[German]US CERT CISA (Cybersecurity & Infrastructure Security Agency) has temporarily removed vulnerability CVE-2022-26925 from its Known Exploited Vulnerabilities catalog and warns US organizations not to install the May 2022 updates for Windows on machines that act as domain controllers. This is in response to authentication issues related to the updates and DCs.
[German]Another May 2022 patchday issue on Windows 11. Users who have been running Sophos antivirus solutions may have been seeing BlueScreens on Windows 11. The cause is the May 10, 2022 update KB5013943, which causes problems with a Sophos driver. Sophos has meanwhile released a fix to resolve this issue.
[German]Mozilla developers have released versions 100.0.1 of the Firefox browser on May 16, 2022. It is a maintenance update, which fixes bugs. Thanks to the reader for the tip.
[German]As of today, May 16, 2022, the remote support Quick Assist for Windows 10 and Windows 11 is only available in the Microsoft Store. The previous Windows 32 application for Quick Assist, which was available as a standalone application, has fallen out of support. Seems to frustrate some Windows administrators, because the whole thing is probably only half-baked implemented.
[German]Currently, there seems to be a hitch with SSL VPN connections. Last week, a database dump was posted on Telegram with 21 million user data/login details from VPN providers SuperVPN, GeckoVPN and ChatVPN. An exploit for an unauthenticated remote code execution vulnerability exists for Cisco RV340 SSL VPN routers. In India, a VPN provider is intending withdrawal due to new laws. And Palo Alto is addressing the question of whether VPN will be replaced with SASE.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Another addendum from this week: On patchday, Microsoft closed some vulnerabilities with its security update for Windows on May 10, 2022. One vulnerability (CVE-2022-26925, Windows LSA Spoofing) affects NTLM relay attacks on systems. The updates are another fix to the PetitPotam vulnerability disclosed in 2021. In the meantime, the vulnerability is being exploited for attacks against Active Directory. It should be patched in a timely manner – but update collateral damage is getting in the way in some cases.
[German]Security specialists from Check Point Software Technologies have come across an one years-long running cyber attack campaign that targeted German car dealerships and makers as a cover. The goal of the attacks was to use various types of malware to steal information. The actors behind the campaign initially registered several similar-looking domains, all of which imitated existing German car dealerships. The domains were later used to send phishing emails and host the malware infrastructure. Check Point traced the malware and came across an Iranian website that was being used as a hosting site and was not run by a government.
Microsoft has updated the Chromium Edge browser in the stable channel to version 101.0.1210.47 as of May 13, 2022. This is a maintenance update that closes vulnerabilities fixed in the Chromium browser, according to the release notes. In addition, various bugs and performance issues have been fixed in the Extended Stable by updating to version 100.0.1185.60. The browser should be updated automatically.
[German]Google has released the update of Google Chrome 101.0.4951.67 for Windows and Mac on the desktop in the Stable Channel as of May 12, 2022. Furthermore, the update to version 96.0.4664.208 for Windows and Mac was released in the Long Term Support Channel. Chrome for Android has already been updated to 103.0.5055.0 in the Developer Channel on May 12, 2022. And in Russia, updates for Chrome on Android fails.
[German]Anonymous sources reported to Bloomberg, Apple is testing future iPhone models that replace the current Lightning charging port with the more widespread USB-C port. This would be an absolute paradigm shift for Apple and its customers.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
