First supply chain attack on open source software targeting banks discovered

Posted on 2023-07-29 by guenni

Sicherheit (Pexels, allgemeine Nutzung)Security researchers say they have discovered the first attack on the open source software supply chain specifically targeting the banking sector. That's according to a report published by Checkmarx on July 21, 2023. On April 5 and 7, a threat actor used the NPM platform to upload some packages that contained a pre-installed script. When it was installed, the malicious code was executed, attempting to carry out a supply chain attack against banks. Details in the above report and in The Hacker News article.

Posted in Security | Tagged | Leave a comment

Windows 11 22H2: Update KB5028185 causes issues (AAD registry)

Posted on 2023-07-28 by guenni

Windows[German]There appear to be significant issues with the security update released for Windows 11 22H2 on July 11, 2023. Registering in Azure Actice Directory (AAD, now EntraID) no longer seems possible in the browser. A blog reader pointed out the issue to me (thanks for that) There is a lengthy discussion at Microsoft in support including suggestions for workarounds.

Continue reading

Posted in issue, Update, Windows | Tagged , , , | Leave a comment

Outlook: Microsoft releases temporary fix for slow saving on network paths

Posted on 2023-07-28 by guenni

[German]Microsoft has published a new support article the other day that addresses the "slow save" issue with Outlook Desktop. The problem occurs when attachments are to be saved to a location within a network. Then a corresponding dialog box appears. Microsoft suggests a temporary workaround for this problem.

Continue reading

Posted in issue, Office | Tagged , | Leave a comment

Apple security updates for iOS, macOS (July 24, 2023)

Posted on 2023-07-28 by guenni

Small addendum from this week, already on July 24, 2023 Apple has released a slew of updates for the Safari browser, for iOS on iPhones and iPadOS for the iPads. In addition, there are updates for macOS, Apple TV and the Apple Watch. Details can be found on this Apple website. According to The Hackers News, critical vulnerabilities (CVE-2023-38606) are included, which are actively exploited.

Posted in ios, macOS, Security, Software | Tagged , , | Leave a comment

Sophos UTM Firewall: Update closes CVE-2023-0286, CVE-2023-0215 (OpenSSL) and more

Posted on 2023-07-28 by guenni

Sicherheit (Pexels, allgemeine Nutzung)Vendor Sophos has released an update to UTM Up2date 9.716 for its UTM firewall, which is intended to fix a number of vulnerabilities CVE-2023-0286, CVE-2023-0215, CVE-2002-20001, CVE-2022-40735, CVE-2002-20001, CVE-2022-40735, CVE-2023-3367, CVE-2002-20001, CVE-2022-40735 as well as various bugs. The vulnerabilities affect OpenSSL as well as the web admin interface and the web server.

Posted in Security, Software, Update | Tagged , , | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

EU Commission opens competition proceedings against Microsoft over Teams

Posted on 2023-07-28 by guenni

Paragraph[German]Now it's official what has been whispered behind closed doors by insiders for weeks. The European Commission has launched a formal investigation into whether Microsoft may have violated EU competition rules. At issue is Microsoft's communications and collaboration product Teams and its tying or bundling with the popular Office 365 and Microsoft 365 enterprise suites.

Continue reading

Posted in General | Tagged | 2 Comments

Firefox 115.0.3 released with bug fix

Posted on 2023-07-27 by guenni

MozillaMozilla developers have released versions 115.0.3 of the Firefox browser as a bug fix update. The release notes of Firefox 115.0.3 from July 27, 2023 only contain the note: Improved migration experience for users switching to the ESR release.

Posted in browser, Update | Tagged | Leave a comment

Privilege escalation vulnerability CVE-2023-30799 in MikroTik routers, patch urgently

Posted on 2023-07-27 by guenni

Sicherheit (Pexels, allgemeine Nutzung)In case you haven't noticed, MikroTik RouterOS Stable before version 6.49.7 and in the long-term version up to 6.48.6 contains a vulnerability CVE-2023-30799 that allows an attacker to escalate privileges, but the attacker must be authenticated. However, he can then remotely escalate privileges from admin to super-admin on the Winbox or HTTP interface. This then allows him to execute arbitrary code on the system. Details can be found on GitHub; MikroTik posted this warning. This issue is fixed in all RouterOS versions available on the MikroTik download page (v7.7 and v6.49.7 and newer). According to the colleagues at Bleeping Computer, 900,000 devices are potentially vulnerable to this vulnerability.

Posted in Security | Tagged | Leave a comment

PSA: WSUS import is now required via PowerShell

Posted on 2023-07-27 by guenni

Windows[German]Microsoft has started to disable the possibility to import updates manually in WSUS (Windows Server Update Service). The background is that the ActiveX components in question are outdated and Internet Explorer is being replaced by Edge. Yesterday, there was already a discussion here on the blog that the manual import in Edge no longer works. Microsoft has documented the whole thing in a tech community post and provides a PowerShell script to import updates in WSUS.

Continue reading

Posted in Update, Windows | Tagged , , | 1 Comment

Patch your Ivanti EPMM – Norwegian government hacked via 0-day

Posted on 2023-07-27 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Administrators should ugently patch its Ivanti EPMM used in their environment, because older version contains a 0-day vulnerability. In Norway, the ICT platform (information and communications system) on which 12 ministries operate was attacked via this 0-day vulnerability.

Continue reading

Posted in Security | Tagged , | Leave a comment