[German]The Lapsus$ group has been causing a furore with spectacular hacks since the beginning of 2022. Nvidia, Samsung, Microsoft, Okta are names of companies that come up in this context as victims. Security researchers believe they have unmasked members of these groups. Mastermind is said to be a 16-year-old from Oxford, UK. But a teenager from Brazil is also suspected to be part of the gang.
[German]Anyone running a 3CX system (telephone system) under Windows in a version below v18 Update 3 (Build 450) should react. The manufacturer has released a security update for this product in the form of v18 Update 3 (Build 450).
SoftMaker has released an update in the form of revision 1044 for its Office 2021 (for Windows, Mac and Linux). The Windows MSI setup now allows the selection of a user-defined destination folder for programs again. In addition, a bug was fixed that on some systems (Mac, Linux) pages in landscape format were only printed as portrait format. With this revision, an unavailable printer no longer delays the programme start under Windows. And if you want to write in a protected text, you get a hint in the status bar. The revision is available on this download page. Thanks to Georg R. for the hint.
[German]HP warns in two security advisories about remote code execution (RCE) and information disclosure vulnerabilities in hundreds of its printer models. Attackers could exploit the vulnerability to inject malicious code into systems. However, the manufacturer has provided firmware updates to mitigate this vulnerabilites.
[German]Microsoft has released optional cumulative (preview) updates for 22 March 2022 (D-Week). These are intended to correct various bugs in Windows 10, Windows 11 and in the corresponding Windows Server versions. Below I provide an overview of these updates for Windows 10 and the relevant Windows Server versions.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Yesterday, two hacks of big players in the IT scene by the Lapsus$ gang became known. The group claimed a hack of the authentication service OKTA, possibly affecting customers. And Microsoft is investigating reports that 37 GB of data (source codes, certificates etc.) from Microsoft Bing, Bing Maps, Cortana etc. were published by the Lapsus$ group. Both companies have now released statements.
[Geman]Epson also has customers who has a Readyprint subscription. Then these customers get new ink cartridges when the existing cartridges run out of ink. Now there seems to be trouble because the payment service provider Epson uses can't actually process the customers' debits. Since Epson is missing payments, the manufacturer deactivates the printers via remote connection. The customer then can no longer print. The blame clearly lies with Epson and its payment service providers.
[German]The hacker collective Anonymous has made good on its threat to attack major companies that it believes have not withdrawn from Russia. Now the hacker collective claims to have leaked 10 Gbytes of data from food giant Nestle. Here is some information about it.
[German]Extremely unpleasant story if the whole thing turns out to be true. According to a report, the provider OKTA is investigating a possible hack. Okta is a provider of authentication services in the cloud, so a successful hack could have far-reaching consequences. According to reports, the Lapsus$ gang is claiming the hack.
[German]I'm posting this briefly here on the blog because people in the readership may be using Western Digital's EdgeRover desktop application on macOS or Windows. The vulnerability CVE-2022-22988 in older versions of the app allows attackers to gain elevated privileges under the operating systems mentioned. The manufacturer has provided an update to close the vulnerability.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
