Category Archives: Security

Revised Firmware update Sophos UTM 9.703-3 released

Posted on 2020-04-27 by guenni

[German]There have been problems with the firmware update for Sophos UTM 9.703, as well as with the update for Sophos XG Firewall v18 MR1. The patches were then withdrawn by Sophos. Now the revision Sophos UTM 9.703-3 has been released … Continue reading

Posted in Security, Software, Update | Tagged , , , | Leave a comment

French Kinomap app and the data leak

Posted on 2020-04-27 by guenni

[German]French provider Kinomap suffers a data leak, where an unprotected database contained about 42 million records (40 GB) of user data was reachable unprotected on the Internet.

Posted in Security, Software | Tagged , | Leave a comment

Android: Secret network of 27 app developers

Posted on 2020-04-27 by guenni

[German]Security researchers have uncovered a secret network of 27 developers who have posted a total of 103 'potentially malicious' apps with 69 million downloads on the Google Play Store. The apps have now been largely removed from the Play Store … Continue reading

Posted in Android, Security | Tagged , , | Leave a comment

Apple denies accuracy of 0-day mail bug report

Posted on 2020-04-25 by guenni

[German]Is the there anything wrong with the report about two 0-day vulnerabilities in iOS that allow iPhones and iPads to be 'taken over' by mail? At least Apple and Sophos have doubts about the report released this week by a … Continue reading

Posted in devices, ios, Security | Tagged , | Leave a comment

Backdoor: NSA and ASD warn of vulnerabilities

Posted on 2020-04-25 by guenni

[German]The US secret service NSA and the Australian secret service have issued a joint warning. Hackers are increasingly trying to exploit unpatched vulnerabilities in products to infiltrate systems via web shell malware.

Posted in Security, Software | Tagged , | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

PoC for Windows 10 Vulnerability CVE-2020-0624

Posted on 2020-04-24 by guenni

[German]On patchday, January 14, 2020, Microsoft has closed the vulnerability CVE-2020-0624 (Win32k Elevation of Privilege) with security updates. Now I have found a Proof of Concept (PoC).

Posted in Security, Windows | Tagged , , , | Leave a comment

Security: Data leaks, Malware, Vulnerabilities (04/24)

Posted on 2020-04-24 by guenni

[German]Today again an overview of security issues in IT. It's about a data leak at a startup that does payment processing, about weaknesses in smart home and compromised apps up to a hacked ad server.

Posted in Security | Tagged | Leave a comment

Cisco AnyConnect Secure Mobility Client Vulnerability CVE-2020-3153

Posted on 2020-04-23 by guenni

[German]The Windows version of Cisco AnyConnect Secure Mobility client has a vulnerability in it's auto update, that can be misused for privilege escalation. A patch is available.

Posted in Security, Software, Update, Windows | Tagged , , | Leave a comment

0-day Exploits in iOS Mail

Posted on 2020-04-23 by guenni

[German]Security researchers have found two 0-day exploits in virtually all iOS versions (iOS 6 through 13) that allow remote code execution (RCE) via mail. The vulnerabilities are likely to be actively exploited.

Posted in Security | Tagged , | Leave a comment

0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2

Posted on 2020-04-23 by guenni

[German]ACROS Security has released a micropatch for the memory corruption vulnerability CVE-2020-0687 in TTF fonts for Windows 7 and Server 2008 R2 (without ESU).

Posted in Security, Windows | Tagged , , , , | Leave a comment