[German]The security vendor Trend Micro has released Trend Micro Worry Free Business (WFBS) 10.0 SP 1 – Patch 2518 on 15.7.2025. The patch contains various security fixes and is also intended to fix various bugs. OpenSSL 3.0.15 in the Apache web server is updated to improve product security.
[German]Delegated Managed Service Accounts (dMSA) were newly introduced in Windows Server 2025. Their design enables serious attacks on Managed Service Accounts and Active Directory resources. Semperis-Research has now developed Golden dMSA, a tool that contains the logic of the attack and helps to better understand the attack mechanisms and initiate defensive measures.
[German]Microsoft has slightly adjusted its criteria for delicensing resiliency for Exchange Online tenants. Now Exchange Online tenants with fewer than 10,000 licenses can also benefit from this function. This helps administrators who remove licenses in a tenant to prevent the mailbox from immediately becoming inoperable. Instead, there is a grace period.
[German]Law enforcement authorities have dismantled the network of the Russian NoName057(16) cyber group, with the help of Europol and other institutions. The perpetrators targeted the IT infrastructure of Ukraine and supporting countries, including many EU member states.
[German]VMware by Broadcom has published a security warning on July 15, 2025 regarding various vulnerabilities in VMware ESXi, Workstation, Fusion and VMware Tools, which urgently need to be patched with security updates. It is unclear how users without a Broadcom account can access the updates.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]It's a "bombshell" that ProPublica has just dropped. Microsoft is using engineers in China to maintain the US Department of Defense's cloud computer systems. There is only minimal monitoring by poorly qualified American personnel. Microsoft has so far ignored all warnings that this opens the door to cyber espionage or attacks.
[German]Microsoft has now announced deadlines from which the supply of security updates for Microsoft 365 apps under Windows 10 will end after October 14, 2025, but surprisingly even provides feature updates. There will be a staggered phase-out of these feature updates. The same also applies to Windows Server 2016/2019 if Microsoft 365 apps are running under Terminal Server. There are staggered dates for the rollout of Microsoft 365 version 2608 and thus for the release of the feature updates. Security updates will then be available until October 2025.
[German]The security updates for the July 2025 patchday lead to problems in virtual machines. Virtualized instances of Windows Server 2025 and Windows 11 24H2 may no longer start under Hyper-V or VMware ESXi. The same applies to Windows 11 24H or Windows Server 2025 on Azure VMs – where there is now an out-of-band update KB5064489.
Security researchers from Tenable have discovered a vulnerability called GerriScary in Google's open source code review system Gerrit. The vulnerability allowed malicious code to be injected into at least 18 central Google projects, including ChromiumOS (CVE-2025-1568), Chromium, Dart and Bazel. Attackers could have used GerriScary to manipulate existing change requests, bypass release mechanisms and inject malicious code into critical projects.
[German]The US branch of Belkin (provider of SmartHome accessories), has just announced that it will discontinue support for many of its Wemo SmartHome components as of January 31, 2026. From this date, various intelligent Wemo SmartHome components that rely on the cloud will no longer be controllable via the Wemo app.
-
MVP:
2013 – 2016
WIMVP:
2017 – 2020
