[German]Poorly or unsecured remote access is a constant security problem and gateway for cyberattacks in many companies, government agencies and organizations. Now I have come across a case involving a regional health ministry in Russia. A hacker was able to remotely penetrate an unsecured computer at this organization.
[German]It looks like a classic false positive that Microsoft Defender pulled yesterday (Wednesday, March 16, 2022). If you suddenly had Microsoft Office updates quarantined as ransomware on your systems, you were affected by this case.
[German]
Security researchers from AhnLab have come across a campaign in which attackers install a backdoor on poorly secured Microsoft SQL and MySQL servers. This is the remote access Trojan Gh0stCringe. It is suspected that the infection occurs via cracked admin access to the servers. Here is some brief information about it.
[German]The international sanctions against Russia are forced a withdrawal of US cloud providers, who are cancelling services for Russian customers. Now an IT crisis is looming in Russia, because the country is running out of storage for data. In an estimated two months, it will run out of cloud storage capacity – the Russian government is currently looking for alternatives.
[German]OpenSSL has released a security update to close a vulnerability in the library. The BN_mod_sqrt() function used to compute a modular square root contains an a flaw that could cause an infinite loop to be run for non-primary moduli. The vulnerability, if exploited, would lead to denial of service loops. This is according to this OpenSLL security alert. Internally, this feature is used when parsing certificates that contain elliptic curve keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by creating a certificate that contains invalid explicit curve parameters.The update is intended to fix the vulnerability. In addition to the notes in the security alert above, the colleagues at Bleeping Computer have published this post about it.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Google has released updates to Google Chrome 99.0.4844.74 for Windows and Mac on the desktop as of March 15, 2022. There is also Chrome 98.0.4758.132 in the Extended Channel and the Android browser has been updated to version 99.0.4844.73. Thanks to the reader for the tip. Here's a quick overview.
[German]The Irish Data Protection Authority (DPC) has just fined Meta (formerly Facebook) €17 million. This fine stems from several data protection breaches by Facebook in the past.
[German]Once again a topic, which I have to address again: Microsoft has started displaying ads for various of its own products in Windows Explorer. This affects Windows 11 users who are testing the current Windows Insider builds. That's what various US media are reporting, though it's probably some kind of A/B test, so not every Insider gets to see these ads.
[German]Since the release of Windows 11, there has been a compatibility problem with the virtualization software Virtualbox that prevented its use. Microsoft has now announced that this problem has been solved "externally". The developers, who now belong to Oracle, seem to have found the problem and corrected it. This means that Virtualbox can be used under Windows 11.
[German]Can antivirus products from the Russian based company Kaspersky be used in companies and government agencies without risk? After Russia's invasion of Ukraine, this question has becomehot. After hesitating for some time, the German Federal Office for Information Security (BSI) has now issued a recommendation. In short, the BSI recommends replacing applications from the Kaspersky anti-virus software portfolio with alternative products.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
