Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Shimano is a victim of the Lockbit 3.0 ransomware (Nov. 2023)
[German]Japanese manufacturer Shimano is probably familiar to every cyclist. Now the company has become a victim of Lockbit ransomware. At the very least, the Lockbit group has posted a corresponding publication on its leak page and threatened to publish data … Continue reading
Lego marketplace BrickLink probably hacked
[German]The popular online marketplace for Lego® bricks, Bricklink, is suspected to have been the victim of a cyber attack. The marketplace has currently been taken offline and states "Maintenance in progress" on its homepage. Individual accounts are probably posting messages … Continue reading
Microsoft Exchange: Four 0-day Exchange vulnerabilities allows RCE attacs and data thief
[English]Trend Micro's Zero Day Initiative (ZDI) has just published four unpatched vulnerabilities (so-called 0-Days) in Microsoft Exchange. These were reported to Microsoft in September 2023 and ZDI classifies them with CVSS scores of 7.1 to 7.5. Microsoft's security experts do … Continue reading
Edge 119.0.2151.44 / 118.0.2088.88
[German]On November 2, 2023, Microsoft released both an update of the Chrome browser in the Extended Stable to 118.0.2088.88 and an update to Edge 119.0.2151.44. Thanks to the reader who reported on November 3, 2023 that Microsoft had updated the … Continue reading
Google Chrome 119.0.6045.105/.106
[German]Google has released updates to Google Chrome browser 119 (new development branch) in the stable channel for Mac, Linux and Windows on October 31, 2023. The iOS and Android apps of the Chrome browser have also been updated. The updates … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
LOLBin with WorkFolders.exe under Windows
[German]I do not know if it's widely known, but the legitimate Windows application WorkFolders.exe can be used to launch other .exe programs in the Windows System32 folder or the current folder. This allows malware to launch so-called LOLBin attacks, where … Continue reading
VMware vCenter vulnerability CVE-2023-34048 – many systems vulnerable
There is an out-of-bounds vulnerability CVE-2023-34048 in VMware vCenter that leaves systems vulnerable. A security researcher scanned the Internet for accessible and unpatched instances and found numerous systems. Administrators of VMware vCenter installations should ensure systems are patched.
ServiceNow silently fixes bug from 2015 that enabled data leaks
[German]The US company ServiceNow Inc. offers a cloud platform in whose software there has been a gaping bug since 2015 that allowed third parties to siphon off information without authentication. After a security researcher discovered the vulnerability, it was quietly … Continue reading
iLeakage: Unpatched Safari vulnerability – iOS 17.1 & macOS 14.1 released
[German]Apple has already released iOS 17.1 (also iPadOS) and macOS 14.1 on October 25, 2023. iOS 17.1 probably fixes an Exchange synchronization bug (described here in the blog), as a reader reports. In addition, a bug that reveals the MAC … Continue reading
Vulnerability CVE-2023-5363 in OpenSSL
[German]A vulnerability CVE-2023-5363 was found in the OpenSSL software. The initialization of the encryption key length and the initialization vector in OpenSLL is incorrect. However, a fix is already available for the Linux distributions Debian and Ubuntu.