[German]For several days now, a new malware has been infecting network devices around the world and incorporating affected machines Cyclops Blink botnet. This botnet can steal confidential data and attack other networks. Meanwhile, this malware or botnet is attributed to the government hacking group Sandworm (Voodoo Bear). Here is some information about this malware.
[German]Administrators of Watchguard network firewalls (WatchGuard Fireware for Firebox) need to pay attention. A Cyclops Blink malware is capable of abusing a legitimate vendor firmware update mechanism in infected devices in such a way that it is persistent, meaning it survives reboots. The Cyclops Blink malware is used by the Sandworm group, attributed to the Russian military intelligence agency GRU, and is believed to have infected 1% of network firewall devices from network device manufacturer Watchguard worldwide.
[German]The armed conflict with which Russia is threatening Ukraine is also spreading to the Internet. After websites in Ukraine were already attacked in mid-February 2022, a massive attack on various government sites in Ukraine, banks, etc. has been taking place since February 23, 2022. In addition, a destructive malware (wiper) is circulating in Ukraine's computer systems. Here is a brief overview of what is known.
[German]Security researchers from threadfabric.com have come across a new Android banking Trojan in February 2022, which is distributed via the Google Play Store and targets the customers of 56 European banks. An infected cleaner app was downloaded more than 50,000 times from the Play Store.
As of Feb. 22, 022, WordPress version 5.9.1 has been released. It is a maintenance update that is supposed to fix 82 bugs. In the release notes talks about 33 bug fixes in the WordPress core and 52 bugs in the blog editor. Here I have been able to update two blogs without any problems.
[German]Today, another short post for administrators who are using Microsoft Defender Application Control (WDAC) in a Windows 10 Enterprise environment or on Windows 11 Enterprise or Windows Server counterparts from 2016 to 2022 and are annoyed by unwanted restarts. These unwanted restarts are caused by a policy setting, as one MVP found out. I'll post the information here on the blog, maybe it will help.
[German]There is always a discussion about how quickly or how slowly vulnerabilities are patched by developers. Google's Project Zero has therefore taken a look at how quickly security vulnerabilities are closed in Linux or in products from Microsoft (Windows) and Apple (macOS). It is about vulnerabilities reported by Project Zero to the manufacturers/developers between 2019 and 2021. The result: Linux developers are patching by far the fastest.
[German]Brief note for people dealing with security cameras from vendor Axis. A German blog reader informed me, that the website of this vendor is currently down. There seems to be massive technical issues causing a major outage. Whether it is the result of a cyber attack, or just the technology, I can not currently answer. Means that customers (banks, supermarkets, etc.) can no longer access their security cameras remotely because the cloud is down. Here is some information. Addendum: It looks like a cyberattack – because after my inquiry on Twitter, there is a new reference to an "IT-related intrusion" on the status page – see addendum in the text. Addendum 1: It's was a cyberattack that has taken place.
[English]Microsoft offers the possibility to reset a system with Windows 10 or Windows 11 to factory settings locally or remotely (via Intune). There is also the option to remove the user files. This is desirable if a machine is perhaps to be passed on to another user. MVP Rudy Ooms has now discovered that resetting Windows including removing the user files does not work under Windows 10 and Windows 11 in version 21H2. Addendum: Note about OneDrive client als a root cause added. Addendum 2: The issue has been confirmed by Microsoft.
[German]The vendor zebNet has discovered a critical vulnerability in various products that allow a man-in-the-middle attack (MITM) in the update process of the affected application. The night I was then contacted by the manufacturer by mail and asked to publish the whole thing here in the blog. The background: Informing customers about the vulnerability is proving difficult.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
