Windows update error due to missing Edge browser

Windows[German]Once again, I'm bringing up an issue, that I've already touched on in posts about patchday issues with failed Windows update installations. Errors can occur during Windows update installation if the Microsoft Edge browser is not installed on the system. A blog reader got in touch at the beginning of February 2024 and confirmed another such case.

Continue reading

Posted in Update, Windows | Tagged , , | Leave a comment

Advertising

Zyxel ZLD5.37 Patch2; install immediately to fix vulnerabilities

Sicherheit (Pexels, allgemeine Nutzung)Zyxel has released a security patch "ZLD5.37 Patch2" for its ZyWALL ATP, ZyWALL USG FLEX and ZyWALL VPN solutions on February 20, 2024, which closes the vulnerabilities CVE-2023-6397, CVE-2023-6398, CVE-2023-6399, CVE-2023-676 in the products. Details can be found in the Zyxel security advisory What's New ZLD5.37 Patch2. Thanks to the reader for the hint and the advice to install the update immediately.

Posted in Security, Software | Tagged | Leave a comment

How to find weak passwords in Active Directory and eliminate them with PowerShell

[Sponsored Post]Weak or compromised passwords are a known gateway for attackers. If you are able to identify which users in Active Directory (AD) are threatened by this, then PowerShell can help to remedy it. However, PowerShell scripts cannot eliminate basic AD deficits, other tools are needed for this. More ...

PSI Software fell victim to ransomware on Feb. 15, 2024 – customers probably not at risk

Sicherheit (Pexels, allgemeine Nutzung)[German]Cyber incident at the Berlin-based German software company PSI Software. It was known that they had been the victim of a cyberattack on February 15, 2024 – I had reported on the suspicion and confirmation came later. Now the company has provided some more information. Internally, ransomware has probably done its work on the systems. The suspicion that customer systems (especially in the sector of critical infrastructures) were affected has not yet been confirmed.

Continue reading

Posted in Allgemein | Leave a comment

Advertising

AnyDesk hack: Newly signed clients available; what are your experiences? – Part 12

Sicherheit (Pexels, allgemeine Nutzung)[English]At the begin of February 2024, it became known that the provider of remote maintenance software, AnyDesk, was the victim of a hack of its production environment. I pointed out early on that the hack had already taken place in December 2023. As a result, a certificate change for the digital signing of AnyDesk clients is pending, an old certificate from "philandro Software GmbH" has been recalled and is now invalid. Newly signed clients should be available from February 12 or 13, 2024.

Continue reading

Posted in Security, Software | Tagged , , | Leave a comment

Local Privilege Escalation vulnerability CVE-2024-035 in ESET products fixed

Sicherheit (Pexels, allgemeine Nutzung)[German]On February 8, 2024, ESET updated some of its antivirus products at short notice. The information about a vulnerability was "on hold" until February 14, 2024. ESET has now published a security advisory confirming a Local Privilege Escalation vulnerability in ESET products. This vulnerability was fixed by the updates announced on February 8th.

Continue reading

Posted in Security, Software, Update | Tagged , , | Leave a comment

Advertising

Security incident: 13,000 Wyze camera users see images of other users

Sicherheit (Pexels, allgemeine Nutzung)[German]Security camera vendor, Wyze, recently experienced technical problems. Users reported that they were suddenly shown other people's camera images. The provider has now confirmed the security incident. Around 13,000 users were affected and were shown the camera data of other Wyze camera owners in their streams. It's funny when your own cameras stream to the cloud, where the manufacturer then has to sort out that everything is running correctly.

Continue reading

Posted in Cloud, devices, Security | Tagged , , , | Leave a comment

Operation Cronos: FBI & Co. seized infrastructure of the Lockbit ransomware gang

Sicherheit (Pexels, allgemeine Nutzung)[German]It has been known for a few hours that law enforcement officers have seized some of the Lockbit ransomware gang's infrastructure servers in an internationally coordinated operation (FBI, Europool, etc.) and taken control of them. Official information on "Operation Cronos" is not yet available, and it looks as if there are still servants of the group online. Here is a first overview.

Continue reading

Posted in Security | Tagged | Leave a comment

New Teams 2.0 client doesn't ask for password for re-login

Teams[German]A reader has pointed out to me that there is a behavior that should make it possible to bypass authentication with the user account on the client. Specifically, a third party can log in to the account again without entering a password, after a user logs out. It's a problem of single sign on. I'll put the reader's information up for discussion.

Continue reading

Posted in Security, Software | Tagged , | 3 Comments

Advertising

OneDrive trap: Some folder names can prevent synchronization

[German]In OneDrive is lurking a trap when choosing names for files and folders. With the wrong names, the synchronization of files between OneDrive storage and the system's local storage fails. The whole thing doesn't seem to have been properly documented by Microsoft either.

Continue reading

Posted in Cloud, issue | Tagged , | Leave a comment

Edge 121.0.2277.128

Edge[German]Microsoft has released another update of the Edge (Chromium) browser with version 121.0.2277.128 in the stable channel on February 15, 2024. It is an update that closes vulnerabilities (from the Chromium browser) and fixes an import error. Continue reading

Posted in browser | Tagged | Leave a comment