Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Ransomware attack in German hospital ends deadly for a women – blame Shitrix vulnerability
[German]The cyber attack on the University Hospital Düsseldorf (UKD) last week turns out to be a ransomware attack, as I suspected. The clinic was probably a random victim, but now the public prosecutor's office is investigating, since a patient died … Continue reading
Exchange Server: Remote Code Execution Vulnerability CVE-2020-16875
[German]Administrators of Microsoft Echange Server should take care of patching the remote code execution vulnerability CVE-2020-16875. The details or exploits have now been published. But patches has been available since September 8, 2020.
Microsoft 365: Multi-factor authentication bypassed
[German]That does not sound very good. Newly discovered vulnerabilities in Microsoft 365 make it possible to bypass multi-factor authentication. Security researchers from Proofpoint have just released this information.
Windows Server: Zerologon vulnerability (CVE-2020-1472) allows domain hijacking
[German]Security researchers have uncovered a vulnerability in all versions of Windows Server that allows domain transfer with a simple approach. This vulnerability, called Zerologon (CVE-2020-1472), was closed with the security updates of August 2020. Those who have not yet installed … Continue reading
0patch fixes CVE-2020-1380 in Windows 7/Server 2008 R2
[German]ACROS Security has released a micropatch for the vulnerability CVE-2020-1380 (Internet Explorer scripting engine memory corruption ) for Windows 7 and Server 2008 R2 (without ESU license). The vulnerability is now being exploited.
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Data leak at online shop windeln.de
[German]German online shop windeln.de operated an insecure Elastic-Search server so that the personal data of 700,000 customers could be accessed via Internet. Here are details what I know so far (what the security researcher has told me).
Mailfire data leak reveals data from adult sites
[German]There is once again a data leak to report, but it is likely to be minor for those affected – because security researchers have discovered the data leak. The marketing company Mailfire acting on Cyprus revealed data of over 70 … Continue reading
Windows 10: Activated Hyper-V /Sandbox creates a 0-day Exploit
[German]A reverse engineer bumped a vulnerability in Windows 10 in conjunction with the Hyper-V/Sandbox feature. Activating Hyper-V or the sandbox opens a 0-day vulnerability that can be used to attack the system.
Edge 85.0.564.51 released
[German]Microsoft has updated the Chromium Edge Browser to version 85.0.564.51 on September 9, 2020. According to ADV200002 this version fixes a number of critical vulnerabilities: CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959. The browser is based on Chromium version 85.0.4183.102 and should update … Continue reading
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
[German]ACROS Security has released a micropatch for the vulnerability CVE-2020-1530 (Use-after-free bug in Windows Remote Access Phonebook) for Windows 7 and Server 2008 R2 (without ESU license).