[German]A vulnerability classified as critical was discovered in Fortra's GoAnywhere MFT file transfer software on September 11, 2025. The manufacturer has since released an update to eliminate the vulnerability and make file transfer secure again. Users should react immediately an shall make sure, that the Admin console isn't reachable from internet.
[German]The Austrian Armed Forces have switched from Microsoft Office to LibreOffice, an open source project. The reasons for this were not the licensing costs, but rather Redmond's "cloud push" and the army's desire for digital sovereignty.
[German]It has affected the next (semi-)critical infrastructure. An airport service provider (according to my information, Collins Aerospace) operating across Europe was apparently hit by a cyberattack. This caused major delays in check-in at BER Airport (Berlin-Brandenburg International) because everything had to be done manually. Brussels and London Heathrow are also struggling with check-in problems and resulting delays.
[German]British police have arrested two suspected members of the hacker group Scattered Spider. They are believed to be young British men accused of attacks on the British police and London's transport system. The group is charged with a total of 120 hacks of computer systems worldwide.
[German]A reader has brought on September 18, 2025 some information to my attention that I covered in timely manner within my German blog. The Everest ransomware group lists BMW group as one of its victims. Everest claimed that a successful attack also resulted in the theft of internal documents (e.g., for auditing purposes). The incident dates back to September 14, 2025. I was able to view some documents since publishing my German blog post.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]A brief update from this week: On September 17, 2025, details of the CVE-2025-55241 vulnerability in Microsoft Entra ID were made public. This vulnerability would have allowed any attacker to obtain tokens enabling them to assume the global administrator role for any tenant.
[German]To end this week, here is a summary of the two browsers Chrome and Edge. Both browsers have critical security vulnerabilities that are being exploited. Browser updates are recommended. Google is also enhancing its Chrome browser (outside the EU) with AI. Edge is set to receive the Adobe PDF Reader in the near future.
[German]Quick note for users of Windows 10 22H2, Microsoft Office 2016, and Microsoft Office 2019. Microsoft recently reminded users that support for these products will end on October 14, 2025. On this date, security updates for Windows 10 and the aforementioned Office versions will be discontinued.
[German]The provider WatchGuard is active in network security and offers a Firebox appliance in this area. In a recent security alert dated September 17, 2025, the provider points out a critical vulnerability CVE-2025-9242 in its Firebox appliance that allows an attacker to execute code.
[German]Brief note to readers who use SonicWall and have not yet received this information today. There was an incident in which backup files of the firewall configuration stored in certain MySonicWall accounts were exposed in the cloud. This allowed attackers to read the configuration information.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
