Patch for Sonic Firewall vulnerability CVE-2022-22274 – not for all products

Sicherheit (Pexels, allgemeine Nutzung)[German]Another small addendum from the end of March 2022. There is a vulnerability (CVE-2022-22274) in SonicOS, the operating system for Sonic firewalls, which allows DoS attacks. The manufacturer has now also developed and released an update to close the vulnerability. However, it looks like this update is not offered for all products.

Continue reading

Posted in devices, Security | Tagged | Leave a comment

Microsoft finally offers update downloads via https

Update[German]After years, Microsoft decided to change something. As of April 1, 2022 (not an April Fool's joke), Microsoft seems to have finally adjusted its download offer for updates so that they are consistently offered via the https protocol instead of the unencrypted http protocol. This should avoid that browsers refuse to download an update via http. Here's a brief overview of this topic.

Continue reading

Posted in Update, Windows | Tagged , | Leave a comment

Only 3 months left until retirement of Internet Explorer

[German]In a post on 29 March 2022, Microsoft has pointed out that Internet Explorer on Windows will only run for three more months. Then support will ends and IE calls are be redirected to Microsoft Chromium Edge. However, this is only available for certain versions of Windows.

Continue reading

Posted in browser, Windows | Tagged | Leave a comment

Was there a cyber attack at American Express? Worldwide service outage on April 1, 2022

Sicherheit (Pexels, allgemeine Nutzung)[German]Here's a quick information about an information a reader has send me in a private Facebook message. American Express seems to be having service issues since April 1, 2022 – a 2FA login doesn't really work, transactions get stuck. And there's a suspicion that it's related to a cyber attack. It seems clear, at least, that there was a major, worldwide, technical outage on Friday that lasted until today.

Continue reading

Posted in issue, Security | Tagged , | Leave a comment

Lapsus$: Two UK teenagers charged in connection with hacking for this group

Paragraph[German]The London Police have now announced that two teenagers aged 16 and 17 from the UK will be charged with involvement in activities of the Lapsus$ hacking group. The identities of members of the hacking group had become known a few days ago. Seven youths were briefly detained but then released. Now two of the suspects are in custody.

Continue reading

Posted in General, Security | Tagged | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...


Microsoft Edge 100.0.1185.29 fixes vulnerabilities

Edge[German]Microsoft has updated the Chromium Edge browser to version Edge 100.0.1185.29 on 1 April 2022 (no April Fool's joke). This is a maintenance update that closes a number of vulnerabilities and initiates the 100 development branch.

Continue reading

Posted in browser, Security, Software, Update | Tagged , , | Leave a comment

Deep Panda: Targets VMware Horizon Server via Log4Shell

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researchers from Fortinet have come across a malware campaign that they attribute to the Chinese APT group Deep Panda. The malware uses the Log4Shell vulnerability in VMware Horizon servers to exploit. A backdoor and a new type of rootkit is installed on the infected machines. Here are some notes on the details of this threat.

Continue reading

Posted in Security | Tagged | Leave a comment

Microsoft renames Windows/Android Apps "Your Phone" etc.

Windows[German]Microsoft ships with Windows 10/11 an app for communication between Android and Windows. This allows the screen of certain Android devices to be displayed on a Windows 10 system and the smartphone to be accessed. In a new blog post, Microsoft has now announced a name change for these apps.

Continue reading

Posted in Android, Windows | Tagged , , | Leave a comment

Microsoft Security Update Revisions (March 31, 2022)

Windows[German]Microsoft has issued a Security Update Revisions on March 31, 2022, because CVE-2022-23295 (Raw Image Extension Remote Code Execution Vulnerability) has undergone a revision increment. The reason for Revision of the CVE from March 8, 2021 (which is quoted as important): Added platform designations to Security Updates table because the version of the raw extension is different for Windows 10 operating systems and Windows 11 operating systems. This is an informational change only.

Posted in Security | Tagged | Leave a comment

USA: Sanctions against Kaspersky could increase cyber risk from Russia

Sicherheit (Pexels, allgemeine Nutzung)[German]Interesting report from the Wall Street Journal regarding the Russian antivirus provider Kaspersky. The proposal from the White House to sanction Russian security vendor Kaspersky over the invasion of Ukraine is dividing the Biden administration. Some members of the staff fear that sanctioning Kaspersky Lab could increase the risk of a Russian cyber attack. The background is that Kaspersky products are still widely used.

Continue reading

Posted in Security | Tagged | Leave a comment