In addition to classic email phishing and SMS phishing on mobile devices, the misuse of QR codes, which are used to lure users to obscure sites, is also spreading. If QR codes come to the victim via e-mails, it is called quishing. This is an increasing problem, as I have noticed. Here is some information about a situation that a reader brought to my attention this week.
[German]Okta's support system has been compromised with stolen credentials. Vendor Okta (provider of authentication services in the cloud) just admitted that. The attacker was able to view files uploaded by certain Okta customers as part of recent support cases. The vendor is now asking customers to renew their credentials.
[German]Short note for users who have Cisco components with IOS XE in use and these components are accessible via the Internet. As of October 16, 2023, Cisco issued a security warning about the 0-day vulnerability CVE-2023-20198, which is unpatched so far but is being exploited in the wild to take over Cisco components. In the meantime, the vulnerability seems to be exploited in fierce waves of attacks and 10,000s of compromised systems can be assumed.
Microsoft has updated the Edge browser in the stable channel to version 118.0.2088.61 on October 20, 2023 (thanks to the reader for pointing this out). The release note here say: "Fixed various bugs and performance issues".
[German]On October 20, 2023, Microsoft 365 suite experienced a disruption. Users in Europe were unable to access several Microsoft 365 services or experienced loss of functionality. In particular, MS Teams users were affected and were unable to send messages, receive call notifications, or experience delays. I got also reports that Exchange Online had been affected. And administrators may not have been able to assign Microsoft Teams numbers to user accounts. Addendum: It was was power failure.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft has addressed the problem that Outlook from Microsoft 365 takes a very long time to start and then sometimes hangs completely (freeze bug). If the application is closed and restarted, Outlook is opened directly. According to an announcement, the problem, which has been known since June 2023, has now been identified and fixed. The fix has already been published in the beta channel and will be rolled out in November 2023 via a Microsoft 365 update in the current channel.
[German]Warning to users of the WinRAR archive program. Various state threat actors from Russia and China are trying to exploit a vulnerability in the WinRAR archiving tool for Windows. Attackers can execute arbitrary code when unpacking archives via the CVE-2023-38831 vulnerability. Affected by the vulnerability are WinRAR versions prior to 6.23 – currently WinRAR 6.24 is available.
[German]Europol and other law enforcement authorities like German BKA, the FBI and other international police agencies have seized the RagnarLocker ransomware gang's website, which was used to negotiate ransom payments with victims. It is hoped that this will cut off the ransomware group from its funding opportunity. Currently, there are no official announcements yet – they are expected to be released later today.
[German]Hope dies last, but now it's finally dead. Microsoft has just clarified in a blog post that the new Outlook app, which will eventually replace the classic Outlook, will not support COM. I touched on this topic here on the blog just a short while ago. Here's a quick update on what's going on.
[German]The developers of Thunderbird have released another update of the email client to version 115.3.3 on October 18, 2023 (thanks to reader for the tip). It is an update which is supposed to fix some bugs, but does not contain any new features and security fixes.
Continue reading
MVP:
2013 – 2016
WIMVP:
2017 – 2020
