[German]In an announcement dated April 4, 2022, Microsoft announced the end of support for .NET Framework 4.5.2, 4.6 and 4.6.1 on April 26, 2022. After that, there will be no more (security) updates. Users running the runtime in question should update it to at least .NET Framework 4.6.2 before April 26, 2022. Nothing changes for other .NET Framework versions, including .NET Framework 3.5 SP1 (see).
[German]Security researchers from Check Point have discovered multiple vulnerabilities in the popular Java Spring Framework developer environment. The vulnerabilities are now being used for attacks, and according to Check Point, 16 percent of all organizations worldwide were affected after just four days. Immediate updating of affected products is strongly recommended.
[German]In July 2022, Microsoft plans to release a new feature Autopatch for Windows 10/11 Enterprise. The paid product, Windows Autopatch, is intended to manage all aspects of delivering quality and feature updates, drivers, firmware and Microsoft 365 apps to enterprises for Windows 10 and Windows 11.
[German]Microsoft has not only outlined the future roadmap in terms of Windows 365 Cloud PC integration for Windows 11 on April 5, 2022. They announced also, that new security features will be available in Windows 11. Microsoft Defender's "Smart Screen" supports a phishing protection. Furthermore, security features such as Personal Data Encryption and Smart App Control are available for corporate environments.
[German]Today a few more news around the topic of cyber security. Hackers have penetrated in March Russian TV systems and in April the Kremlin's TV system and seem to have hundreds of surveillance cameras under control. In addition, Microsoft has taken over seven domains that were misused by the Russian APT28 hacker group (Strontium, Fancy Bear) for attacks against facilities in Ukraine.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Microsoft has updated the Chromium Edge browser to version Edge 100.0.1185.36 as of April 7, 2022. This is a maintenance update, for which Microsoft has published little on the release notes page. Microsoft doesn't list any details on that page either – the link to the fixed vulnerabilities is broken. Only in an email I received the information that the vulnerability CVE-2022-1232 has been fixed. The browser should be updated automatically, but can also be downloaded here.
[German]Just yesterday, in the blog post VMware patches Spring4Shell RCE vulnerability CVE-2022-22965, I warned about a vulnerability in certain VMware products. Now the manufacturer has followed up and warns about critical vulnerabilities in various VMware products. This affects Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation and VMware Cloud Foundation products. Security updates to close the vulnerabilities are available.
[German]Some of the proud owners of a Samsung Galaxy S22 smartphone are facing a problem. The speakers of Samsung's flagship keep emitting unintelligible sounds, and people have to switch to a headset or earphones to understand audio output. The problem sometimes occurs after flights. The problem is bizarre, as "put the smartphone in the fridge for a few hours" or "open the SIM slot for a moment" are traded as workarounds. It seems that the problem of the speakers is caused by a lack of pressure compensation in the casing.
[German]Security researchers from Symantec have tracked down a malware campaign (Cicada) that has been running for years. A Chinese state-affiliated hacker group is abusing legitimate applications such as VLC Player to inject malware into systems via DLL side-loading. The goal is to spy on the systems of victims working in government, legal, religious, and non-governmental (NGO) sectors on at least three continents.
[German]Atlassian's Jira platform, popular with many companies, has been down for what seems like hours. This is causing trouble for all customers who need access to the Atlassian Jira Bug System. There, information about security problems and other sensitive details are collected and processed. Currently, only a short peak was reported on allestoerungen.de as of today, April 7, 2022, since 8:23 am. However, if I catch it, the Jira servers have been down for over 24 hours.
-
MVP:
2013 – 2016
WIMVP:
2017 – 2020
