF: Polizei rückte Samstagnacht wegen Zero-Day aus
Wegen der Sicherheitslücke in Windchill und FlexPLM schickten mehrere Landeskriminalämter Polizeibeamte zu betroffenen Unternehmen. Die sind irritiert.
Security (www.heise.de)
@briankrebs the colleague pick up the phone Zero dark thirty thought this is a SCAM and asked for authentification, a police car arrived the cops handover a business card from the cyber detective - crazy
-
R relay@relay.an.exchange shared this topic
