Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Azure: Thousands of customers threatened by ChaosDB vulnerability in Azure Cosmos DB
[German]Heavy blow for users of the Microsoft Azure cloud if a Cosmos DB is involved (the DB stands for Data Breach, just no one has noticed yet). There was a severe vulnerability (now closed) that allowed attackers to take over … Continue reading
Synology warns about OpenSSL vulnerability in products (August 26, 2021)
[German]Synology has issued a security warning for its products as of August 26, 2021. Multiple vulnerabilities allow remote attackers to perform denial-of-service attacks or execute arbitrary code via a vulnerable version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), … Continue reading
Microsoft Security Update Releases and Revisions (2021/08/23)
[German]Microsoft has published two documents with Security Update Releases and Security Update Revisions as of August 23, 2021. The Security Update Releases affect Chromium browsers such as Edge, and identify vulnerabilities that have been patched. The Security Update Revisions concern … Continue reading
Exchange and ProxyShell: News from Microsoft and security experts
[German]I have reported several times on attacks on unpatched on-premises Exchange servers using the ProxyShell method in the blog. Now Microsoft has commented on this in an article and indicates which systems are at risk. In addition, I have received … Continue reading
Vulnerabilities in Realtek SDK put IoT devices at risk
[German]Security researchers at IoT Inspector have found multiple vulnerabilities in a Realtek SDK that allow unauthenticated attackers to fully compromise a device and execute arbitrary code with the highest privileges. The SDK is used by many OEMs to implement WiFi … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
VMware security updates (August 2021)
[German]VMware has released security updates to address vulnerabilities in several products. An attacker could exploit some of these vulnerabilities to take control of an affected system. VMware vRealize Operations, VMware Cloud Foundation and vRealize Suite Lifecycle Manager are affected. US-CERT … Continue reading
SteelSeries software enables admin rights (LPE) on Windows
[German]After the Razer case, the next clunker has now come to light. After it became known that standard users can become administrators with Razer mice via the driver installation, a security researcher took a closer look at the SteelSeries device … Continue reading
ProxyShell, ProxyLogon and Microsoft's contradictious Exchange doc for virus scan exceptions
[German]On August 20, 2021, Microsoft published recommendations on the subject of virus protection for on-premises Microsoft Exchange Servers. Recommendations are also given there regarding the exclusion of certain folders from virus scanning. On the other hand, we are experiencing waves … Continue reading
(eMail-) Encryption with StartTLS as a security risk
[German]The encryption method StartTLS, which can be used in network communication, especially for e-mails, has a number of vulnerabilities that make it possible to break open communication by stealing access data, for example. This was already proven by German security … Continue reading
38 million records exposed by Microsoft Power Apps
[German]I've been waiting for something like this to happen for a while now. Misconfigured Microsoft Power Apps exposed 38 million records of sensitive data. Forty-seven government agencies and companies are affected, as security researchers at UpGuard discovered in May 2021 … Continue reading