[German]Progress Software, which has been hit hard by the MoveIT vulnerability, is facing the next trouble. There are further serious vulnerabilities in its WS_FTP Server software that could already being exploited in the wild. The products must be immediately provided with the emergency patch to secure them.
[German]The ALPHV ransomware gang has just announced that they hacked one of the largest US healthcare providers in Michigan. More than 6 terabytes of data were stolen from the company's servers. The group is expecting a ransom payment or threatening to release the captured data – including patient data – on the Internet otherwise.
The developers of LibreOffice have released updates to versions 7.6.2 and 7.5.7. These security updates were required to close the CVE 2023-4863 vulnerability in libwebp (see also my post WebP vulnerability (CVE-2023-5129) affects multiple software packages such as web browser). The Document Foundation has published this blog post about the security update. (via)
[German]Microsoft has now technically ended the upgrade option from Windows 7 SP1 and Windows 8.1 for Windows 10 and Windows 11. This means that the previously still possible activation with a corresponding product key of Windows 7 or Windows 8.1 is no longer possible in the future. Microsoft has now officially announced this and at the same time also adapted or ended the activation via HWID (hardware ID) via corresponding servers.
[German]Quite an unpleasant surprise that Microsoft has flushed onto the systems of its users of Windows 11 22H2 (and probably soon Windows 11 23H2) with the preview update KB5030310. Those using a plain desktop will now be forcibly greeted with a shadow font under the desktop icon texts. It's well known that "Microsoft knows what's good for its user base", but the result just looks like shit and here on the blog two reader comments have already hit complaining about this "innovation of Microsoft".
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft is working on Windows 11 23H2, in which the Explorer provides some new features. But the old Explorer in Windows 11 still seems to be buggy. A German blog reader reported a bug in Windows Explorer back on September 11, 2023. The problem is that the Explorer window focus suddenly steal the focus the while working in Windows 11.
[German]A vulnerability (CVE-2023-5129) exists in the Libwebp WebP library with the maximum possible CVSS index of 10. A heap buffer overflow allows attackers to execute malicious code. Originally, the vulnerability was assigned to the Chrome browser. However, because it affects the Libwebp library, a number of software packages that use this library are affected. Updates have already been released for Chrome and Firefox.
As of September 28, 2023, Mozilla developers have released security updates of Firefox 118.0.1, 118.1.0 and 115.3.1. The updates closed a critical vulnerability (CVE-2023-5217: Heap buffer overflow in libvpx). An overview of the security fixes can be found here (thanks to the reader for the tip).
Trend Micro has released a new "Critical Patch" for its ApexOne product (thanks to the reader for pointing it out). The patch applies to Apex One Service Pack 1 (server and agent build 12512). The critical patch fixes several bugs at once, one of which prevents the Apex One server from receiving virus detection log data from managed security agents.
[German]Google has released updates to the Google Chrome browser 117 in the stable channel for Mac, Linux and Windows on September 27, 2023. It is a security update that should be rolled out and fix several vulnerabilities (some classified as "high"). One vulnerability (CVE-2023-5217) is being exploited in the wild. The browser's Android app has also received a security update.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
