[German]A vulnerability CVE-2023-5363 was found in the OpenSSL software. The initialization of the encryption key length and the initialization vector in OpenSLL is incorrect. However, a fix is already available for the Linux distributions Debian and Ubuntu.
[German]The vulnerability in Progress Software's Managed File Transfer (MFT) solution MOVEit, which was disclosed in May 2023, has also affected CCleaner customers of the vendor Priform (bought by AVAST and owned by Gen Digital). Piriform has just admitted to a data leak due to the MOVEit vulnerability.
[German]I would guess that Citrix users on unpatched instances are "under fire" once again, because more information is now available on the recently disclosed vulnerability CVE-2023-4966. Under the term "Citrix Bleed", security researchers have described how Citrix NetScaler ADC and Gateway leaked session tokens to attackers and presented a proof of concept (PoC). Citrix had published vulnerability advisories in early October 2023.
[German]ACROS Security released a micropatch on Oct. 24, 2203, to address a Microsoft Office Security Feature Bypass (CVE-2023-33150) vulnerability in Office versions 2010 and 2013, which are no longer in support.
[German]Microsoft has updated the Edge browser in the stable channel to version 118.0.2088.69 on October 24, 2023 (thanks to the reader for pointing this out). The release notes say "fixed various bugs and performance issues". However, it is a feature update to the browser at the same time.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Currently users are facing many issues with Exchange Online. German blog reader Georg emailed me yesterday (October 25, 2023) about an annoying bug in Exchange Online: They don't get any confirmations / rejections sent for rooms bookings in Exchange Online since a week. Continue reading
[German]Google has released updates to Google Chrome Browser 118 in the Stable and Extended channels for Mac, Linux, and Windows as of October 24, 2023. The Chrome browser's Android app has also been updated. The updates include a security fix,. Here is an overview of these updates. And there is a reference to Google`s planned IP protection feature, that has been just announced.
Continue reading
[German]A reader pointed out to me a strange and dubious behavior of Exchange Online. It has been observed that users are offered global address lists (GAL) from other tenants as soon as people try to fill out the To field in an email or appointment. In any case, it is problematic under the European GDPR (General Data Protection Regulation).
[German]Is there a problem with the wireless charging cradle in BMW cars destroying Apple's iPhone 15? User reports of iPhone 15 devices that were defective after wireless charging using the BMW charging cradle (the NFC chip on the iPhone 15 is defective) indicate this. According to media reports, BMW has now at least initiated a technical analysis of the matter. iPhone owners among BMW vehicle owners since currently advised to rather not use the wireless charging cradles on the vehicle.
[German]The developers of Thunderbird have released another update of the email client to version 115.4 on October 24, 2023 (thanks to reader for the tip). It is an update, which is supposed to fix some bugs, as well as contains some new features. A short time later the fixed security fixes were released as 115.4.1.
Continue reading
MVP:
2013 – 2016
WIMVP:
2017 – 2020
