Defense: Windows task scheduling as an attack vector

Posted on 2022-07-09 by guenni

Windows[German]Attackers use Windows task scheduling as a technique and create tasks (scheduled tasks) there to infiltrate a victim's machine. The Qualys research team has investigated a number of ways attackers can hide such scheduled tasks. This paper describes three new techniques for hiding and deleting scheduled tasks in a Microsoft Windows environment. This is not theoretical work "in a vacuum," as the technique has been used by suspected Chinese attacker (APT) Hafnium.

Continue reading

Posted in Security, Windows | Tagged , | Leave a comment

QNAP warns of Checkmate ransomware attacks on its NAS (July 2022)

Posted on 2022-07-08 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Taiwanese manufacturer QNAP has issued a warning as of July 7, 2022 that a new Checkmate ransomware attacks its NAS units via SMB services accessible via the Internet. Presumably, weak passwords will then have their credentials cracked via brute-force attack and the volumes will then be encrypted. The first cases seem to have occurred as early as June 2022.

Continue reading

Posted in devices, Security | Tagged , | Leave a comment

Microsoft does not want to block macros in Office by default after all

Posted on 2022-07-08 by guenni

[German]Macros in Office are a gateway for malware like Dridex, Emotet, Trickbot, Qbot, etc. Microsoft had plans to disable macros in Office 365 by default. Now this idea seems to have been scrapped again, macros will not be blocked by default in Office in the future either. At least, that's what Microsoft's told us recently within a few sentences.

Continue reading

Posted in Office, Security | Tagged , | Leave a comment

PowerToys 0.60 released

Posted on 2022-07-08 by guenni

Windows[German]Microsoft has released version 0.6 of its free PowerToys for Windows 10 and Windows 11 on July 7, 2022. I haven't reported about these tools and the weekly water levels here on the blog for a while, especially since the software often came along with bugs and then caused problems. With version 0.6, Clint Rutkas, the developer of the tools, promises quantities of bug fixes and some new features.

Continue reading

Posted in Software, Windows | Tagged , | Leave a comment

Bug in Adaptec ASR-72405 driver for Windows 11/Server 2022

Posted on 2022-07-08 by guenni

Windows[German]Users of Windows 11 (22H2) as well as Windows Server 2022 should pay attention if they run a RAID system and use the Adaptec ASR-71605 RAID controller for it. A blog reader pointed out to me a nasty bug in the driver in question from Microsoft that seems not to have been fixed yet. Here is some information about it.

Continue reading

Posted in issue, Windows | Tagged , , , | 6 Comments

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Ransomware group ALPHV (Blackcat) with new extortion techniques (searchable database)

Posted on 2022-07-07 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The ransomware group ALPHV (also known as Blackcat) seems to be breaking new ground in extortion techniques. In the past, victims have already been threatened with the publication of captured data in order to get them to pay a ransom. Now, the ALPHV ransomware group seems to have set up a searchable database where victims' data can be searched. This poses the risk of data from these documents being misused for further abuse (supply chain attacks, identity theft, phishing).

Continue reading

Posted in Security | Tagged | Leave a comment

Microsoft Edge 103.0.1264.49 (July 6, 2022)

Posted on 2022-07-07 by guenni

Edge[German]Microsoft has updated the Edge browser in the stable channel to version 103.0.1264.49 as of July 6, 2022. It is a maintenance update that fixes the CVE-2022-2294 vulnerability. The download bug hasn't been fixed.

Continue reading

Posted in browser, Security, Update | Tagged , , | Leave a comment

Cisco Security Advisories (July 6, 2022)

Posted on 2022-07-07 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Cisco has published extensive security warnings for various products as of July 6, 2022. Of a total of new CVEs, one in Cisco Expressway and Telepresence Vdieo communication servers is rated critical, one vulnerability in Smart Software Manager is rated high, and the remaining vulnerabilities are rated medium.

Continue reading

Posted in Security | Tagged | Leave a comment

Thunderbird 102.0.1

Posted on 2022-07-07 by guenni

[German]In addition to Firefox developers providing updates to the Firefox browser, a new version of the Thunderbird email client has also been released as of July 5, 2022. Thanks to the reader for pointing this out.

Continue reading

Posted in Software, Update | Tagged | Leave a comment

Firefox 102.0.1 released

Posted on 2022-07-07 by guenni

Mozilla[German]Mozilla developers have released versions 102.0.1 of the Firefox browser on July 6, 2022. This is a maintenance update that is supposed to fix bugs.

Continue reading

Posted in browser, Software, Update | Tagged | Leave a comment