[German]Brief warning to administrators of Citrix NetScaler ADC and Citrix Gateway. The vendor has issued a security advisory warning of a critical remote code execution vulnerability in the products. The vendor has released updates for the affected products, which administrators should apply immediately to the installations they support.
[German]The days the Mozilla developers had released the versions 115.0 of the Firefox browser (see). Now the 115.0.3 ESR version of the browser has been released as of July 18, 2023 (thanks for pointing it out). The release notes of Firefox 115.0.3 ESR only contain the note: Fixed a startup crash for Windows users with Qihoo 360 Antivirus software installed (bug 1843977).
[German]Microsoft has updated the Edge browser to version 114.0.1823.86 as of July 17, 2023. The release notes state that various bugs and performance issues for Microsoft Edge have been fixed.
[German]Today, July 18, 2023, Microsoft's Exchange Online cloud service appears to have been experiencing a [partial] glitch since morning (8 a.m. UTM). German blog readers reported that emails are being blocked. There are various references to issues on 3rd party status pages, and Microsoft's social media team also writes on Twitter that they are investigating reports of disruptions. Here's a brief overview.
[German]A suspected China-based hacking group, dubbed Storm-0558 by Microsoft, was able to gain access to email accounts of about 25 organizations in the Microsoft cloud. In a follow-up late last week, Microsoft followed up with a "comprehensive" text with some limited information about what happened. In a nutshell, Microsoft probably succeeded in stopping the attack (discovered and reported by customers by accident) after weeks. But it is still unclear how the attackers got hold of an abused Microsoft Account (MSA) customer key, and (now corrected) bugs in the Azure code probably enabled the abuse of the MSA key.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The web service virustotal.com (founded by the Spanish company Hispasec Sistemas, taken over by Google), which has been operated by Google since 2012, is popular among security researchers and companies for checking suspicious files for malware. However, there are warnings about how critical automated documents uploaded to Virustotal are with regard to data protection and data leaks, because the data can be viewed by third parties. And even registering with virustotal.com is not a good idea, as a data leak shows. The Austrian media STANDARD has received a list of registered customers of virustotal.com, which disclose names of employees including e-mail addresses. Some of those affected, from secret services or companies, would rather not see their data in public.
[German]A small addendum for administrators of Microsoft's Azure Virtual Desktop: Redmond announced last week that so-called "private links" are now generally available in Azure Virtual Desktop. This should increase the security of connections to Azure Virtual Desktop instances. This is because Private Link ensures that connections to Azure Virtual Desktop instances remain in a trusted and secure private network environment, as they are handled over a secure Microsoft network. This eliminates the need for the service in question to be accessible via the Internet.
[German]On June 13, 2023, a blog reader received a message from Defender for Endpoint (ATP). He was notified that there was an outbound connection to IP 20.119.0.42:443 associated with a hacking group "Storm-0900". Later another reader mentioned such an alert. I'll post the information here on the blog – maybe there are others affected – because the IP belongs to a Microsoft Azure instance.
[German]Quick addendum from this week: Microsoft's Exchange team has already announced the availability of Client Credential Flow (CCF) for SMTP AUTH in Exchange Online on July 10, 2023. Client Credential Flow (CCF) for SMTP AUTH enables applications to use modern authentication to deliver authenticated email to Exchange Online without requiring an interactive login. Using OAuth reduces the risk of credentials being compromised during authentication.
[German]WordPress users who are still using the plugin All-In-One Security (AIOS) in version 5.1.9 should react immediately. UpdraftPlus, the maintainer, has issued a security alert because the plugin was storing user login passwords in plain text in the database.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
