Microsoft's analysis of the CrowdStrike incident and recommendations

Posted on 2024-08-06 by guenni

Windows[German]One more addendum, on a topic taken up in my German blog at the end of July 2024. Microsoft has recently published an analysis of the CrowdStrike incident, which confirms the statements made by Crowdstrike. And there are recommendations on how third-party providers of security software should work. The use of kernel drivers, as was the case with CrowdStrike, is not recommended. It also states that Microsoft wants to improve the "security of Windows".

Continue reading

Posted in issue, Security, Windows | Tagged , , | Leave a comment

Microsoft 365: Service degration (August 5, 2024)

Posted on 2024-08-05 by guenni

Stop - Pixabay[German]On August 5, 2024, there will be another disruption to Microsoft 365 features and services, which will probably affect various users worldwide. Microsoft has already confirmed the problem under MO851360 in the status area for MS 365 administrators. The effects are likely to vary depending on the user. Some are experiencing sluggish access to Microsoft 365 features and services, while other users are unable to access them at all.

Continue reading

Posted in Cloud, issue | Tagged , | Leave a comment

New BITSLOTH backdoor discovered; abuses the Windows BITS service

Posted on 2024-08-05 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Another nice story that I came across last week. What I had suspected for some time has been confirmed. The Background Intelligent Transfer Service (BITS) can be abused. A newly discovered Windows backdoor BITSLOTH uses BITS to communicate with command and control servers. An intrusion into a South American government via this backdoor has now been observed. The BITSLOTH malware contains keylogging and screen capture functions.

Continue reading

Posted in Security, Windows | Tagged , | Leave a comment

Identities Inventory: How to certify access rights

Posted on 2024-08-04 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]What do you think about the certification of access rights for users? Access certification describes the independent review of access rights by an auditor. The auditor examines whether the rights granted to users are really necessary. A thorough user access certification process ensures that each employee's digital identity only has the authorizations required to perform their tasks. This also ensures the security of internal data. I recently received a text from Omada that deals with this issue. I'll post the information here in the blog.

Continue reading

Posted in Security | Tagged | Leave a comment

Active Directory tool LDP has a built-in SDDL editor and text exporter

Posted on 2024-08-03 by guenni

Windows[German]I'm putting a topic for administrators in the blog – it may be widely known. I myself am not so well versed in the AD area and the available tools. In Windows, there is the LPD.exe tool, which contains both an SDDL editor and an SDDL-to-text converter. If you are not yet familiar with it, it may be of interest. Here is some background information on this topic, which I came across some time ago.

Continue reading

Posted in Windows | Tagged | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Oracle's Java pricing: Subscribers switch to OpenJDK

Posted on 2024-08-02 by guenni

[German]Has Oracle simply gambled with the pricing of JAVA licenses? It will be bitter for subscribers when Oracle issues an invoice for the licensing of JAVA. After all, it is calculated on a "per user" basis. It is incomprehensible to me that those affected are only now switching to OpenJDK. Here is another look at this situation, based on a survey.

Continue reading

Posted in General | Tagged | Leave a comment

Microsoft 365 Backup and Microsoft 365 Backup Storage available

Posted on 2024-08-01 by guenni

Amazon[German]Microsoft has just announced the general availability of its Microsoft 365 Backup and Microsoft 365 Backup Storage solutions. Microsoft 365 Backup allows you to back up and restore data from OneDrive, SharePoint and Exchange.

Continue reading

Posted in Cloud, Office, Software | Tagged , | Leave a comment

Cyber attack and bug cause of the Microsoft Cloud outage on 30.7.2024

Posted on 2024-08-01 by guenni

[German]On July 30, 2024, there was a partial outage of Microsoft cloud services (Azure, Microsoft 365, etc.) worldwide. I had reported – but not all users were affected. Microsoft has now published a post-incident report and identified the initial causes. The problems were triggered by a DDoS attack that led to an overload. A bug in the routines for defending against such cases then exacerbated the consequences of the attack. A hacker group with a political focus on the Middle East conflict claims responsibility for the attack.

Continue reading

Posted in Cloud, issue | Tagged , | Leave a comment

Investor Meridian BidCo LLC acquires majority stake in MariaDB plc

Posted on 2024-08-01 by guenni

[German]Small addendum from July 25, 2024: It was announced that MariaDB plc has a new majority shareholder. This is a subsidiary of an investment firm. This company has acquired 88.7% of the shares in MariaDB plc and can now determine the fate of the database developer.

Continue reading

Posted in General, Software | Tagged , | Leave a comment

Microsoft discovers VMware ESXi Auth Bypass vulnerability CVE-2024-37085

Posted on 2024-07-31 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Microsoft security experts have discovered a ransomware campaign targeting VMware ESXi instances. Via an Auth Bypass vulnerability (CVE-2024-37085) it is possible to gain full administrative privileges on domain-joined ESXi hypervisors. The vulnerability is being exploited by several ransomware operators to attack ESXi installations.

Continue reading

Posted in Security, Virtualization | Tagged , | Leave a comment