[German]Security vendor Sophos published information about a new attack scenario in a series of tweets just before Christmas. Attackers are currently testing a new attack vector via RAR attachments with Word documents and scripts in mails. However, this involves distributing payloads hidden in RAR files with an Office document, which then use PowerShell to attack via script. I present this briefly here in the blog.
[German]It looks like the big wave of hacks via the log4j vulnerability failed to materialize over Christmas. But there are cases, like at the Belgian Ministry of Defense, which were attacked via log4j. However, the attacks will possibly follow in January 2022. Microsoft has created a status indicator for Defender 365 that lists vulnerable devices on a network. Here is a brief overview of the information as of Dec. 28, 2021.
[German]The year 2021 was characterized by many uncertainties and the return of the coronavirus infection wave. At the latest since the outbreak of the pandemic, terms such as Next Normal and digital user experience have entered the vocabulary of many people. In addition, as a result of changing social and economic conditions, many online services and digital platforms have experienced a huge increase in user numbers. But what happens when the Internet connection is interrupted and everything is forced offline? After all, we've had outages of Facebook, Amazon Web Services (AWS), etc.
[German]Owners of QNAP NAS drives that are accessible via the Internet were attacked by the eCh0raix ransomware in a new campaign around Christmas. There are only a few people affected, but this malware, also known as QNAPCrypt, encrypts the devices and extorts a ransom. The ransomware is not new either, as I had warned about attacks in June 2020 (see QNAP Security Advisory about eCh0raix Ransomware).
Besitzer von QNAP-NAS-Laufwerken, die per Internet erreichbar sind, wurden rund um Weihnachten in einer neuen Kampagne von der eCh0raix-Ransomware angegriffen. Es sind zwar nur wenige Betroffene, aber diese auch als QNAPCrypt bekannte Schadsoftware verschlüsselt die Geräte und erpresst Lösegeld. Neu ist die Ransomware auch nicht, hatte ich doch im Juni 2020 vor Angriffen gewarnt (siehe QNAP Sicherheitswarnung vor eCh0raix-Ransomware).
[German]Users of social media platforms such as Facebook, LinkedIn, TikTok, Instagram, etc. are the focus of hackers and Internet criminals. Anyone who can compromise such an account has a wide range of options for misuse. Whoever can access the data of a social media account often gets hold of very personal data. Security provider Check Point Technologies GmbH points out that social media users are the focus of hackers, especially during the festive season.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Brief information for the lovers of VB6 (Visual Basic 6). It looks like Microsoft will continue support for VB6 in Windows 11 and Windows Server 2022. This was announced by Microsoft in November 2021 – a blog reader recently asked me about it. This should allow VB6 applications to run on Windows for another 10 years.
[German]Since the release of Windows 11, users have been complaining about problems with color management and that the use of ICC color profiles does not work. Now Microsoft has officially confirmed the problem and is investigating the whole thing. Here is a brief overview of this issue.
[German]The manufacturer QNAP has released a firmware update for its QTS 5 shortly before Christmas. The update closes some vulnerabilities. A log4j vulnerability in QNAP software was also reported. Furthermore, the user community of QNAP NAS drives is currently probably suffering from cyber attacks.
[German]Did you also get such an Alexa part from Amazon as a Christmas present? I avoid this stuff like the devil avoids holy water for data protection reasons – and I don't see the point yet. But devices with the Alexa voice assistant have been bought en masse every year since 2015. It's a popular gift when you can't think of anything else. Internal documents from Amazon show that 25 percent of users no longer use the device after a week.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
