European (EU) Cyber Resilience Act: Proposal for improved security for digital devices

Posted on 2022-09-16 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Hardware and software products are increasingly subject to successful cyberattacks, resulting in an estimated annual cost of €5.5 trillion from cybercrime by 2021. The European Union therefore presented a draft Cyber Resilience Act on September 15, 2022. The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, aims to define cybersecurity rules to ensure more secure hardware and software products.

Continue reading

Posted in Security | Tagged | Leave a comment

"I don't care about cookies" sold to AVAST

Posted on 2022-09-16 by guenni

Stop - Pixabay[German]Small note to the blog readership. The developer of the browser add-in "I don't care about cookies" has just announced that he has sold his product to AVAST. I don't begrudge Daniel Kladnik this sale, but I have some thoughts of my own in the back of my mind about whether the extension is really in good hands with AVAST. Here is some information about this topic.

Continue reading

Posted in General, Software | Tagged | Leave a comment

Attention: Backdoor in TechLogix Networx Power Delivery Unit; Isolate devices from Internet and Patch it

Posted on 2022-09-16 by guenni

Stop - Pixabay[German]There is a serious vulnerability (backdoor) in the firmware of power delivery units from the US manufacturer Networx. In older versions (prior to version 2.0.2a ), the firmware does not perform authentication, i.e. it is possible to switch off the power delivery unit (PDU) via the network. This is deadly if these units are used for power supply in data centers and are accessible via internet. After a reader's tip, I contacted the manufacturer and GErman CERT Alliance about this. After much back and forth, there is now a working update. Below I disclose the details. Operators should urgently isolate the PDUs and install the firmware update promptly.

Continue reading

Posted in devices, Security, Software, Update | Tagged , , , | Leave a comment

Windows 10 Update KB5017308 causes issues when creating/copying files via GPO

Posted on 2022-09-15 by guenni

Windows[German]Sort September 2022 patchday recap. It looks like the cumulative (security) update KB5017308 released on September 13, 2022 for Windows 10 comes with collateral damage. I have received several reports from readers that following the update installation, creating or copying files via GPO or creating GPO settings files no longer works.

Continue reading

Posted in issue, Security, Update, Windows | Tagged , , , , | 18 Comments

Lenovo BIOS/UEFI updates fix vulnerabilities, hundreds of models affected (9.2022)

Posted on 2022-09-15 by guenni

[German]Chinese computer manufacturer Lenovo has released updates for the BIOS/UEFI of hundreds of its computer models. These are intended to address serious vulnerabilities (CVE-2021-28216, CVE-2022-40134, CVE-2022-40135, CVE-2022-40136, CVE-2022-40137), which Lenovo describes in a security advisory. 

Continue reading

Posted in devices, Security, Update | Tagged , , , | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

.NET Framework-Updates September 2022

Posted on 2022-09-15 by guenni

UpdateAs of September 13, 2022, Microsoft has released a few more updates for the .NET Framework. Bolko pointed it out here (thanks for that). Update KB5017529 is the Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and includes KB5017036 (.NET 4.8) and KB5016368 (.NET 4.7). Furthermore there is the Microsoft .NET Desktop Runtime 6.0.9. The colleagues from deskmodder.de reported that .NET 6.0.9 and .NET Core 3.1.29 close the (severe) denial of service vulnerability CVE-2022-38013.

Posted in Security, Software, Update | Tagged , | Leave a comment

0patch fixes Memory Corruption vulnerability (CVE-2022-35742) in Microsoft Outlook 2010

Posted on 2022-09-15 by guenni

[German]The vulnerability CVE-2022-35742 in Outlook was closed by Microsoft in August 2022 by means of security updates (see Patchday: Microsoft Office Updates (August 9, 2022)). However, Microsoft only provides updates for the MSI versions of Outlook 2013 and 2016. ACROS Security has now released a micropatch that closes the vulnerability in Microsoft Outlook 2010.

Continue reading

Posted in Office, Security | Tagged , | Leave a comment

Court documents show how Google monitors users despite rejected tracking

Posted on 2022-09-15 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]A recent lawsuit filed by the Arizona Attorney General against technology company Google shows that the company continues to track users who have declined location tracking anyway. Thus, IP addresses of Google users served to obtain accurate location information and then used for Google services. On October 24, 2022, Arizona's lawsuit against Google is scheduled to be heard – and I think the EU will be watching closely as well, since Google is in the sights of EU antitrust watchdogs for various competition complaints and there are also GDPR complaints from consumer protection organizations.

Continue reading

Posted in Security | Tagged , | Leave a comment

Patchday: Microsoft Office Updates (September 13, 2022)

Posted on 2022-09-15 by guenni

Update[German]On September 13, 2022 (second Tuesday of the month, Microsoft Patchday), Microsoft released several security-related updates for still-supported Microsoft Office versions and other products. The updates are available for the installable MSI version of Microsoft Office (the click-to-run packages obtain the updates through other channels). Office 2019 does not appear in the list because it is distributed via click-to-run packages and receives security updates via the Office Update feature. Below is an overview of the available updates.

Continue reading

Posted in Office, Security, Update | Tagged , , , | Leave a comment

VMware ESXi: Retbleed fixes cause 70% performance loss in Linux VMs running kernel 5.19

Posted on 2022-09-14 by guenni

In performance regression testing, VMware testers found a severe performance drop for Linux guests when running kernel 5.19 in a VMware ESXi virtual machine with the Retbleed fixes installed. The degradation was up to 70% for computing, up to 30% in networking, and up to 13% in memory usage. Details can be found in this post. (via)

Posted in Linux | Tagged , | Leave a comment