[German]Has the Edge browser already become too complex for users? According to reports, Microsoft's developers are testing a way in the Canary builds for the user to remove non-essential features of the browser. Then things like sidebar, split view, etc. could simply be deselected.
[German]It's a lesson in how things shouldn't really work. The Google Authenticator app enables two-factor authentication for online accounts. In order to be able to use a replacement device with the app if the phone is lost, Google has implemented the option of saving the required passcodes in the Google account in its Authenticator app. What sounds like enthusiasm unfortunately currently has a stumbling block, because the transfer of the relevant passcode to the Google account is done without end-to-end encryption. After criticism from security experts, Google at least wants to upgrade the end-to-end encryption.
[German]Brief information for administrators of Microsoft solutions in companies. Microsoft wants to standardize the domain names previously used to access cloud functions, such as outlook.com, live.com, microsoft365.com, office.com, onenote.com, etc., in the future and make them accessible via sub-domains under the domain cloud.microsoft. This should also make it easier for users to access the URLs in question.
[German]Microsoft's unconventional solution for the so-called LSA bug caused by a Defender update in Windows 11. Users got to see the message "Local Security Authority protection is disabled …", but could no longer enable this feature. After several "repair" attempts, Microsoft has now announced a "fix" for Windows 11: They removed the option from the Windows 11 settings. In addition, new kernel protection features (e.g. FASR) have been introduced, but they cause issues. There are several requirements to be met to enable the new features. I'll summarize the information in a collective article.
[German]Does anyone remember the supply chain attack on SolarWinds' Orion software in 2020? That sent shockwaves through the IT landscape as masses of IT systems were hacked. Now it comes out that the US Department of Justice noticed the incident in its own networks six months before the whole thing became public, but failed to recognize the explosive nature of it. Even bigwigs like Microsoft, Mandiant and SW, who were called in, looked at the incident at SolarWinds without immediately realizing its explosive nature. This allowed the attackers to inspect the compromised systems for months.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft received the German Big Brother Award 2023 for its "life's work" yesterday, April 28, 2023, because it uses its market power to force people, companies and public authorities to constantly transmit data during their digital activities, thereby making themselves subject to real-time surveillance. It is already the third Big Brother Award for Microsoft after 2002 and 2018 – that has to be achieved first.
[German]Microsoft tried to tell people in a techcommunity post a few hours ago that Windows 10 version 22H2 is the last version of this operating system and that you should kindly switch to Windows 11. The tech community post also mentioned that they are planning to release a Windows 11 LTSC (probably in authum 2024).
Blog reader Liam had alerted me about vulnerability CVE-2023-28771 in Zyxel firewalls via email just a few days ago (thanks for that). An April 25, 2023 post states that improper handling of error messages occurs in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. Zyxel has published the support article Zyxel security advisory for OS command injection vulnerability of firewalls. There you can also find information about which patches are available.
[German]Brief note for users who deploy Apache Superset in their environment. There is a problem in the default configuration that the software can be attacked via remote code execution vulnerability. This becomes a problem if the server is accessible via the Internet.
Continue reading
MVP:
2013 – 2016
WIMVP:
2017 – 2020
