Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Exchange Server: Microsofts improves solutions for 0-day mitigation again (October 8, 2022)
[German]One more addendum regarding On-Premises Exchange Server (2016-2019) and the two 0-Day vulnerabilities (CVE-2022-41040, CVE-2022-41082) known since the end of September 2022. As of the weekend (October 8, 2022), Microsoft had again tweaked its articles to mitigate these vulnerabilities. In … Continue reading
US President Biden signs Executive Order for "Privacy Shield 2.0" data protection agreement
[German]On October 7, 2022, U.S. President Joe Biden launched the new data protection agreement with the European Union, referred to here as "Privacy Shield 2.0," by means of an Executive Order (E.O.). This is intended to clear the legal way … Continue reading
Meta finds over 400 mobile apps stealing Facebook credentials in 2022
[German]Facebook parent company Meta said that it's security researcher has already identified more than 400 malicious mobile apps this year that are out to steal their users' Facebook credentials. The problem could affect 1 million Facebook users who have installed … Continue reading
U.S. authorities publish top 20 vulnerabilities exploited by China's state hackers
[German]In a joint Cybersecurity Advisory (CSA), the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) released a list of key vulnerabilities (CVEs) exploited by state-sponsored cyber actors in the People's Republic … Continue reading
Warning: Sophos XG firewall vulnerability CVE-2022-3236 under massive attack
[German]A few hours ago, information came to my attention on Twitter that the RCE vulnerability CVE-2022-3236 in Sophos XG Firewalls is under massive attack. I had reported about the vulnerability in September 2022 and recommended patching it immediately. Here are … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
German security vendor DCSO finds Maggie backdoor in MS SQL servers
[German]Technical threat research experts from German security firm DCSO recently came across a new type of backdoor. Dubbed Maggie, the malware targets Microsoft SQL servers, and an analysis found hundreds of infected installations worldwide. Here is a brief overview of … Continue reading
Exchange Server: Microsoft updates it's mitigation for the 0-day ProxyNotShell vulnerability (October 5, 2022)
[German]It's becoming somewhat like a never-ending story. Two 0-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) in Microsoft's on-premises Exchange Servers (2013, 2016, and 2019) have been known since late September 2022. The vulnerabilities, known as ProxyNotShell, are already being exploited in the wild. … Continue reading
Microsoft's 0-day protection bypassed, new assessments (Oct. 3, 2022)
[German]A 0-day vulnerability (ZDI-CAN-18333) in Microsoft's on-premises Exchange Servers (2013, 2016, and 2019) has been known since late September 2022. The vulnerabilities (CVE-2022-41040, CVE-2022-41082) are already being exploited in the wild. Microsoft did respond and published a workaround as well … Continue reading
Chrome 106.0.5249.91 released
[German]Google has released the Google Chrome 106.0.5249.91 update for Mac and Windows on September 30, 2022. Both the Stable Channel and the Extended Stable Channel will receive this security update. It is a bug fix update that addresses vulnerabilities.
Update on Exchange Server 0-day Vulnerability ZDI-CAN-18333: Fixes, Scripts and EMS Solution
[German]The 0-day vulnerability ZDI-CAN-18333 in Microsoft's on-premises Exchange Servers (2013, 2016 and 2019) became public at the end of September. The vulnerabilities (CVE-2022-41040, CVE-2022-41082) are already being exploited in the wild. Now Microsoft is rolling out URI rewrite rules via … Continue reading