Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Category Archives: Security
Phishing simulations (and SEG) are largely useless
[German]Some companies subject their employees to internal phishing training involving simulated attacks. A study has now shown that these phishing simulations are largely useless. But even secure email gateways cannot stop phishing emails.
Chrome extension FreeVPN.One recorded screenshots of every page visited
[German]Anyone who believed that Microsoft's Recall was at the forefront of surveillance needs to think again. Security researchers have discovered the FreeVPN.One extension for the Google Chrome browser. This extension took screenshots of all visited pages and collected additional data. … Continue reading
Open Source AppLocker Policy Generator
[German]Another small finding from the Internet that may be helpful for administrators who work with AppLocker in corporate environments to set application restrictions. The AppLocker Policy Generator promises to support system administrators and security experts in creating and managing AppLocker … Continue reading
Microsoft restricts China's early access via MAPPS to vulnerabilities
[German]Teir China connections seem to have once again "come back to haunt" at Microsoft. I have come across reports that Microsoft no longer grants security researchers from China early access to zero-day vulnerabilities or proof-of-concept (PoC) exploits. The SharePoint incident … Continue reading
Apple released critical security updates (iOS, macOS)
[German]A brief update from this week: On August 20, 2025, Apple released updates for iOS and iPadOS that address critical vulnerabilities in the operating systems. Here is some information.
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Windows: Certificate spoofing vulnerability CVE-2025-55229; and MDT vulnerability CVE-2025-55230 (August 21, 2025)
[German]All supported versions of Windows (clients and servers) contained a certificate spoofing vulnerability (CVE-2025-55229) – already fixed in May 2025. On August 21, 2025 updated the support article and listed updates to fix the issue. On August 21, 2025, the … Continue reading
ZScaler uses customer logs for AI training
[German]Another scandal in the field of AI training. US provider ZScaler has just come under scrutiny for using 500,000,000,000 daily logs from customer systems to train its AI systems. ZScaler sees no problem with this, but security researchers consider it … Continue reading
Cyber incident at SIP trunk provider Colt (from August 14, 2025)
[German]I have no idea whether and how many blog readers use the SIP trunk services of the provider Colt (colt.net) for telephony. The provider has suffered a cyber incident (possibly since last Thursday). This also affects the SIP trunk solutions … Continue reading
CheckPoint analysis of the 0-click EchoLeak vulnerability in Microsoft Copilo
[German]In June 2025, security researchers reported the first zero-click vulnerability they had encountered in the Microsoft 365 Copilot AI application. Attackers could use this vulnerability, known as EchoLeak, to force Microsoft 365 Copilot to exfiltrate data. Check Point Research has … Continue reading
Cisco Secure Firewall Management Center with CVSS 10 RCE vulnerability CVE-2025-20265
[German]Once again, Cisco is in hot water. The Remote Code Execution (RCE) vulnerability CVE-2025-20265 was found in their Secure Firewall Management Center. This vulnerability was rated with the maximum possible CVSS 3.1 score of 10.0. Administrators need to react immediately.