Security: DJI drones and it's AeroScope vulnerabilities

Sicherheit (Pexels, allgemeine Nutzung)[German]Drones from the Chinese manufacturer DJI have vulnerabilities that allow third parties to read radio traffic and determine the location of the drone pilot. This vulnerability comes from a monitoring feature called AeroScope (DroneID), developed by the manufacturer for "law enforcement agencies", which allowed them to determine the location of the pilot at a distance of up to 50 km. This has been known for a year, but DJI wrotes, the DroneID protocol used for this is encrypted now. However, security researchers have proven that these "assurances of the manufacturer" are simply wrong. In addition, German security researchers have uncovered other vulnerabilities in various DJI drones, made public on March 3, 2023, that allow a drone's serial number to be altered or the aircraft to crash. This causes trouble for companies and individuals who use such drones.

Continue reading

Posted in devices, Security | Tagged , | Leave a comment

Critical vulnerability CVE-2023-0656 in SonicWall firewalls

Sicherheit (Pexels, allgemeine Nutzung)[German]SonicWall has issued a security alert SNWLID-2023-0004 as of March 2, 2023. Several applications are at risk from critical vulnerability CVE-2023-0656. A stack-based buffer overflow vulnerability in SonicOS allows an unauthenticated attacker to remotely cause a denial of service (DoS) that can crash an affected firewall.

Continue reading

Posted in Security, Software, Update | Tagged , , | Leave a comment

Citrix about "Perpetual licenses": Customers should rather take out a subscription

Are Citrix customers who still have perpetual licenses run into problems? The manufacturer is now trying to force these customers into a subscription with its "Universal License". In the medium term, customers with perpetual licenses will have a harder time getting updates.

Continue reading

Posted in Software | Tagged | Leave a comment

DCOM hardening (CVE-2021-26414) on March 14, 2023 patchday for Windows 10/11 and Server

Windows[German]Just a reminder for administrators of Windows in enterprise environments. There is a vulnerability in Microsoft's Windows DCOM implementation (Windows DCOM Server Security Feature Bypass, CVE-2021-26414) that allowed security features to be bypassed. Microsoft documented this in 2021, and patched it then, closing this vulnerability in stages. Recently, I was reminded that Microsoft will release a final patch on March 14, 2023 that will remove the ability to disable this DCOM hardening.

Continue reading

Posted in Security, Update, Windows | Tagged , , | Leave a comment

Tiny 11: Unclutter Windows 11 Pro shown in a video

Windows[German]A little Sunday topic for readers who are using Windows 11 or are looking at this platform and are in need for a "Leightweigt Windows 11". There is a project called Tiny 11, where a hobbyist has stripped of all the bloatware that Microsoft ships with a Windows 11 Pro. The system is slim and runs smoother than the Windows 11 delivered by Microsoft. The hobbyist has shown in a video what he has removed and optimized for Tiny 11.

Continue reading

Posted in Windows | Tagged | 2 Comments

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...


Busted: Instagram influencer with 40 million followers uses Russian Zeus bot

Sicherheit (Pexels, allgemeine Nutzung)[English]Security researchers have come across an open Cassandra database instance that probably contained data from the Russian website instarobot.pro. The website is known for offering services for spamming and botting on Instagram under the name Zeus. The records also included a reference to an Instagram influencer with 40 million followers using the Russian Zeus bot.

Continue reading

Posted in Security | Tagged | Leave a comment

Reminder: Changes to Certificate-Based Authentication for Domain Controllers in April 2023

Windows[German]It is still a few weeks until the April 2023 patchday. However, I would like to remind administrators who are responsible for updating Windows Domain Controllers about a topic in the Domain Controller area. It is about the fact that Microsoft has adjusted the certificate-based authentication for Domain Controllers (DC) via update in 2023 and disabled the possibility to disable it (in case of occurring problems) as of April 11, 2023.

Continue reading

Posted in Allgemein, Security, Update, Windows | Tagged , | Leave a comment

Microsofts FSLogix: Hotfix 1 (2.9.8440.42104) released for buggy v2210

Update[German]Brief note for troubled administrators in companies who use FSLogix and are annoyed by the numerous bugs in version 2210. Microsoft has now released FSLogix 2210 Hotfix 1 (2.9.8440.42104). This is supposed to fix the numerous problems of version 2210. Here is some information about what it is all about in the end.

Continue reading

Posted in issue, Office, Software, Update, Windows | Tagged , , , , | 1 Comment

LibreOffice can't start after ugrade to Linux Mint 21.1

[German]A short post from the Linux world, although I'm not yet sure if and how widespread the problem is. A blog reader contacted me last Friday and complained that his LibreOffice wouldn't start after he upgraded a Linux Mint system to version 21.1. I did a little research.

Continue reading

Posted in issue, Linux, Office | Tagged , , | Leave a comment

Review of the VMware ESXi server cyberdebacle (Feb. 2023)

Sicherheit (Pexels, allgemeine Nutzung)[German]A brief flashback to February 2023 – since the beginning of the year, numerous VMware ESXi servers have been hijacked via a known vulnerability that has long since been closed. This VMware ESXi vulnerability has a huge threat potential and there are probably still thousands of unpatched systems. Here is a brief overview again.

Continue reading

Posted in Security, Virtualization, Windows | Tagged , , | Leave a comment