Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
WordPress: 800,000 websites compromisable by All in One SEO plugin
[German]The popular WordPress plugin All in One SEO has two vulnerabilities (CVE-2021-25036 and CVE-2021-25037), which make the corresponding installations vulnerable. Since the plugin is quite popular, you should immediately look to get an updated version. Otherwise, the WordPress instance will … Continue reading
Microsoft warns against Active Directory domain takeover due to unpatched vulnerabilities
[German]Microsoft warned of a new threat in a Techcommunity post on December 20, 2021. In November 2021 patchday, vulnerabilities CVE-2021-42287 and CVE-2021-42278 were fixed by Windows updates. Since December 2021, a proof of concept (PoC) has been available that abuses … Continue reading
Ransomware attacks on CompuGroup Medical SE & Co. KGaA
[German]CompuGroup Medical SE & Co. KGaA, a major medical services provider, has been the victim of a cyberattack. The Koblenz-based medical services provider admitted as much on Monday, Dec. 20, 2021. The internal IT systems are likely affected, which should … Continue reading
Vulnerabilities CVE-2021-3922, CVE-2021-3969 in ImController of Lenovo Notebooks
[German]Lenovo notebooks and devices that use the ImController service are vulnerable to a privilege escation vulnerability. This can allow attackers to execute commands with administrator privileges on the devices. However, there is an update to address both vulnerabilities.
Belgian Ministry of Defense affected by Log4j?
[German]The vulnerability CVE-2021-44228 in the JAVA library log4j is drawing wider circles. The Belgian Ministry of Defense may have shut down its networks after a serious cyberattack, admitting as much in the night from Sunday to Monday. Reports suggests that … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Data protection incident at erotic store Amorelie (Dec. 2021)
[German]The erotic mail order company Amorelie has just informed its customers about a data protection incident. Customer data from orders for seven years had been accessible to unauthorized third parties through a vulnerability frome March up to November 2021. There … Continue reading
CPUID Enumerator and Decoder: Virus-free, but flagged by Virustotal
[German]Within this blog post I will outline the risk, users are facing by trusting anti virus scanners. Security expert Stefan Kanthak outlined a case to me, that shows, that you can't trust most virus scanners. Sometimes the don't detect malicious … Continue reading
Dell Windows drivers still vulnerable to kernel attacks
[German]Users of Dell systems are still at risk of having their Windows systems compromised via Dell drivers through kernel attacks. The problem was supposed to be fixed by updates as early as May 2021. However, security researchers from Rapid7 are … Continue reading
Analysis: How TeamTNT compromises Docker Hub accounts
[German]Security vendor Trend Micro has published a report highlighting how threat actor TeamTNT is going about compromising Docker Hub accounts. This is a follow up article, after they wrote about compromised Docker hub account abused for crypto mining. If anyone … Continue reading
Microsoft Security Update Revisions Dec. 14./16. 2021
Microsoft released some Security Update revisions to vulnerabilities on December 14 and 16. I am simply posting the relevant information as an uncommented addendum on the blog for your information.