Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Microsoft Security Update Revisions (April 19, 2022)
Brief addendum from last week. Microsoft has released some Microsoft Security Update revisions for April 19, 2022, which are changes to the documentation of various security updates. Here is an uncommented overview.
ESET finds 3 critical vulnerabilities in UEFI of Lenovo consumer notebooks
[German]Users of Lenovo notebooks should react. Security vendor ESET has just announced that it has discovered three vulnerabilities (CVE-2021-3970, CVE-2021-3971, CVE-2021-3972) in the UEFI of Lenovo consumer notebooks that are rated as highly problematic from a security perspective. The exploit … Continue reading
Free Decryptor for Yanlouwang Ransomware
[German]Security vendor Kaspersky has discovered a vulnerability in the encryption of the Yanlouwang ransomware. As a result of this vulnerability, the encryption of files can be cracked under certain circumstances. Anyway, a free decryptor for Yanlouwang ransomware is available. However, … Continue reading
7-Zip vulnerability CVE-2022-29072 *doesn't* allows system privileges
[German]A vulnerability CVE-2022-29072 (heap overflow) exists in the 7-Zip application up to version 21.07, which allows privilege escalation on Windows. This could allow an attacker to gain system privileges and then compromise the system at will. Here is some information … Continue reading
Microsoft Security Update Revisions (April 15, 2022)
Short addendum from last week. Microsoft has released some Microsoft Security Update Revisions for April 15, 2022, which are changes to the documentation of various security updates in GRUB as well as in Power BI Report Server. Here is an … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
CISA Warning: New APT Cyber Tools Targets ICS/SCADA Systems
[German]There is a warning from CISA and other organizations in the U.S. aimed at manufacturers and operators of process control systems and controllers (ICS/SCADA systems). Cyber groups (APTs) have developed new attack tools with which they can attack various industrial … Continue reading
Microsoft Edge 100.0.1185.44 Emergency Patch
[German]Microsoft has updated the Chromium Edge browser to version Edge 100.0.1185.44 as of April 15, 2022. This is an emergency update that closes the CVE-2022-1364 vulnerability (see also this page and the blog post Chrome 100.0.4896.127 fixes 0-day vulnerability CVE-2022-1364). … Continue reading
Comments on NGINX vulnerabilities in LDAP reference implementation (April 2022).
[German]On April 9, 2022, 0-day exploit exploiting vulnerabilities in LPAP NGINX implementation became known. Spontaneously the question came up if you have to react now if you use NGINX in your environment. A blog reader sent me a note the … Continue reading
Spring4Shell Vulnerability: Analysis and Mirai Botnet uses Spring4Shell
[German]A vulnerability called Spring4Shell in the Java Spring Framework has been known for a few days. VMware has been providing patches for its products since the beginning of April 2022. It is now known that the Mirai botnet exploits the … Continue reading
Chrome 100.0.4896.127 fixes 0-day vulnerability CVE-2022-1364
[German]Google has released updates to Google Chrome 100.0.4896.127 for Android, as well as for Windows and Mac on the desktop in the stable channel as of April 14, 2022. The update closes the 0-day vulnerability CVE-2022-1364, for which an expliit … Continue reading