[German]In Windows 10 and Windows 11, there is an issue with certain builds when resetting the operating system. Even if the option to delete all files with was selected, these (user) files remain under certain scenarios – if OneDrive was used. I had recently addressed this in a blog post. Now Microsoft has confirmed this bug for various versions of Windows 10 as well as for Windows 11.
[German]Microsoft's fix for vulnerability CVE-2022-21920 may block NTLM authentication if Kerberos authentication is not successful. A German blog reader has notified me in January 2022 about issues with Advanced Group Policy Management (AGPM). After installing January 2022 security updates , there are problems to reach the AGPM server. Microsoft has now confirmed these issues and a workaround is possible.
[German]Another small addendum from this week. Users who install Windows 11 with a trick on hardware that does not support the minimum requirements suddenly get a corresponding notice as a watermark on the desktop. Seems to be a a/b test with insider, but there is an option to hide this watermark so far.
[German]Do you use the network monitoring system Zabbix? A few days ago two vulnerabilities CVE-2022-23131 and CVE-2022-23134 became public. And there is a Zabbix update to fix these vulnerabilities. Now CISA warns that the two vulnerabilities are already being actively exploited in attacks. I had a look, even in Germany a three-digit number of Zabbix servers is probably accessible via the Internet – at least that's what Shodan says.
[German]Microsoft has published a revision to the security advisory for Windows vulnerability CVE-2021-26414 as of February 24, 2022. The notification is informal only. CVE-2021-26414 is the Windows DCOM Server Security Feature Bypass vulnerability that was addressed via security update as of June 8, 2021. The update enabled RPC_C_AUTHN_LEVEL_PKT_INTEGRITY by default on DCOM clients. However, Microsoft is addressing the vulnerability in a staged process with three phases. Now Microsoft has revised the FAQ with the planned dates for phases 2 and 3.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Swedish vendor of (IP security cameras) Axis has become a victim of a cyber attack, as Axis Communications has finally confirmed. I had addressed a few days ago in the blog that their websites and services were down since February 21, 2022 and suspected a cyber attack. Here is a summary of what is now known. Addendum from 02/27/2022 with information from Axis Communications on what they have found out.
[German]For several days now, a new malware has been infecting network devices around the world and incorporating affected machines Cyclops Blink botnet. This botnet can steal confidential data and attack other networks. Meanwhile, this malware or botnet is attributed to the government hacking group Sandworm (Voodoo Bear). Here is some information about this malware.
[German]Administrators of Watchguard network firewalls (WatchGuard Fireware for Firebox) need to pay attention. A Cyclops Blink malware is capable of abusing a legitimate vendor firmware update mechanism in infected devices in such a way that it is persistent, meaning it survives reboots. The Cyclops Blink malware is used by the Sandworm group, attributed to the Russian military intelligence agency GRU, and is believed to have infected 1% of network firewall devices from network device manufacturer Watchguard worldwide.
[German]The armed conflict with which Russia is threatening Ukraine is also spreading to the Internet. After websites in Ukraine were already attacked in mid-February 2022, a massive attack on various government sites in Ukraine, banks, etc. has been taking place since February 23, 2022. In addition, a destructive malware (wiper) is circulating in Ukraine's computer systems. Here is a brief overview of what is known.
[German]Security researchers from threadfabric.com have come across a new Android banking Trojan in February 2022, which is distributed via the Google Play Store and targets the customers of 56 European banks. An infected cleaner app was downloaded more than 50,000 times from the Play Store.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
