The IETF has updated a document "OAuth2 Security Best Current Practices" as of June 6, 2023. The document describes current security best practices for OAuth 2.0, updating and extending the OAuth 2.0 security threat model. It incorporates practical experience gained since the release of OAuth 2.0 and covers new threats that are relevant due to the broader adoption of OAuth 2.0.
[German]Administrators responsible for supporting Progress Software's MOVEit managed file transfer (MFT) solution need to respond again. After the SQL injection vulnerability CVE-2023-34362, which was exploited by a ransomware group and became public at the end of May 2023, comes the next problem. Audits have discovered a new vulnerability that needs to be patched in a timely manner.
[German]Microsoft has been struggling with outages in its cloud services (Exchange Online, Outlook.com) for days. As of June 9, 2023, the services of Microsoft Azure (probably worldwide) were disrupted. May be technical in nature – but rumor persists that attackers may be partly responsible. A cyber group Anonymous Sudan claims to attack Microsoft and be responsible for the disruptions.
[German]The Mozilla developers just had released the versions 114.0 of the Firefox browser (see). Now the version 114.0.1 was pushed after. The release notes of Firefox 114.0.1 from June 9, 2023 only contain the note: Fix a startup crash (bug 1837201).
[German]Microsoft's Edge update to version 114.0.1823.41 from June 6, 2023, seem to have caused some issues for some users. I've received reports of crashes – and another administrator complains about "useless stuff" that was displayed in Edge in his corporate environment. Here's a quick rundown. Meanwhile, version 114.0.1823.43 of Edge is distributed.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Varonis security researchers have discovered a problem associated with Salesforce sites that are orphaned and no longer in use. Varonis Threat Labs security researchers have discovered that improperly disabled Salesforce sites, known as ghost sites, continue to retrieve current data and are accessible to attackers: By manipulating the host header, cybercriminals can gain access to sensitive personal data and business information.
[German]Online criminals are constantly thinking of ways to trap victims via social media platforms. The main goal is to get users to click on malicious links. In doing so, they often lurk in the background and use sophisticated tactics to deceive their victims. Malwarebytes' threat intelligence team has discovered a new scam on Facebook that uses clickbaiting and lures users into a money trap with sophisticated tricks. What makes it special is that the scam is built on Google Cloud Run infrastructure.
[German]Another short topic, which has been a bit delayed due to holidays. The manufacturer Barracuda is asking administrators of its Email Security Gateway Appliance (ESG) to replace the devices immediately. The background is a vulnerability in the ESG models, which was supposed to be patched at the end of May 2023. However, this does not seem to be working and the manufacturer is calling for replacement.
[German]Microsoft has been struggling with outages in its cloud services (Exchange Online, Outlook.com) for days. Now, as of June 8, 2023, Outlook.com and OneDrive services are down again (probably worldwide). May be technical in nature – but there is a nasty suspicion. A cyber group Anonymous Sudan claims to attack Microsoft and be responsible for the disruptions.
[German]The developers of Thunderbird have released another update of the email client to version 102.12.0 on June 7, 2023. It is a bug fix update, which should eliminate bugs.2.0 freigegeben. Es ist ein Bug-Fix-Update, welches Fehler beseitigen soll.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
