[German]The erotic mail order company Amorelie has just informed its customers about a data protection incident. Customer data from orders for seven years had been accessible to unauthorized third parties through a vulnerability frome March up to November 2021. There had allegedly been no misuse. Here is some information on the state of affairs.
[German]Within this blog post I will outline the risk, users are facing by trusting anti virus scanners. Security expert Stefan Kanthak outlined a case to me, that shows, that you can't trust most virus scanners. Sometimes the don't detect malicious software – but in many cases they are reporting false positives. Stefan Kanthak demonstrated this to me with his tool CPUID Enumerator and Decoder.
[German]Users of Dell systems are still at risk of having their Windows systems compromised via Dell drivers through kernel attacks. The problem was supposed to be fixed by updates as early as May 2021. However, security researchers from Rapid7 are now sounding the alarm that these security updates have not closed all vulnerabilities. However, security researchers from Rapid7 are now sounding the alarm that these security updates have not closed all vulnerabilities. True, administrator privileges are required to install the drivers. But it looks like this approach is being used by cyber gangs for attacks. However, there are countermeasures in the business environment.
Is this really good news? A major takeover in the healthcare sector, or rather in the area of software for healthcare, may be on the horizon. According to reports, the US company Oracle is negotiating the takeover of Cerner. This is a company that also develops software for digitalization in healthcare in Germany. The takeover is said to be worth $30 billion.
[German]Security vendor Trend Micro has published a report highlighting how threat actor TeamTNT is going about compromising Docker Hub accounts. This is a follow up article, after they wrote about compromised Docker hub account abused for crypto mining. If anyone is running Docker, you might want to take a look.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Microsoft released some Security Update revisions to vulnerabilities on December 14 and 16. I am simply posting the relevant information as an uncommented addendum on the blog for your information.
[German]The log4j vulnerability CVE-2021-44228 keeps sending shockwaves through the IT scene. Latest reports say that a majority of companies have not patched the vulnerability in their software. In addition, a new DoS vulnerability has been found in the library, for which there is no patch yet. Meanwhile, attacks continue to run to new highs. Here's an overview to close out the week.
[German]Microsoft has updated the Edge browser to version 96.0.1054.62 as of December 17, 2021. The release notes only say Fixed various bugs and performance issues. The browser should update automatically, but can also be downloaded here.
[German]Audio gigant Sennheiser was victim of a data protection incident. Sennheiser (audio technology left an old cloud account unprotected on the Internet so that third parties could access customer data. Security researcher found the open Amazon AWS S3-Bitbucket and informed the vender who then secured the data base immediately.
[German]In May 2021, there was a ransomware attack on Ireland's Health Service Executive (HSE). PricewaterhouseCoopers recently provided an analysis of what went wrong. Below I briefly compiled the findings of the investigation from that case.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
