Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Authentication Vulnerability CVE-2021-20090 in Arcadyan-based Routers and Modems
[German]Routers and modems from the Taiwan-based manufacturer Arcadyan have a CVE-2021-20090 vulnerability that can be used to bypass authentication. The routers and modems are sold under many trade names by other manufacturers.
27 U.S. Attorney's Offices Affected by SolarWinds Hack
[German]New information on SolarWinds supply chain attack on Orion software. Tens of thousands of companies and organizations around the world were compromised via the attack, which was suspected to be attributed to Russian state-related hackers. The U.S. Department of Justice … Continue reading
Microsoft Security Update Revisions (July 29, 2021)
[German]Brief information for Windows admins in the corporate environment. Microsoft has released the night of 7/29/2021 revised security updates to mitigate NTLM Relay attacks on Active Directory certificates and vulnerability CVE-2021-36934 (Windows Elevation of Privilege Vulnerability, HiveNightmare). I'll post it … Continue reading
Microsoft Edge 92: Security Baseline available
[German]Quick announcement for administrators in the corporate environment. As of July 26, 2021, Microsoft has announced the availability of the Security Baseline for Microsoft Edge version 92 (see the Techcommunity post Security baseline for Microsoft Edge v92). In the new … Continue reading
RemotePotato0: Privilege Escalation Vulnerability in Windows RPC Protocol
[German]Every Windows system is vulnerable to a specific NTLM relay attack that could allow attackers to escalate privileges from user to domain admin. This vulnerability has a status of "not being fixed" and was the subject of the PetitPotam approach … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Kaseya allegedly demands NDA against decryption tool
U.S. manufacturer Kaseya was the victim of a supply chain attack, and as a result, systems belonging to about 1,500 customers were encrypted with ransomware. Kaseya said this week that it has a universal decryptor to decrypt customer files. Affected … Continue reading
Security Updates for Cisco Intersight Virtual Appliance
[German]Several vulnerabilities (CVE-2021-1600, CVE-2021-1601) exist in IPv4 and IPv6 forwarding in the Cisco Intersight Virtual Appliance. These vulnerabilities could allow an unauthenticated, adjacent attacker to access sensitive internal services through an external interface. However, Cisco has since provided security updates … Continue reading
Microsoft's mitigations of Windows PetitPotam NTLM relay attacks
[German]Yesterday, July 24, 2021, I had reported about a new attack vector called PetitPotam that can be used to take over Windows domain controllers by means of an NTLM relay attack (see my post PetitPotam attack allows Windows domain takeover). … Continue reading
Warning: Fake Windows 11 installer ships malware
[German]The curiosity about Windows 11 tempts some users to install pre-release versions on their computers. This is not a problem, as there are corresponding installation images directly from Microsoft for Windows Insiders as regular updates for Windows 10 machines. However, … Continue reading
LemonDuck and LemonCat malware boost activity
[German]LemonDuck and LemonCat is malware that both acts as a bot and mines crypto-money. LemonDuck can run on different platforms (Linux, Windows), threatening machines on corporate networks. According to Microsoft, this malware has been poorly documented so far, which is … Continue reading