[German]ESET has presented its Thread Report 2022 with various statistics and explains, for example, the drastic drop in RDP attacks at the beginning of 2022. Palo Alto Networks provides an overview of which ransomware groups have which share of infections. LockBit currently seems to be by far the most successful group. The "flop of the week" is about a USB security stick from Verbatim that is easy to hack.
[German]After the release of the June 2022 updates for Microsoft Office 2016, blog readers have left some reports about issues within my German blog. These problems occur when opening Office documents on SharePoint servers after installing the June 7, 2022 updates for Office 2016.
[German]Security researchers from CyberArk Labs have stumbled upon in Google's Chrome browser. It stores passwords and cookies in plain text in the RAM of its own process. This means a corresponding tool could read these plaintext passwords. I tested it on Google Chrome and on the Ungoogled Chromium clone – the problem should affect all Chromium browsers (so Edge too). Continue reading
[German]Short note to readers who have NAS drives from QNAP in use. There are serious vulnerabilities in the QTS 5.0.0 software in older versions, which were fixed on June 8, 2022 with an update of the firmware to QTS 5.0.0.2055 build 20220531. The installation of this update is strongly recommended. Older QTS versions (4.x etc.) should have been fixed long ago.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Security researchers have had a closer look at smart scales offered by the Chinese manufacturer Yunmai. These smart scales can be coupled with an app on the smartphone via Bluetooth so that the personal data of several people may be stored in personal profiles. Unfortunately, there are vulnerabilities, that allows a mass account takeover or circumvention of manufacturer restrictions via the Yunmai API.
[German]In addition to the Follina vulnerability (CVE-2022-30190) in the Windows ms-msdt protocol, there is another DogWalk-named vulnerability in connection with the Microsoft Diagnostic Tool (MSDT). This vulnerability was reported to Microsoft two years ago, but is unlikely to be patched. The ACROS Security team has taken the Follina story as an opportunity to provide a micro-patch for DogWalk as well. I have prepared the information below.
[German]Microsoft has just released Windows 11 build 25136 for Insiders. The details can be found in the Windows Blog, where you can also read that tabs and the navigation of the file explorer will be rolled out to Windows Insiders. The tabs have been tested with Insiders from time to time. Notepad and Media Player have also received an update (see). Under the hood, however, Microsoft also seems to be experimenting with the search in the taskbar, which is now may be somehow arranged on the left.
[German]Mozilla developers have released versions 101.0.1 of the Firefox browser on June 9, 2022. This is a maintenance update that is supposed to fix bugs.
[German]Google has released the update of Google Chrome 102.0.5005.115for Windows and Mac on desktop in the Stable Channel and Extended Stable Channel as of June 9, 2022. The security update addresses 7 vulnerabilities..61 aktualisiert. Mit dem Sicherheitsupdate werden 7 Schwachstellen geschlossen.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
[