The use of virtualized containers with functions is in vogue. Orchestration solutions, such as Kubernetes, are used to manage the containers. However, if this solution is compromised, this affects all managed containers. The question therefore arises about the security of Kubernetes and what pitfalls there are. I have received some information on this from Check Point, which I am posting here.
[German]Partial success for Maastricht University, following a ransomware attack in 2019. Investigators have managed to seize part of the Bitcoin ransom payments. Due to price increases, this amount is now worth more than the entire ransom at the time. The university plans to put the amount into a fund for students. Here is some information about an incident that is ending with a profit for the university.
[German]Recently I came across a piece of information from security vendor Lookout about the future of cloud security and the term SSE. Sundaram Lakshmanan, CTO of SASE Products at Lookout, explains what SSE is. And he describes the three core SSE principles and how it differs from SASE (Secure Access Service Edge). He also explains how organizations can get the most value from SSE by integrating endpoint security with advanced user and privacy features. I found this quite fascinating, so I'll post the text for interested blog readers.
[German]One more short information for people from the readership who like to experiment. Johan Arwidmark has looked into the question of whether PowerShell 7 can be installed on Windows PE. Windows PE is the pre-install environment of Windows, which is also used for recovery disks. Arwidmark has automated the whole thing by script and writes that it is possible for Windows 11 21H1 and Windows 11 22H2..
[German]After the update to Microsoft Edge 103.0.1264.44 has been released on June 30, 2022, I got reports from users, increasingly noticing that temporary download remnants (.crdownload files) remain in the download folder after downloads (e.g. of .exe and .msi files, but also other files). But I found first reports for Edge 100 too.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]In recent months, a number of vulnerabilities and attack mechanisms have become known that could be used to siphon off credentials (NTLM/Kerberos). Not all vulnerabilities are easily exploitable, not everything has been fully patched by Microsoft. ACROS Security has now decided to close all known and exploitable Windows NTLM/Kerberos vulnerabilities by means of micropatches. ACROS Security has also completed the DFSCoerce forced authentication issue micropatch.
[German]Microsoft has updated the Edge browser in the stable channel to version 103.0.1264.44 as of June 30, 2022. It is a maintenance update that fixes the Elevation of Privilege vulnerability CVE-2022-33680, which is rated as critical. And this build fixes group policy issues, some administrators are facing. But I got reports about a download bug.
[German]Security researcher Naveen Sunkavally of Horizon3.ai recently discovered vulnerability CVE-2022-28219. This allows remote code execution without further authentication by the attacker and affects Zoho ManageEngine ADAudit Plus. This is a compliance tool used by enterprises to monitor changes to Active Directory. The vulnerability involves several issues: untrusted Java deserialization, path traversal and a blind XML External Entities (XXE) injection. The vulnerabilities have since been fixed.
[German]Security vendor Kaspersky has come across a little-known backdoor, undetected by antivirus solutions, that leaves malware on Microsoft Exchange servers in the IIS module. There are infections of the so-called SessionManager backdoor in Exchange systems worldwide. The SessionManager backdoor enables a wide range of malicious activities, from collecting emails to taking complete control over the victim's infrastructure. The newly discovered backdoor was first deployed in late March 2021 and has hit government and non-government organizations in Africa, South Asia, Europe and the Middle East. Most of the organizations attacked remain compromised to this day.
[German]Security researchers from Palo Alto Networks have encountered a container escape vulnerability in Microsoft's Service Fabric, which they then named FabricScape. The vulnerability allowed container escapes in Microsoft's Service Fabric, which is commonly used with Azure. Palo Alto Networks has partnered with Microsoft to address this vulnerability.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
