[German]Google-acquired security vendor Mandiant has encountered a new malware family (VirtualPITA, VirtualPIE, and VirtualGATE) that targets virtualization solutions like VMware ESXi Server and uses specialized techniques to infiltrate. VMware has issued a security advisory to that effect, and US-CERT is also warning against this malware.
[German]Last night I had reported on the blog about a 0-day vulnerability ZDI-CAN-18333 in Microsoft's on-premises Exchange Servers, which is already being exploited in the wild. Within hours, Microsoft has now responded and confirmed that they are currently investigating two reported zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) affecting Microsoft Exchange Server 2013, 2016 and 2019. At the same time, Microsoft is providing affected administrators with guidance on what to do to protect against these zero-day vulnerabilities until appropriate security updates are available.
[German]There are reports that a new zero-day exists in Microsoft Exchange that is being actively exploited in the wild. Security researchers confirm that some installations – including a honeypot – are already infected. Details about the zero-day are not yet available. Here's an overview of what I know so far and what, if anything, can be done to detect attacks.
[German]Microsoft offers the Exchange Health Checker, a PowerShell script to check on-premises Exchange installations for problems. The script is continuously developed by Microsoft. Frank Zöchling has now extended the Exchange Health Checker with a script to automatically make important settings when checking an Exchange installation.
[German]The developers of Thunderbird have released another update of the email client to version 102.3.1 on September 28, 2022. It is a bug-fix update, which should fix a number of problems and vulnerabilities.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Brief notification for administrators who use a mail protection / security solution from Barracuda Networks in an enterprise environment. Since tonight (September 29, 2022) there seems to be a problem that emails get stuck in their spam filters (Email Security Gateway or Barracuda Email Protection) and are not forwarded. The whole thing seems to be a global problem – although there is almost no information available.
[German]Google has released the update of Google Chrome 106.0.5249.61 for Mac/Linux and Chrome 106.0.5249.61/62 for Windows on September 28, 2022. It is a new development branch, with the update fixing 20 vulnerabilities.
[German]CheckPoint has released its Global Threat Index for August 2022, a top list of malware infections. Surprisingly for me, the previously frequently mentioned Emotet ransomware has been displaced from the top spot it held in previous months. Now, a malware called FormBook is in the No. 1 spot, followed by AgentTesla, the latter being no stranger either. Here is some information on the threat landscape provided to me by CheckPoint.
[German]Microsoft has released an out-of-band update KB5019311 on September 27, 2022, for Windows 11, version 22H2. This update is supposed to fix localization issues in the setup files. Thouse issues have been detected in non English versions of Windows 11 22H2.
[German]HP has published a warning about a buffer overflow vulnerability in the firmware of various printer models (Inkjet, Laserjet Pro and HP PageWide Pro printers) on September 21, 2022. One vulnerability even potentially allows remote code execution (RCE). Firmware updates for the affected printer models are now available.
-
MVP:
2013 – 2016
WIMVP:
2017 – 2020
