Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Meltdown-like vulnerability in AMD Zen+ and Zen 2
[German]Security researchers have uncovered a vulnerability in AMD Zen+ and Zen 2 CPUs that is similar to the Meltdown vulnerability in Intel processors. AMD has created a mitigation guide for the vulnerability and published details on how the vulnerability works.
Exchange Server: Authentication bypass with ProxyToken
[German]In the April 2021 cumulative updates, Microsoft fixed a vulnerability in its on-premises Exchange servers that allowed attackers to change configuration without authentication. This would have allowed an unauthenticated attacker to change the configuration for mailboxes of arbitrary users. This … Continue reading
Master decryptor key published
[German]Victims of the Ragnarok ransomware, whose data was encrypted during an attack, can hope again. After the cyber-criminal has just ceased its operations, the master decryptor key has been published. With it, the encrypted files should be able to be … Continue reading
Azure: Thousands of customers threatened by ChaosDB vulnerability in Azure Cosmos DB
[German]Heavy blow for users of the Microsoft Azure cloud if a Cosmos DB is involved (the DB stands for Data Breach, just no one has noticed yet). There was a severe vulnerability (now closed) that allowed attackers to take over … Continue reading
Synology warns about OpenSSL vulnerability in products (August 26, 2021)
[German]Synology has issued a security warning for its products as of August 26, 2021. Multiple vulnerabilities allow remote attackers to perform denial-of-service attacks or execute arbitrary code via a vulnerable version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Microsoft Security Update Releases and Revisions (2021/08/23)
[German]Microsoft has published two documents with Security Update Releases and Security Update Revisions as of August 23, 2021. The Security Update Releases affect Chromium browsers such as Edge, and identify vulnerabilities that have been patched. The Security Update Revisions concern … Continue reading
Exchange and ProxyShell: News from Microsoft and security experts
[German]I have reported several times on attacks on unpatched on-premises Exchange servers using the ProxyShell method in the blog. Now Microsoft has commented on this in an article and indicates which systems are at risk. In addition, I have received … Continue reading
Vulnerabilities in Realtek SDK put IoT devices at risk
[German]Security researchers at IoT Inspector have found multiple vulnerabilities in a Realtek SDK that allow unauthenticated attackers to fully compromise a device and execute arbitrary code with the highest privileges. The SDK is used by many OEMs to implement WiFi … Continue reading
VMware security updates (August 2021)
[German]VMware has released security updates to address vulnerabilities in several products. An attacker could exploit some of these vulnerabilities to take control of an affected system. VMware vRealize Operations, VMware Cloud Foundation and vRealize Suite Lifecycle Manager are affected. US-CERT … Continue reading
SteelSeries software enables admin rights (LPE) on Windows
[German]After the Razer case, the next clunker has now come to light. After it became known that standard users can become administrators with Razer mice via the driver installation, a security researcher took a closer look at the SteelSeries device … Continue reading