[German]HP warns in two security advisories about remote code execution (RCE) and information disclosure vulnerabilities in hundreds of its printer models. Attackers could exploit the vulnerability to inject malicious code into systems. However, the manufacturer has provided firmware updates to mitigate this vulnerabilites.
[German]Microsoft has released optional cumulative (preview) updates for 22 March 2022 (D-Week). These are intended to correct various bugs in Windows 10, Windows 11 and in the corresponding Windows Server versions. Below I provide an overview of these updates for Windows 10 and the relevant Windows Server versions.
[German]Yesterday, two hacks of big players in the IT scene by the Lapsus$ gang became known. The group claimed a hack of the authentication service OKTA, possibly affecting customers. And Microsoft is investigating reports that 37 GB of data (source codes, certificates etc.) from Microsoft Bing, Bing Maps, Cortana etc. were published by the Lapsus$ group. Both companies have now released statements.
[Geman]Epson also has customers who has a Readyprint subscription. Then these customers get new ink cartridges when the existing cartridges run out of ink. Now there seems to be trouble because the payment service provider Epson uses can't actually process the customers' debits. Since Epson is missing payments, the manufacturer deactivates the printers via remote connection. The customer then can no longer print. The blame clearly lies with Epson and its payment service providers.
[German]The hacker collective Anonymous has made good on its threat to attack major companies that it believes have not withdrawn from Russia. Now the hacker collective claims to have leaked 10 Gbytes of data from food giant Nestle. Here is some information about it.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Extremely unpleasant story if the whole thing turns out to be true. According to a report, the provider OKTA is investigating a possible hack. Okta is a provider of authentication services in the cloud, so a successful hack could have far-reaching consequences. According to reports, the Lapsus$ gang is claiming the hack.
[German]I'm posting this briefly here on the blog because people in the readership may be using Western Digital's EdgeRover desktop application on macOS or Windows. The vulnerability CVE-2022-22988 in older versions of the app allows attackers to gain elevated privileges under the operating systems mentioned. The manufacturer has provided an update to close the vulnerability.
[German]Security researchers from Pradeo have discovered an Android app Craftsart Cartoon Photo Tools in the Google Play Store. It is infected with the well-known Facestealer Trojan and 100,000 people have downloaded the app onto their devices. The Trojan steals Facebook credentials in a fairly trivial way.
[German]The hacker group Lapsuss$ claims to have hacked the repositories with the source codes of the Microsoft products Azure, Bing, Bing Maps and Cortana and to have extracted source code. Hours ago, it was said that Microsoft was investigating whether the Azure source code repository had been hacked. Now the hacker group Lapsus$ has published the first evidence of this hack.
[German]The ACROS Security team around founder Mitja Kolsek has just developed a micro-patch to close a User Profile Service Privilege Escalation vulnerability (CVE-2021-34484) of Windows 10 and Windows Server 2019. It is the third micro-patch, as Microsoft security updates do not close the vulnerability. The micro-patch is available free of charge for all customers with the 0patch agent until Microsoft closes this vulnerability. Here is some information about it.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
