[German]A security researcher has recently introduced a technique to make intercepting credentials via phishing even more efficient. He calls the technique BitB, short for "browser in the browser". A fake browser window is displayed within a real login page in order to fake an OAuth login page. This allows login data to be tapped without the user being aware of it.
[English]Another short addendum from this week on a topic that should hardly concern anyone. Microsoft has admitted that the "Backup and Restore" function known from Windows 7 for saving and restoring backups is now simply broken in Windows 10 and Windows 11. This has been the case since January 2022, when an update broke the function.
[German]The hacker group Anonymous has claimed responsibility for a hack of the Central Bank of Russia in which a lot of data was captured. The group has now published 28 GB of this data. A second hacker group calling itself "Network Battalion 65" claims a hack of Russia's state-run VGTRK media group, which operates many TV and radio stations in Russia.
[German]On 24 March 2022, Citrix released the Workspace App 2204. This enables audio redirection, has support for an improved Single Sign-On (SSO) for web and SaaS applications, as one can read in this Citrix document. But there is also a problem: an offline installation fails when the installer does not find the MicrosoftEdge WebView2 component.
[German]Microsoft has updated the Chromium Edge browser to version Edge 99.0.1150.55 as of 26 March 2022. This is a maintenance update that closes a number of vulnerabilities, including the highly rated and exploited vulnerability CVE-2022-1096. Microsoft has sent out an update information by email. The entry in the release notes says only that the Edge-specific vulnerability CVE-2022-1096 has been closed. Microsoft lists the release notes for Microsoft Edge and the new features on this page. There it also only says that the vulnerability CVE-2022-1096 has been closed. The browser should be updated automatically, but can also be downloaded here. Thanks to Stefan A. for the tip.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The European Union (EU) and the USA seem to have reached a preliminary agreement on the exchange of user data (Trans-Atlantic Data Privacy Framework) between these regions. The successor agreement is necessary because the European Court of Justice overturned two previous agreements. While the US IT giants are rejoicing, data protectionists are critical of the whole thing.
[German]Neue Entwicklung in Sachen Umgang mit dem aus Russland stammenden Sicherheitsunternehmen Kaspersky. Nachdem dessen Produkte bereits in US-Behörden nicht mehr eingesetzt werden durften, hat jetzt die US-Behörde FCC die Firma auf den Index gesetzt. Und bei der Plattform HackerOne ist Kaspersky aus dem Bug-Bounty-Programm verbannt worden. Alles Folgen des Einmarschs Russlands in die Ukraine und der damit verbundenen Sanktionen.
[German]Update KB5009616 – or successor updates – released in January 2022 can cause DNS issues on Windows Server 2019. Microsoft has admitted this in a support article. This problem can be corrected with a KIR function provided on 23 March 2022 via rollback. Here is a brief overview of the issue.
[German]A quick addendum – Microsoft has also released an optional cumulative (preview) update for Windows Server 2022 on 22 March 2022 (D-Week). No preview update was released for Windows 11. Below I provide an overview regarding these updates for Windows Server 2022.
[German]Google has released updates to Google Chrome 99.0.4844.84 for Windows and Mac on the desktop as of 25 March 2022. The new version a security vulnerability that is rated high. In addition, there Chrome 98.0.4758.141 in the Extended Stable Channel and the Android browser has been updated to version 99.0.4844.88. Here is a brief overview.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
