[German]Extremely unpleasant story that threatens users of the new Android 14. Anyone who creates multiple profiles (e.g. professional and private) on a smartphone runs the risk of being locked out by the bug for accessing the device's local memory. Then these users lose the data stored there, as I just read. Fortunately, the suspicion that it was ransomware has not been confirmed. Addendum: Google plans a fix within 2 weeks.
[English]Microsoft updated the Edge browser in the stable channel to version 118.0.2088.76 on October 27, 2023. The release notes here say "fixed various bugs and performance issues". However, it is at the same time a security update of the browser, which according to this page fixes the vulnerability CVE-2023-44323 . The colleagues from deskmodder.de write about two fixed vulnerabilities – but one is Chromium-based.
[German]The US company ServiceNow Inc. offers a cloud platform in whose software there has been a gaping bug since 2015 that allowed third parties to siphon off information without authentication. After a security researcher discovered the vulnerability, it was quietly eliminated in the cloud solution.
[German]Apple has already released iOS 17.1 (also iPadOS) and macOS 14.1 on October 25, 2023. iOS 17.1 probably fixes an Exchange synchronization bug (described here in the blog), as a reader reports. In addition, a bug that reveals the MAC address to iPhones is eliminated. Furthermore, a vulnerability called iLeakage became public the other day. The Safari browser reveals sensitive information such as passwords under iOS and macOS. This vulnerability has not been patched yet.
[German]Microsoft has released an optional cumulative (preview) update KB5031445 for Windows 10 22H2 on October 26 (D-Week). This is supposed to fix numerous bugs in Windows 10 22H2. Below I provide an overview regarding these updates for Windows 10. Continue reading
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft has released the optional cumulative (preview) update KB5031455for Windows 11 version 22H2 on October 26, 2023. This brings a number of fixes (similar to the preview update for Windows 11 21H2). Below I give an overview regarding these (Moments 4) updates for Windows 11. According to user reports, the update seems to correct the problem of the shadow font that cannot be switched off.
[German]A vulnerability CVE-2023-5363 was found in the OpenSSL software. The initialization of the encryption key length and the initialization vector in OpenSLL is incorrect. However, a fix is already available for the Linux distributions Debian and Ubuntu.
[German]The vulnerability in Progress Software's Managed File Transfer (MFT) solution MOVEit, which was disclosed in May 2023, has also affected CCleaner customers of the vendor Priform (bought by AVAST and owned by Gen Digital). Piriform has just admitted to a data leak due to the MOVEit vulnerability.
[German]I would guess that Citrix users on unpatched instances are "under fire" once again, because more information is now available on the recently disclosed vulnerability CVE-2023-4966. Under the term "Citrix Bleed", security researchers have described how Citrix NetScaler ADC and Gateway leaked session tokens to attackers and presented a proof of concept (PoC). Citrix had published vulnerability advisories in early October 2023.
[German]ACROS Security released a micropatch on Oct. 24, 2203, to address a Microsoft Office Security Feature Bypass (CVE-2023-33150) vulnerability in Office versions 2010 and 2013, which are no longer in support.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
