[German]Hard drive manufacturer Western Digital admitted to a cyber attack on its IT networks on April 3, 2023. An unauthorized person was able to gain access to the internal IT networks probably already in March this year. The whole thing was noticed on March 26, 2023, the company announced in a message to the public. Whether data has been leaked is currently unknown.
[German]Good news for Windows 11 client administrators (version 22H2). Microsoft has fixed the script error in Group Policy Preferences (GPP) in the preview updates from the end of March 2023 and will generally roll out this fix on Patchday in April 2023. This should eliminate the annoying crashes, for example in the Task Scheduler or Group Policy Management Editor.
[German]Another small addendum from the end of March 2023. Security researchers have discovered a serious design weakness in the IEEE 802.11 WiFi protocol standard. This weakness could allow attackers to eavesdrop on WLAN access points and transmit network frames in plain text. This could, for example, inject malicious JavaScript commands into the network packets. It is an academic finding, and there is no evidence yet that this flaw is being exploited.
WordPress administrators using the Elementor Pro plugin should urgently check if it is up to date and if WordPress has already been compromised (e.g. check urlscan.io to see what connections are going down). On March 18, 2023, NinTechNet security researcher Jerome Bruandet had discovered a vulnerability that can be exploited if the plugin is installed together with WooCommerce. Hackers are now actively exploiting the highly dangerous vulnerability in WordPress plugin Elementor Pro. The plugin for creating WordPress pages is used by over eleven million websites. Details have been summarized by the colleagues from Bleeping Computer here (thanks to the reader's tip).
[German]Today another article summarizing issues around the topic "Installation of .NET Framework Updates", in which I also revisit some older points. For example, Microsoft already fixed the annoying automatic installation of .NET Preview updates in January 2023, so they are now really optional. Robert informed me that the .NET Framework installation issue with .NET update KB5022729 was fixed. And Microsoft is distributing .NET updates for Windows 11 22H2 via UUP.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]I'm picking up on a topic and posting it here on the blog for information purposes with a request for feedback from those affected. It's about the provider AnyDesk and its remote maintenance software of the same name. A reader pointed out to me that there were problems with the renewal of AnyDesk licenses. According to the reader, attempts to contact the sales or support department of this vendor have been "going nowhere" for 2-3 weeks. I did a little search on the Internet and followed the reader's advice. There are some sites where people share similar experiences.
[German]A short note and also a question to the readers for those affected. I have information that the search no longer works for Outlook users from the circle of Microsoft 365 customers. Microsoft is aware of the problem, but nothing can be done, according to support.
[German]Good news for users of Windows 7 SP1 and Windows 8.1 who want to continue using these operating systems, which have (largely) fallen out of support with Microsoft, for a while longer. Mozilla has announced that they plan to support these operating systems for at least another year.
[German]I wrestled with myself a bit about what to do with the material, but then decided to publish the blog post after all. An anonymous source has send me leaked data that must have come from the "Microsoft universe" (maybe have been pulled as part of the Bing BigBang incident). Snippets of communications from Microsoft's mangement provide interesting insights into how Nadella and Co. conduct themselves publicly and how they act internally.
[German]Files leaked from a whistle blower to German news magazine Süddeutsche Zeitung show how Russia under Putin is planning cyberwar. An evaluation by a media collective shows: Train and air lines are to be attaced, as well as energy supply and critical infrastructure. And our security culture continues to rely naively on increased digitization, including the cloud and up-to-date virus scanners.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
