Follow-up to the Storm-0558 cloud hack: Microsoft is still in the dark

Posted on 2023-07-18 by guenni

[German]A suspected China-based hacking group, dubbed Storm-0558 by Microsoft, was able to gain access to email accounts of about 25 organizations in the Microsoft cloud. In a follow-up late last week, Microsoft followed up with a "comprehensive" text with some limited information about what happened. In a nutshell, Microsoft probably succeeded in stopping the attack (discovered and reported by customers by accident) after weeks. But it is still unclear how the attackers got hold of an abused Microsoft Account (MSA) customer key, and (now corrected) bugs in the Azure code probably enabled the abuse of the MSA key.

Continue reading

Posted in Security | Tagged | Leave a comment

Data leak exposes data of registered Virustotal customers

Posted on 2023-07-17 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The web service virustotal.com (founded by the Spanish company Hispasec Sistemas, taken over by Google), which has been operated by Google since 2012, is popular among security researchers and companies for checking suspicious files for malware. However, there are warnings about how critical automated documents uploaded to Virustotal are with regard to data protection and data leaks, because the data can be viewed by third parties. And even registering with virustotal.com is not a good idea, as a data leak shows. The Austrian media STANDARD has received a list of registered customers of virustotal.com, which disclose names of employees including e-mail addresses. Some of those affected, from secret services or companies, would rather not see their data in public.

Continue reading

Posted in Security | Tagged | Leave a comment

Azure Virtual Desktop: Private Link available

Posted on 2023-07-17 by guenni

[German]A small addendum for administrators of Microsoft's Azure Virtual Desktop: Redmond announced last week that so-called "private links" are now generally available in Azure Virtual Desktop. This should increase the security of connections to Azure Virtual Desktop instances. This is because Private Link ensures that connections to Azure Virtual Desktop instances remain in a trusted and secure private network environment, as they are handled over a secure Microsoft network. This eliminates the need for the service in question to be accessible via the Internet.

Continue reading

Posted in Cloud, Security | Tagged , , | Leave a comment

Azure Hack? Strange Azure AD IP 20.119.0.42:443 "safe-hse.com" alerted on June 13, 2023

Posted on 2023-07-17 by guenni

[German]On June 13, 2023, a blog reader received a message from Defender for Endpoint (ATP). He was notified that there was an outbound connection to IP 20.119.0.42:443 associated with a hacking group "Storm-0900". Later another reader mentioned such an alert. I'll post the information here on the blog – maybe there are others affected – because the IP belongs to a Microsoft Azure instance.

Continue reading

Posted in Security | Tagged | Leave a comment

Exchange Online: Client Credential Flow for SMTP AUTH available (July 2023)

Posted on 2023-07-16 by guenni

Exchange Logo[German]Quick addendum from this week: Microsoft's Exchange team has already announced the availability of Client Credential Flow (CCF) for SMTP AUTH in Exchange Online on July 10, 2023. Client Credential Flow (CCF) for SMTP AUTH enables applications to use modern authentication to deliver authenticated email to Exchange Online without requiring an interactive login. Using OAuth reduces the risk of credentials being compromised during authentication.

Continue reading

Posted in Security, Software | Tagged | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

WordPress plugin All-In-One Security (AIOS) 5.1.9 with severe vulnerability

Posted on 2023-07-15 by guenni

[German]WordPress users who are still using the plugin All-In-One Security (AIOS) in version 5.1.9 should react immediately. UpdraftPlus, the maintainer, has issued a security alert because the plugin was storing user login passwords in plain text in the database.

Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Windows 11 23H2 announced for 4th Q. 2023; Windows 10 IoT Enterprise LTSC 2021 starting Aug. 1, 2023.

Posted on 2023-07-14 by guenni

Windows[German]There is some news regarding Windows 11 and Windows 10 IoT. Indirectly, Microsoft has now given a hint that the next feature update for Windows 11 will probably come at the end of 2023 as version 23H2 via Enablement Updates. And for people who don't want to say goodbye to Windows 10 in 2025, there is also a corresponding message. Windows 10 IoT Enterprise LTSC 2021 can be licensed from August 2023. Then there is support until 2031. And the sale via OEMs has (imho) been expanded to volume licenses due to "pressure" from customers.

Continue reading

Posted in Windows | Tagged , | 1 Comment

Edge 114.0.1823.82

Posted on 2023-07-14 by guenni

EdgeMicrosoft has updated the Edge browser to version 114.0.1823.82 as of July 13, 2023. Version 114.0.1823.79 had already been released on July 10. The release notes state that various bugs and performance issues for Microsoft Edge have been fixed. Thanks to the reader for the tip.

Posted in browser | Tagged | 2 Comments

Critical RCE Vulnerability CVE-2023-36664 in GhostScript affects Linux, Windows etc.

Posted on 2023-07-14 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]A security researcher has developed a proof of concept to exploit a remote code execution vulnerability CVE-2023-36664, rated critical (CVSS score 9.8), in the widely used (for PostScript and PDF displays) GhostScript software. Both Linux and Windows systems are threatened if GhostScript is used before version 10.01.2. On Windows, GhostScript could have entered the system via LibreOffice or Bullzip PDF printers, for example.

Continue reading

Posted in Linux, Security, Software, Windows | Tagged , | 1 Comment

HTML RCE Vulnerability CVE-2023-36884 Allows Office and Windows System Takeover

Posted on 2023-07-13 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Short addendum regarding security. As of July 11, 2023 (patch day), another 0-day vulnerability (CVE-2023-36884) has become public, which allows remote code execution in Microsoft Windows and Office. The vulnerability has already been exploited by hackers from the group Storm-0978 for attacks on various targets (e.g. Nato summit in July 2023). I had mentioned the vulnerability in the patchday overview, but currently there is no patch. Microsoft has only published mitigation instructions.

Continue reading

Posted in Office, Security, Windows | Tagged , , , | Leave a comment