Microsoft warns against Active Directory domain takeover due to unpatched vulnerabilities

Posted on 2021-12-22 by guenni

Windows[German]Microsoft warned of a new threat in a Techcommunity post on December 20, 2021. In November 2021 patchday, vulnerabilities CVE-2021-42287 and CVE-2021-42278 were fixed by Windows updates. Since December 2021, a proof of concept (PoC) has been available that abuses these vulnerabilities to take over an Active Directory domain. Here's some information – and at the same time I can help cover a topic that has been awaiting publication here for a few days.

Continue reading

Posted in Security, Update, Windows | Tagged , | Leave a comment

Dell BIOS update causes (boot) issues with notebooks and desktop systems (12.2021)

Posted on 2021-12-22 by guenni

Stop - Pixabay[German]Any of you with more recent Dell notebooks or desktop systems? Then you might want to be a little cautious with recent BIOS (UEFI) updates and read this post beforehand. There is evidence that a BIOS update from Dell can prevent notebooks or desktop systems from booting. Affected are Dell Latitude notebooks (5320 and 5520), as well as the Dell Inspiron 5680 and the Alienware Aurora R8 desktops. Here is a rough overview of what is known.

Continue reading

Posted in devices, issue, Update | Tagged , , , , , | 1 Comment

Backdoor CVE-2021-40859 in Auerswald PBX systems (e.g. COMpact 5500R 7.8A & 8.0B) fixed

Posted on 2021-12-21 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Auerswald s a German manufacturer of telephone systems for corporate use. Security researchers have discovered backdoors in the firmware of Auerswald telephone systems (e.g. COMpact 5500R) that could be used to reset the administrator password. This was disclosed on 20.12.2021. Here is some information about it. The backdoor has been removed in firmware versions 7.8A & 8.0B.

Continue reading

Posted in devices | Tagged , | 1 Comment

Ransomware attacks on CompuGroup Medical SE & Co. KGaA

Posted on 2021-12-21 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]CompuGroup Medical SE & Co. KGaA, a major medical services provider, has been the victim of a cyberattack. The Koblenz-based medical services provider admitted as much on Monday, Dec. 20, 2021. The internal IT systems are likely affected, which should affect some doctors, pharmacies, labs and clinics if they want to contact the company. Here is some information on what is known.

Continue reading

Posted in Security | Tagged | Leave a comment

Vulnerabilities CVE-2021-3922, CVE-2021-3969 in ImController of Lenovo Notebooks

Posted on 2021-12-21 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Lenovo notebooks and devices that use the ImController service are vulnerable to a privilege escation vulnerability. This can allow attackers to execute commands with administrator privileges on the devices. However, there is an update to address both vulnerabilities.

Continue reading

Posted in devices, Security | Tagged , | Leave a comment

Why ISL Online: Critical factors when choosing a remote desktop solution

[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...

Belgian Ministry of Defense affected by Log4j?

Posted on 2021-12-21 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The vulnerability CVE-2021-44228 in the JAVA library log4j is drawing wider circles. The Belgian Ministry of Defense may have shut down its networks after a serious cyberattack, admitting as much in the night from Sunday to Monday. Reports suggests that it was related to the log4j vulnerability CVE-2021-44228. Continue reading

Posted in Security | Tagged | Leave a comment

Thunderbird 91.4.1

Posted on 2021-12-20 by guenni

[German]The developers of the Thunderbird email client have released Thunderbird 91.4.1 on December 17, 2021. This is a maintenance update for the 91 development branch, which makes numerous fixes. Here is a brief overview.

Continue reading

Posted in Software, Update | Tagged , | Leave a comment

Firefox 95.0.2 released

Posted on 2021-12-20 by guenni

Mozilla[German]On December 19, 2021, Mozilla developers released version 95.0.2 as a maintenance update of the Firefox browser to correct a bug with AMD CPUs. According to the release notes, there is only one bug fix: Fixes frequent crashes for users with C/E/Z-Series AMD "Bobcat" CPUs on Windows 7, 8 and 8.1. The new Firefox can be updated via update in the browser or downloaded from this website for various platforms (the variant has to be selected via the displayed list boxes).

Posted in browser, Software, Update, Windows | Tagged , | Leave a comment

Data protection incident at erotic store Amorelie (Dec. 2021)

Posted on 2021-12-20 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]The erotic mail order company Amorelie has just informed its customers about a data protection incident. Customer data from orders for seven years had been accessible to unauthorized third parties through a vulnerability frome March up to November 2021. There had allegedly been no misuse. Here is some information on the state of affairs.

Continue reading

Posted in Security | Tagged | Leave a comment

CPUID Enumerator and Decoder: Virus-free, but flagged by Virustotal

Posted on 2021-12-20 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Within this blog post I will outline the risk, users are facing by trusting anti virus scanners. Security expert Stefan Kanthak outlined a case to me, that shows, that you can't trust most virus scanners. Sometimes the don't detect malicious software – but in many cases they are reporting false positives. Stefan Kanthak demonstrated this to me with his tool CPUID Enumerator and Decoder.

Continue reading

Posted in Security | Tagged | Leave a comment