[German]Microsoft also patched Windows Defender Credential Guard on patchday, August 9, 2022, with the security updates. Both an elevation of privilege vulnerability and a security feature bypass vulnerability were closed. However, Microsoft had not provided any documentation on this.
[German]In the article Twilio data security incident findings after SMS phishing attack, I had reported on the security incident at provider Twilio, where data was stolen by hackers through a phishing attack. Twilio offers programmable voice, text, chat, video and email APIs, and cloud authentication service Authy is also part of it. Now it has been revealed that messenger service Signal is one of Twilio's customers and has also been affected.
[German]German blog reader Willi B. contacted me by mail the days because he ran into a problem under Windows 8.1. Since one of the last updates he has the problem that the service "Service Host: Local System" runs with high load after boot since for some time. The problem repeats itself with the August 2022 update. The problem has been running through Windows for years.
[German]Chinese vendor Xiaomi ships smartphones with vulnerabilities: A themes app that tries to bypass Google's built-in Android security protection. In addition, security researchers have discovered a vulnerability in MediaTek chips that make the payment system integrated in Xiaomi smartphones vulnerable. Here's an overview of this two topics.
[German]Cloud communications company Twilio has recently fallen victim to a cyberattack, according to recent media reports (here and here). The attackers penetrated some of the company's customer databases after stealing employee credentials via an SMS phishing attack. The Lookout, Inc, research team took a closer look at this attack campaign and was able to determine some extremely important information thanks to the Lookout dataset.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Software security in cars – a hot topic. On platforms such as TikTok, a trend known as the Kia Challenge or Kia Boys is celebrating a happy new era – the aim is to steal vehicles from Kia or Hyundai using a USB stick. And I came across the next sloppiness: A blogger searching the web found the private keys for software updates on Hyundai vehicles.
[German]Is there a new data leak in China that has captured personal data of millions of people? A hacker has claimed to have obtained the personal data of 48.5 million users of a COVID mobile health code app operated by the city of Shanghai. Joins a chain of other data breaches.
A small note for users of the messenger Threema. The developers are very privacy-conscious and do not use any software libraries from Google or third-party providers in their app. In the meantime, the app is also available for FDroid. So goodbye tracking through frameworks.
IEEESpectrum is planning a short series of reports examining Tesla's collection and use of data from its customers' vehicles. Part 1 will summarize what is known about what data Tesla collects and uploads to its servers.
IT management platforms can become dangerous vulnerabilities. When vulnerabilities allow root access and enable remote code execution, such asset management platforms become a danger. In a warning, Bitdefender reveals the risks that existed with the Device42 product and why an update of the IT asset management platform is necessary.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
