[German]There are numerous reports from owners of a Canon all-in-one printer that the device is unusable for printing, scanning, faxing, because it constantly restarts and can no longer be operated. Various Canon PIXMA and MAXIFY models are affected. After my reporting, Canon has confirmed the problem in a support post. The remedy is a manual firmware update of the Canon all-in-one multifunction device.
Microsoft has updated the Chromium Edge browser to version 102.0.1245.33 as of June 3, 2022. This is a maintenance update that fixes various bugs and performance issues for the Extended Stable and Stable versions, according to the release notes. However, Microsoft doesn't seem to have published any details yet (this page doesn't take the update into account yet). It is currently unclear whether the new version fixes the bug described in the article Microsoft Edge 102.0.1245.30 has issues with PDF printing.
[German]Microsoft patches numerous vulnerabilities in Windows (and other products) every month. Often known vulnerabilities, but not closed by updates, are used in attacks. The other day I came across a large collection of Windows vulnerabilities that can be exploited by various tools to manipulate privileges if necessary.
[German]Cyberattacks on industrial plants or their control and regulation systems are an increasing threat. Trend Micro states that 90 percent of German companies in the power, oil and gas, and manufacturing sectors were affected by cyberattacks in the last twelve months. The average damage caused by these attacks was 2.9 million euros.
[German]Administrators and people who deal with the subject have known or suspected it for some time. The unmanaged attack surface of IT components is too complex at many companies. This makes it easier for cybercriminals to attack corporate IT, while the companies themselves have increasing difficulty in patching through the systems cleanly. Interesting information has come to my attention in this regard from Palo Alto Networks.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Security researchers from Volexity discovered an actively exploited 0-day vulnerability (CVE-2022-26134) in Atlassian Confluence Server software last weekend. Now Atlassian Confluence has named the affected software versions while providing security updates to close the vulnerability. Administrators should install the security updates immediately. Addendum: There is now a public exploit. Continue reading
[German]A few days after the nationwide outage of Verifone H5000 card terminals in Germany (since May 24, 2022, still ongoing) for cashless payment (there is rumor that an expired certificate could be the root cause) there is the next case. The podcast platform Megaphone, which was bought up by Spotify, went offline for 8 hours on May 31, 2022 due to an expired certificate. Was silly for people who want to monetize podcasts through this platform. However, the incident again shows the problem of expiring certificates, so I'll take up the specific case and the basic issue.
[German]Three Nigerians suspected as masterminds of global online fraud have now been arrested by Nigerian police in INTERPOL's Operation Killer Bee. The operation is an INTERPOL effort to combat malware cyber fraud across Southeast Asia. The BEC fraudsters used the remote access Trojan (RAT) Agent Tesla, among other malware. The air for cybercriminals is getting considerably thinner in African countries like Nigeria.
[German]Tt has been rumored for some time whether there would be a successor to Microsoft Exchange Server 2019, which was released on October 22, 2018. The subscription-based successor announced for 2021 never appeared. Speculation that customers would be forced from on-premise Exchange solutions to the cloud solution Exchange Online has now been put to rest. Microsoft has just unveiled the roadmap for Exchange Server in the tech community. Exchange Server vNext is coming in 2025.
[German]Security researchers from Volexity discovered a 0-day vulnerability (CVE-2022-26134) in Atlassian Confluence software over the weekend. This vulnerability is being actively exploited – this is what brought the issue to the attention of the security researchers. Currently, the urgent advice to administrators responsible for maintaining Atlassian Confluence software (server, data center) is to ensure that this product is not accessible via the Internet – or, if in doubt, shutdown the server. Addendum: A fix is available. And there is now a public exploit.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
