Lookout explains: Security Service Edge (SSE) and the future of cloud security

Posted on 2022-07-03 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Recently I came across a piece of information from security vendor Lookout about the future of cloud security and the term SSE. Sundaram Lakshmanan, CTO of SASE Products at Lookout, explains what SSE is. And he describes the three core SSE principles and how it differs from SASE (Secure Access Service Edge). He also explains how organizations can get the most value from SSE by integrating endpoint security with advanced user and privacy features. I found this quite fascinating, so I'll post the text for interested blog readers.

Continue reading

Posted in Security | Tagged | Leave a comment

Experiment: Windows PE with PowerShell 7 integration

Posted on 2022-07-02 by guenni

Windows[German]One more short information for people from the readership who like to experiment. Johan Arwidmark has looked into the question of whether PowerShell 7 can be installed on Windows PE. Windows PE is the pre-install environment of Windows, which is also used for recovery disks. Arwidmark has automated the whole thing by script and writes that it is possible for Windows 11 21H1 and Windows 11 22H2..

Continue reading

Posted in Windows | Tagged | Leave a comment

Microsoft Edge 103.0.1264.44 download bug: .crdownload files remains

Posted on 2022-07-02 by guenni

Edge[German]After the update to Microsoft Edge 103.0.1264.44 has been released on June 30, 2022, I got reports from users, increasingly noticing that temporary download remnants (.crdownload files) remain in the download folder after downloads (e.g. of .exe and .msi files, but also other files). But I found first reports for Edge 100 too.

Continue reading

Posted in browser, issue, Software, Windows | Tagged , | Leave a comment

0patch fixes all known and exploitable Windows NTLM/Kerberos vulnerabilities

Posted on 2022-07-01 by guenni

Windows[German]In recent months, a number of vulnerabilities and attack mechanisms have become known that could be used to siphon off credentials (NTLM/Kerberos). Not all vulnerabilities are easily exploitable, not everything has been fully patched by Microsoft. ACROS Security has now decided to close all known and exploitable Windows NTLM/Kerberos vulnerabilities by means of micropatches. ACROS Security has also completed the DFSCoerce forced authentication issue micropatch.

Continue reading

Posted in Security, Windows | Tagged , | Leave a comment

Microsoft Edge 103.0.1264.44 fixes CVE-2022-33680 (June 30, 2022)

Posted on 2022-07-01 by guenni

Edge[German]Microsoft has updated the Edge browser in the stable channel to version 103.0.1264.44 as of June 30, 2022. It is a maintenance update that fixes the Elevation of Privilege vulnerability CVE-2022-33680, which is rated as critical. And this build fixes group policy issues, some administrators are facing. But I got reports about a download bug.

Continue reading

Posted in browser, Security, Software, Update | Tagged , | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Unauthorized RCE CVE-2022-28219 in Zoho ManageEngine ADAudit Plus

Posted on 2022-07-01 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researcher Naveen Sunkavally of Horizon3.ai recently discovered vulnerability CVE-2022-28219. This allows remote code execution without further authentication by the attacker and affects Zoho ManageEngine ADAudit Plus. This is a compliance tool used by enterprises to monitor changes to Active Directory. The vulnerability involves several issues: untrusted Java deserialization, path traversal and a blind XML External Entities (XXE) injection. The vulnerabilities have since been fixed.

Continue reading

Posted in Security, Software, Windows | Tagged , , | Leave a comment

Kaspersky finds SessionManager backdoor left by malware in IIS/Exchange servers worldwide

Posted on 2022-06-30 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security vendor Kaspersky has come across a little-known backdoor, undetected by antivirus solutions, that leaves malware on Microsoft Exchange servers in the IIS module. There are infections of the so-called SessionManager backdoor in Exchange systems worldwide. The SessionManager backdoor enables a wide range of malicious activities, from collecting emails to taking complete control over the victim's infrastructure. The newly discovered backdoor was first deployed in late March 2021 and has hit government and non-government organizations in Africa, South Asia, Europe and the Middle East. Most of the organizations attacked remain compromised to this day.

Continue reading

Posted in Security | Tagged , | Leave a comment

Azure: Container Escape Vulnerability (CVE-2022-30137) in Microsoft's Service Fabric Closed

Posted on 2022-06-30 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researchers from Palo Alto Networks have encountered a container escape vulnerability in Microsoft's Service Fabric, which they then named FabricScape. The vulnerability allowed container escapes in Microsoft's Service Fabric, which is commonly used with Azure. Palo Alto Networks has partnered with Microsoft to address this vulnerability. 

Continue reading

Posted in Security | Tagged , , , | Leave a comment

Building materials manufacturer Knauf affected by cyber attack worldwide (June 29, 2022)

Posted on 2022-06-30 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The manufacturer Knauf (gypsum, Plaster, building materials) fell victim to a cyber attack on June 29, 2022. The company's IT systems are affected worldwide and had to be shut down. Too much information in terms of details is unfortunately not yet known – the company hopes to have isolated the incident after the security system struck, but is still engaged in analysis. Addendum: Black Basta gang claims responsibility and has leaked data.

Continue reading

Posted in Security | Tagged | Leave a comment

Edge Stable 103.0.1264.37 breaks group policies (Chrome bug)

Posted on 2022-06-30 by guenni

Edge[German]I'm going to pull out an issue that may be of concern to administrators among of my blog readers. Since the release of Microsoft Edge Stable 103.0.1264.37, I got reports, that group policies no longer work. This night I came across more reports at Microsoft. So I'll briefly summarize the state of affairs here for your information. A fix is in the work (at Chromium and Edge developer teams).

Continue reading

Posted in browser, issue, Software, Windows | Tagged , | 3 Comments