[German]Brief message that I received from CheckPoint. Perhaps one or the other reader has an account with PayPal. Phishing is nothing new in this area – and criminals exploit the trustworthiness of the PayPal brand name to trick mail verification systems and get their victims' money and contact details. Now a new wave of phishing seems to have run, using PayPal domains.
[German]The developers of Thunderbird releases another update of the email client on August 8, 2022. This is to fix a number of bugs in the 102 version. The update is also only offered for this branch – not for the old 91 branch.Reihe an Bugs in der 102er Version beheben. Das Update wird auch nur für diesen Zweig angeboten – nicht für den alten 91er Zweig.
[German]Twitter has just confirmed a privacy incident stemming from a vulnerability reported in January 2022. In July 2022, it became known that someone had used this vulnerability to siphon personal data from Twitter users. Here's some information about that incident.
[German]I am once again taking up a difficult topic in a review, which has triggered numerous discussions within my Germanblog. It is about the German , BSI's (Federal Office for Information Security) warning against the use of products of the Russian provider Kaspersky. In the meantime, the Higher Regional Court has clarified that the BSI was allowed to warn and that this also falls within its scope. It should be clear to everyone that at least parts of the decision was also politically motivated. Now, in an article for the German broadcasting service Tagesschau, and Bavarian TV service BR has traced how difficult it was for the BSI to make its assessment.
Microsoft has updated the Edge browser in the stable channel to version 104.0.1293.47 as of August 5, 2022. It is a security update that also includes a fix for vulnerabilities while also initiating the 104 development branch.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Security researchers from Sentinel One have discovered an interesting attack path under Windows, which is used by the ransomware gang Lockbit. The group uses Windows Defender in its ransomware construction kit to load the Cobalt Strike test tool and then abuse it. The (unpatched) target system is attacked via the Log4j vulnerability.
[German]Malwarebytes' threat intelligence team has identified a new, technically advanced remote access Trojan. Dubbed "Woody Rat," the Trojan has been in circulation for about a year and targets Russian organizations. Among others, Obyedinyonnaya Aviastroitelnaya Korporatsiya (OAK), an aerospace and defense company majority-owned by the Russian state, has already been targeted by Woody Rat. The Trojan exploits the so-called Follina exploit (CVE-2022-30190), a zero-day vulnerability that can be used to abuse the Microsoft Support Diagnostics utility to download malicious Microsoft Word or Excel documents from the Web.
[German]Brief note for administrators and users who may be deploying Vigor routers in their environment. Security researchers have come across a critical Remote Code Execution vulnerability (RCE) that allows attackers to take over the router. DrayTek has provided a corresponding firmware update to close the vulnerability.
[German]Unpleasant story that is boiling up right now. The operators of the secure email provider Tutanota just announced that Microsoft is now actively prohibiting their users from registering accounts on its platforms (e.g. Microsoft Teams). They say, incident once again confirms how large corporations act as gatekeepers and how European politics is asleep – there should be immediate intervention from competition authorities. Addendum: But there are some things still in the dark.
[German]A small follow-up on security for online accounts using two-factor authentication (2FA). Microsoft's security teams have encountered a large-scale AiTM phishing campaign that attempted to attack more than 10,000 organizations since September 2021. The campaign involved stealing passwords, hijacking the user's login session and skipping the authentication process. This was true even if the user had multifactor authentication (MFA) enabled. The attackers then used the stolen credentials and session cookies to access the affected users' mailboxes and conduct further business email compromise (BEC) campaigns against other targets.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
