Remote access Trojan "Woody Rat" uses Follina exploits to attack Russian organizations

Posted on 2022-08-05 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Malwarebytes' threat intelligence team has identified a new, technically advanced remote access Trojan. Dubbed "Woody Rat," the Trojan has been in circulation for about a year and targets Russian organizations. Among others, Obyedinyonnaya Aviastroitelnaya Korporatsiya (OAK), an aerospace and defense company majority-owned by the Russian state, has already been targeted by Woody Rat. The Trojan exploits the so-called Follina exploit (CVE-2022-30190), a zero-day vulnerability that can be used to abuse the Microsoft Support Diagnostics utility to download malicious Microsoft Word or Excel documents from the Web.

Continue reading

Posted in Security | Tagged | Leave a comment

Critical RCE Vulnerability CVE-2022-32548 in DrayTek Vigor Routers

Posted on 2022-08-05 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Brief note for administrators and users who may be deploying Vigor routers in their environment. Security researchers have come across a critical Remote Code Execution vulnerability (RCE) that allows attackers to take over the router. DrayTek has provided a corresponding firmware update to close the vulnerability.

Continue reading

Posted in devices, Security | Tagged , | Leave a comment

Microsoft blocks Tutanota users in Teams

Posted on 2022-08-05 by guenni

Stop - Pixabay[German]Unpleasant story that is boiling up right now. The operators of the secure email provider Tutanota just announced that Microsoft is now actively prohibiting their users from registering accounts on its platforms (e.g. Microsoft Teams). They say, incident once again confirms how large corporations act as gatekeepers and how European politics is asleep – there should be immediate intervention from competition authorities. Addendum: But there are some things still in the dark.

Continue reading

Posted in Cloud, Security | Tagged , , , | 1 Comment

Microsoft finds AiTM phishing campaign that also leverages 2FA

Posted on 2022-08-05 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]A small follow-up on security for online accounts using two-factor authentication (2FA). Microsoft's security teams have encountered a large-scale AiTM phishing campaign that attempted to attack more than 10,000 organizations since September 2021. The campaign involved stealing passwords, hijacking the user's login session and skipping the authentication process. This was true even if the user had multifactor authentication (MFA) enabled. The attackers then used the stolen credentials and session cookies to access the affected users' mailboxes and conduct further business email compromise (BEC) campaigns against other targets.

Continue reading

Posted in Security | Tagged | Leave a comment

Security & cyber attacks: Semikron, MBDA, Peter Berghaus GmbH and more

Posted on 2022-08-04 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The last few hours have seen another rash of cyber attacks on companies and government agencies. Semikron, a German manufacturer of power semiconductor components has fallen victim to a ransomware attack. Peter Berghaus GmbH, a manufacturer of traffic technology and signaling systems, may also have fallen victim to a cyber attack (fraud emails are sent in the company's name). Furthermore, the Spanish Ministry of Science has become a victim of a cyber attack and the European missile manufacturer MBDA as well. Here is a summary of various security incidents.

Continue reading

Posted in Security | Tagged | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Windows 10: Update KB5014666 causes issues with Input Indicator and Language Bar

Posted on 2022-08-04 by guenni

Windows[German]With the preview update released at the end of June 2022 for Windows 10 20H2 to 21H2, there is an issue that the input indicator and language bar may no longer be displayed in the status area of the taskbar. Microsoft has confirmed the bug and is rolling back the fixes via Known Issues Rollback (KIR).

Continue reading

Posted in issue, Update, Windows | Tagged , , | 1 Comment

Azure AD Connect (AADConnect) Bug Fix Update (August 2, 2022)

Posted on 2022-08-04 by guenni

Quick note for administrators who have Azure AD Connect in use. As of August 2, 2022, the developers have probably released version 2.1.16.0. The reason for this release was a bug where auto-upgrade fails if the service account is in "UPN" format.

Continue reading

Posted in Cloud, Software | Tagged , | Leave a comment

Tavis Ormandy ported Lotus 1-2-3 and WordPerfect to Linux

Posted on 2022-08-04 by guenni

Developer Tavis Ormandy, who works on Project Zero for Google, has ported the Unix versions of Lotus 1-2-3 and WordPerfect to Linux as a finger exercise. The Lotus port had already become known in May 2022. Then in July 2022, Ormandy was able to announce the port of WordPerfect to Linux – The Register wrote this article about it. He wrapped it all up in a .DEB package to allow easy installation on Ubuntu and Debian distributions. WordPerfect was quite popular in the 80s and early 90s – I used it mostly on Dec VAXes running VMS. However, with the raise of Word for Windows, this word processor has overtaken WordPerfect.

Posted in Software | Tagged | Leave a comment

Chrome 104.0.5112.x fixes vulnerabilities

Posted on 2022-08-03 by guenni

Chrome[German]Google has released the update of Google Chrome 104.0.5112.79 for Linux and macOS and 104.0.5112.79/80/81 for Windows on the desktop in the stable channel on August 2, 2022. The security update closes numerous vulnerabilities. The 104 version is also the basis for the Extended Stable.

Continue reading

Posted in browser, Linux, macOS, Security, Software, Update, Windows | Tagged | Leave a comment

VMware: Security Adversory, Windows 11 TPM Issue

Posted on 2022-08-03 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Brief note for VMware users and administrators. The vendor has published a security advisory for various products (VMware Workspace ONE Access, etc.) as of August 2, 2022, because there are numerous vulnerabilities there. In addition, I still came across an issue with VMware Workstation in conjunction with Windows 11, where TPM prevents cloning of VMs.

Continue reading

Posted in Security, Software, Windows | Tagged , , , | Leave a comment