AnyDesk hack: Newly signed clients available; what are your experiences? – Part 12

Posted on 2024-02-20 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[English]At the begin of February 2024, it became known that the provider of remote maintenance software, AnyDesk, was the victim of a hack of its production environment. I pointed out early on that the hack had already taken place in December 2023. As a result, a certificate change for the digital signing of AnyDesk clients is pending, an old certificate from "philandro Software GmbH" has been recalled and is now invalid. Newly signed clients should be available from February 12 or 13, 2024.

Continue reading

Posted in Security, Software | Tagged , , | Leave a comment

Local Privilege Escalation vulnerability CVE-2024-035 in ESET products fixed

Posted on 2024-02-20 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]On February 8, 2024, ESET updated some of its antivirus products at short notice. The information about a vulnerability was "on hold" until February 14, 2024. ESET has now published a security advisory confirming a Local Privilege Escalation vulnerability in ESET products. This vulnerability was fixed by the updates announced on February 8th.

Continue reading

Posted in Security, Software, Update | Tagged , , | Leave a comment

Security incident: 13,000 Wyze camera users see images of other users

Posted on 2024-02-20 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security camera vendor, Wyze, recently experienced technical problems. Users reported that they were suddenly shown other people's camera images. The provider has now confirmed the security incident. Around 13,000 users were affected and were shown the camera data of other Wyze camera owners in their streams. It's funny when your own cameras stream to the cloud, where the manufacturer then has to sort out that everything is running correctly.

Continue reading

Posted in Cloud, devices, Security | Tagged , , , | Leave a comment

Operation Cronos: FBI & Co. seized infrastructure of the Lockbit ransomware gang

Posted on 2024-02-20 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]It has been known for a few hours that law enforcement officers have seized some of the Lockbit ransomware gang's infrastructure servers in an internationally coordinated operation (FBI, Europool, etc.) and taken control of them. Official information on "Operation Cronos" is not yet available, and it looks as if there are still servants of the group online. Here is a first overview. Addendum 1: The press releases from law enforcement are online: Two suspects have been arrested, 200 cryptocurrency accounts have been frozen, and free decryption tools for lockbit victims are provided on No More Ransome. Addendum 2: It's not over yet.

Continue reading

Posted in Security | Tagged | Leave a comment

New Teams 2.0 client doesn't ask for password for re-login

Posted on 2024-02-19 by guenni

Teams[German]A reader has pointed out to me that there is a behavior that should make it possible to bypass authentication with the user account on the client. Specifically, a third party can log in to the account again without entering a password, after a user logs out. It's a problem of single sign on. I'll put the reader's information up for discussion.

Continue reading

Posted in Security, Software | Tagged , | 3 Comments

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

OneDrive trap: Some folder names can prevent synchronization

Posted on 2024-02-18 by guenni

[German]In OneDrive is lurking a trap when choosing names for files and folders. With the wrong names, the synchronization of files between OneDrive storage and the system's local storage fails. The whole thing doesn't seem to have been properly documented by Microsoft either.

Continue reading

Posted in Cloud, issue | Tagged , | Leave a comment

Edge 121.0.2277.128

Posted on 2024-02-17 by guenni

Edge[German]Microsoft has released another update of the Edge (Chromium) browser with version 121.0.2277.128 in the stable channel on February 15, 2024. It is an update that closes vulnerabilities (from the Chromium browser) and fixes an import error. Continue reading

Posted in browser | Tagged | Leave a comment

Follow-up on CU 14 for Exchange 2019 and vulnerability CVE-2024-21410 (Feb. 2024)

Posted on 2024-02-16 by guenni

Exchange Logo[German]On February 13, 2024, a critical vulnerability CVE-2024-21410 in Microsoft Exchange Server became public. The Elevation of Privilege vulnerability has a CVEv3 score of 9.8 and is likely to be exploited (soon). Security authorities are warning about this vulnerability. However, there was confusion among the blog readership because as of February 13, there was only CU 14 for Exchange Server 2019, which does not explicitly close the vulnerability. What about Exchange Server 2016 and what do I need to do to be protected against CVE-2024-21410? Here is a review with a rough outline.

Continue reading

Posted in Security, Software | Tagged , , | Leave a comment

Windows 10: Update KB5034441 fails again with error 0x80070643 in February 2024

Posted on 2024-02-15 by guenni

Windows[German]Brief question to the readership, I have received initial reports that there are also installation problems in February 2024, around the patchday on February 13, 2024. The Win RE update KB5034441 for Windows 10 fails with the installation error 0x80070643. This error has already driven hordes of users to despair in January 2024. Here is a brief overview of what I have encountered so far.

Continue reading

Posted in issue, Update, Windows | Tagged , , | 3 Comments

Microsoft Office Updates (February 13, 2024)

Posted on 2024-02-15 by guenni

Update[German]On February 13, 2024 (second Tuesday of the month, Microsoft Patchday), Microsoft released several security-related updates for Microsoft Office 2016 and other products. A critical vulnerability in Outlook will be closed in February 2024. Below you will find an overview of the available updates.
Continue reading

Posted in Office, Security, Update | Tagged , , , | 1 Comment