Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Europol took action against DoublePaymer cyber gang
[German]International investigators and law enforcement (FBI, Europool, German LKA, etc.) have succeeded in identifying members of a cybergang that operated under the names "DoppelSpider" and "DoppelPaymer". The cybergang was responsible for ransomware attacks on companies and the University Hospital in … Continue reading
Security: DJI drones and it's AeroScope vulnerabilities
[German]Drones from the Chinese manufacturer DJI have vulnerabilities that allow third parties to read radio traffic and determine the location of the drone pilot. This vulnerability comes from a monitoring feature called AeroScope (DroneID), developed by the manufacturer for "law … Continue reading
Critical vulnerability CVE-2023-0656 in SonicWall firewalls
[German]SonicWall has issued a security alert SNWLID-2023-0004 as of March 2, 2023. Several applications are at risk from critical vulnerability CVE-2023-0656. A stack-based buffer overflow vulnerability in SonicOS allows an unauthenticated attacker to remotely cause a denial of service (DoS) … Continue reading
DCOM hardening (CVE-2021-26414) on March 14, 2023 patchday for Windows 10/11 and Server
[German]Just a reminder for administrators of Windows in enterprise environments. There is a vulnerability in Microsoft's Windows DCOM implementation (Windows DCOM Server Security Feature Bypass, CVE-2021-26414) that allowed security features to be bypassed. Microsoft documented this in 2021, and patched … Continue reading
Busted: Instagram influencer with 40 million followers uses Russian Zeus bot
[English]Security researchers have come across an open Cassandra database instance that probably contained data from the Russian website instarobot.pro. The website is known for offering services for spamming and botting on Instagram under the name Zeus. The records also included … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Reminder: Changes to Certificate-Based Authentication for Domain Controllers in April 2023
[German]It is still a few weeks until the April 2023 patchday. However, I would like to remind administrators who are responsible for updating Windows Domain Controllers about a topic in the Domain Controller area. It is about the fact that … Continue reading
Review of the VMware ESXi server cyberdebacle (Feb. 2023)
[German]A brief flashback to February 2023 – since the beginning of the year, numerous VMware ESXi servers have been hijacked via a known vulnerability that has long since been closed. This VMware ESXi vulnerability has a huge threat potential and … Continue reading
Windows security updates against Intel silicon vulnerabilities (March 2, 2023)
[German]Microsoft has released special updates for Windows versions still in support on March 2, 2023. These are supposed to fix vulnerabilities (Speculative Execution Control and side-channel attacks) in Intel's CPUs. These vulnerabilities in Intel processors have been known since last … Continue reading
BlackLotus UEFI bootkit bypasses Secure Boot in Windows 11
[German]Security researchers from ESET have discovered a malware in the wild that hijacks the UEFI and has been christened BlackLotus. BlackLotus is believed to be the first UEFI bootkit malware in the wild that can bypass Secure Boot on Windows … Continue reading
LastPass hack via developer's private PC
[German]LastPass was the victim of two hacks in 2022, in which attackers gained access to its infrastructure. At first, it was said that the development environment had "only been hacked". Then the extent of the attack and a second attack … Continue reading