[German]Strange things are happening at the moment. The threat actor behind the lesser-known AstraLocker ransomware seems to want to stop its activities. The actor plans to switch to cryptojacking and has published an archive of AstraLocker decryption programs. I'll try to summarize the facts I know, although much is unclear, even though the actor has probably also contacted my English-language blog.
[German]Google has released the Google Chrome 103.0.5060.114 update for Windows on the desktop in the stable channel as of July 4, 2022. The security update closes 4 vulnerabilities that are rated as high. For Android, there is version 103.0.5060.7.
[German]US media report that a hacker is currently trying to sell a 23 terabyte data set for the price of 10 bitcoins (around 195,000 euros). The dataset is said to contain 1 billion personal data of the population from a police database of the Chinese city of Shanghai.
[German]Security researchers from ReversingLabs have tracked down a relatively unknown malware, which they have named AstraLocker. In version 2.0, the attackers have taken to loading the malicious payload directly from a Word document that is included as an attachment to a mail. This is unusual in that cyber attackers usually try to disguise the attack. Security researchers believe the group has limited cyber-attack capabilities, but gears its campaigns toward destruction.
[German]At the end of June 2022, Microsoft indicated that support for products such as Windows Server 2012, Windows Server 2012 R2, and Microsoft SQL Server 2012 will end in the foreseeable future. SQL Server 2012 is due for its next patchday in July 2022 and will no longer receive updates in the future. With Windows Server 2012/2012 R2, administrators still have some grace, but the whole thing can be extended via ESU until October 2023.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
The use of virtualized containers with functions is in vogue. Orchestration solutions, such as Kubernetes, are used to manage the containers. However, if this solution is compromised, this affects all managed containers. The question therefore arises about the security of Kubernetes and what pitfalls there are. I have received some information on this from Check Point, which I am posting here.
[German]Partial success for Maastricht University, following a ransomware attack in 2019. Investigators have managed to seize part of the Bitcoin ransom payments. Due to price increases, this amount is now worth more than the entire ransom at the time. The university plans to put the amount into a fund for students. Here is some information about an incident that is ending with a profit for the university.
[German]Recently I came across a piece of information from security vendor Lookout about the future of cloud security and the term SSE. Sundaram Lakshmanan, CTO of SASE Products at Lookout, explains what SSE is. And he describes the three core SSE principles and how it differs from SASE (Secure Access Service Edge). He also explains how organizations can get the most value from SSE by integrating endpoint security with advanced user and privacy features. I found this quite fascinating, so I'll post the text for interested blog readers.
[German]One more short information for people from the readership who like to experiment. Johan Arwidmark has looked into the question of whether PowerShell 7 can be installed on Windows PE. Windows PE is the pre-install environment of Windows, which is also used for recovery disks. Arwidmark has automated the whole thing by script and writes that it is possible for Windows 11 21H1 and Windows 11 22H2..
[German]After the update to Microsoft Edge 103.0.1264.44 has been released on June 30, 2022, I got reports from users, increasingly noticing that temporary download remnants (.crdownload files) remain in the download folder after downloads (e.g. of .exe and .msi files, but also other files). But I found first reports for Edge 100 too.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
