Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
QNAP: DeadBolt attacks via vulnerability patched in December 2021
[German]The question why NAS manufacturer QNAP recently updated its devices via forced update has now been answered. The attacks by the DeadBolt ransomware that took place in January 2022 were only possible if the NAS owners made them accessible on … Continue reading
Posted in devices, Security, Software, Update
Tagged devices, NAS, Ransomware, Security
Leave a comment
Windows 10: Proof of Concept for vulnerability CVE-2022-21882
[German]In January 2022, Microsoft closed the CVE-2022-21882 (Win32k Privilege Escalation) vulnerability in Windows 10/11 and Windows Server 20H2 on Patchday. However, the patch was not installed everywhere because of the many collateral damages. Now a public proof of concept (PoC) … Continue reading
Linux: Microsoft recommendation on enforcement mode against Active Directory takeover may cause issues
[German]Microsoft recommends installing the November 2021 security updates on Windows servers that operate as DCs as protection against a domain takeover caused by the vulnerabilities CVE-2021-42287 and CVE-2021-42278. And Micrsooft also recommends enabling so-called enforcement mode to protect against the … Continue reading
Over 20,000 HPE Proliant servers with outdated iLO accessible via the Internet
[German]Advisory for administrators of HPE Proliant servers running outdated or unpatched HPEs Integrated Lights-out versions. The Internet Storm Center (SANS ISC) warned this week that more than 20,000 HPE Proliant servers were accessible via the Internet. Wouldn't be such a … Continue reading
Microsoft Microsoft Security Update Revisions (Jan. 27, 2022)
[German]Microsoft released last night an an email about various revisions to its security advisories. It is about a Windows DCOM server vulnerability and Defender for IoT vulnerabilities. However, everything is only of an informal nature, Microsoft has only adjusted the … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
SANS ISC warns: Malicious ISO file embedded in HTML page (Jan 2022)
[German]The Internet Storm Center (SANS ISC) warns about some new attack scam that is attempted via phishing emails. The attackers are trying to distribute malicious content to users via an ISO file embedded in an HTML page. What was interesting … Continue reading
Let's Encrypt withdraws certain certificates on Jan. 28, 2022
[German]Brief information for administrators who use certificates from the non-profit certification authority Let's Encrypt. Let's Encrypt will revoke certain certificates as of 28. Jan. 2022. The background for the revoke of the max. 90 days old certificates is a bug … Continue reading
Status of January 2022 security updates from Microsoft (2022/01/25)
[German]We are in the so-called D-Week, regarding updates by Microsoft for products like Windows or Office. Whether there are (preview) updates today that anticipate the patches for February 2022, I don't know. But after there were massive problems with the … Continue reading
Trend Micro Worry Free Business Security Critical Patch 2380 and free disc space
[German]Security vendor Trend Micro has released a critical update 2380 for its Worry Free Business Security (WFBS). The patch is intended to fix a security issue in a component that makes the antivirus solution vulnerable to attack. What it doesn't … Continue reading
Critical vulnerability CVE-2021-44738 in Lexmark printers (Jan. 2022)
[German]A critical vulnerability CVE-2021-44738 has been found in the PostScript interpreter of various Lexmark printers. The manufacturer warns about this vulnerability, which allows remote code execution, in a security advisory and provides a firmware update to close the vulnerability. Here … Continue reading