[German]The consequences of the vulnerability discovered in the JAVA library log4j at the end of 2021 are slowly becoming visible. The UK National Health Service (NHS) IT specialists observe that an unknown threat group is targeting VMWare Horizon servers with the log4Shell vulnerability in order to install web shells for future attacks.
[German]In early January 2022, Microsoft Exchange gave administrators a scare because of a Year 2022 bug. But SonicWall also has a Year 2022 problem with its email security appliance, as I mentioned here on the blog. On Jan. 1, 2022, certain features in products there went on strike. Now the vendor has acknowledged in an announcement that this bug is affecting its email security products.
[German]Security researchers have discovered a remote code execution (RCE) vulnerability in the H2 database console that is reminiscent of the recently discovered JAVA vulnerability log4j. Meanwhile, the developers of the H2 database console have released a security update that closes this vulnerability.
[German]The security update KB5008212 distributed on December 14, 2021 for Windows 10 version 2004 to 21H2 has an unpleasant collateral damage. Anyone who has installed the update may find that Outlook Search no longer works afterwards. Microsoft has now acknowledged this problem. Here are some hints on the topic.
[German]Microsoft has updated to January 6, 2022 and the browser to version 97.0.1072.55. This is a new development branch, which brings some innovations, but also closes security holes. Here is a brief overview of what changes with the update.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The Swiss Armed Forces has banned its military personnel from using messengers like WhatsApp while on duty. Instead, all army personnel are to use the Swiss messaging app for official business. The decision was made for security reasons in order to comply with data protection. The costs will be borne by the army.
[German]The security and antivirus solution Norton 360 installing a crypto miner on the user's Windows system. Although this can be controlled by the user, it is (in a time we are facing climate change) still questionable. I have become aware of this case on Twitter a couple of day ago. Symantec have had documented it within a FAQ published in the Norton community.
WordPress version 5.8.3 has been released on January 6, 2022. This new version fixes 4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix a few security issues. Details may be read here.
[German]The security updates that Microsoft rolled out for Microsoft Office in December 2021 cause problems with Microsoft Access. Only one user can still access the databases. Microsoft did release fixes for the affected Office versions at the end of December 2021. However, there are users for whom these fix updates do not help. I briefly document here what is known about this and then try to report it to Microsoft.
[German]The ZLoader banking Trojan is on the rise again. A new ZLoader malware abuses Microsoft's digital signature verification to spread. The goal is to steal user data from thousands of victims from 111 countries. Security experts from Check Point suspect that the MalSmoke group is behind it. Evidence of a new campaign was discovered in November 2021.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
