[German]The Cyclops Blink botnet has been infecting network devices around the world for several weeks. The botnet is operated by the suspected Russian Sandworm APT. Manufacturer ASUS has issued a warning this week, which is directed at users of its routers. The Cyclops Blink botnet is probably attacking ASUS routers in order to insert them into the botnet. Here is some information about it.
[German]Microsoft has released the Microsoft Security Compliance Toolkit 1.0 in Nov. 2021. This week I was asked if the Windows Policy Analyzer – a utility for analyzing and comparing Group Policy Objects (GPOs) – which has been available since 2016, is now being phased out. The download of the package is no longer available. It looks like the tool is now part of the Microsoft Security Compliance Toolkit 1.0, so here are a few notes.
[German]Brief information for users of the Firefox browser in Windows, who also have the F-Secure antivirus solution in use. Since March 18, 2022, the browser has blocked the F-Secure Browser Protection add-on in versions up to 4.0.52, allegedly for violating Mozilla's add-on guidelines.
[Geman]A brief article about Microsoft's Outlook.com: There is a problem for users who want to collect mails from other email providers via Outlook.com. The feature in question has not been usable for some time now, with an error message stating that the settings cannot be loaded. And so far Microsoft does not seem to have addressed the problem.
Microsoft has released revisions to its security alerts and update descriptions as of March 17, 2022. Here is a summary of these revisions that I received by mail.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The Trickbot gang infects IoT devices and MikroTik routers with malware to make them part of a botnet. The infected routers can then communicate with the Trickbot Gang's C&C servers and spread further malware or be misused for attacks. Microsoft has now released details on how Trickbot infections work, while also providing a free Python tool for detecting MikroTik Trickbot infections.
[German]Microsoft has updated the Chromium Edge browser to version Edge 99.0.1150.46 as of March 17, 2022. This is a maintenance update that closes a number of vulnerabilities. Microsoft has sent an update information about this around via mail.
[German]A brief note for Windows Server 2022 administrators who are experiencing issues after installing the March 8, 2022 security update KB5011497. This update can cause serious issues with remote services, because certain roles are no longer available after installing this update. I have received now a tip for a solution by a blog reader.
Continue reading
[German]Poorly or unsecured remote access is a constant security problem and gateway for cyberattacks in many companies, government agencies and organizations. Now I have come across a case involving a regional health ministry in Russia. A hacker was able to remotely penetrate an unsecured computer at this organization.
[German]It looks like a classic false positive that Microsoft Defender pulled yesterday (Wednesday, March 16, 2022). If you suddenly had Microsoft Office updates quarantined as ransomware on your systems, you were affected by this case.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
