Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Sponsors
(Paypal-Donations)
Category Archives: Security
Vulnerability in 100 million IP cameras from Hikvision and OEMs
[German]A command injection vulnerability exists in the web server of some Hikvision products due to insufficient input validation. Unauthorized persons could send messages with malicious commands to the web server via this vulnerability. The manufacturer has provided a firmware update … Continue reading
Advertising
Microsoft Exchange autodiscover design flaw leaks credentials to third party instances
[German]Security researchers at Guardicore have discovered a design flaw in Microsoft Exchange autodiscover protocol that allows attackers to use external autodiscover domains to harvest domain credentials. This is possible because autodiscover domains outside the user’s domain (but still in the … Continue reading
Windows PrintNightmare: Status, issues and workarounds (Sept. 22, 2021)
[German]Since the patchday of September 14, 2021, when further security updates to close the PrintNightmare vulnerabilities are delivered, there are massive problems with network printers in some environments. The background is that Microsoft implemented certain security measures in August and … Continue reading
Chrome 94.0.4606.54
[German]Google has released the stable version of Google Chrome 94.0.4606.54 for Windows, Mac and Linux on September 21, 2021. It is a security update that closes 19 vulnerabilities. Here’s a quick overview of what to expect from the update. Advertising
Healthcare facilities prime target for ransomware attacks
[German]Healthcare facilities are likely to be the main target of ransomware attacks in 2020, as Unit 42 of security firm Palo Alto Networks found out and published in a Thread report. It is believed that cyber criminals targeted the facilities … Continue reading
Advertising
MikroTik Security Advice (CVE-2018-14847)
[German]Router manufacturer MikroTik has published a security advisory on how to protect its devices against a takeover by the Meris botnet. The Meris gang exploits the CVE-2018-14847 vulnerability, discovered in 2018 and patched long ago, to take over devices and … Continue reading
Malware targets the Windows Subsystem for Linux (WSL)
[German]Security researchers from Lumen’s Black Lotus Labs have come across several malware samples that can infect the Windows subsystem for Linux and then switch to the native Windows environment. Experts had outlined this scenario back in 2017. Thus, the Microsoft … Continue reading
Microsoft Edge 93.0.961.52
[German]Microsoft has released a security advisory for the Edge browser as of September 16, 2021, updating the browser to version 93.0.961.52. The update also closed the CVE-2021-30633 vulnerability, which is actively exploited, according to the release notes. The browser should … Continue reading
Advertising
Bitdefender provides universal REvil decryptor
[German]Hope for victims of REvil/Sodinokibi ransomware attacks who have lost access to encrypted data. Security vendor Bitdefender has succeeded in developing a universal REvil decryptor in cooperation with law enforcement agencies. The REvil Decryptor helps with all files that were … Continue reading
Patch day recap Sept. 2021: Update on MSHTML vulnerability CVE-2021-40444
[German]The vulnerability CVE-2021-40444 in the Windows MSHTML library has been known public since September 7, 2021. Actors attempt to attack Windows machines via this vulnerability using manipulated Office files. As of September 14, 2021, Microsoft has addressed the vulnerability in … Continue reading
Posted in Office, Security, Update, Windows
Tagged Internet Explorer, Office, Patchday 9.2021, Security, Update, Windows
Leave a comment
