[German]I had already seen it briefly on Twitter yesterday, the provider of software solutions "from the cloud" (accounting, workforce scheduling, time tracking, etc.), the company Kronos, has become a victim of a ransomware attack over the weekend (Dec. 11, 2021). UKG solutions using the "Kronos Private Cloud" have been unavailable since Dec. 11, 2021, due to this ransomware attack.
[German]Google has released an update to Google Chrome 96.0.4664.110 for Windows, Mac and Linux (and version 96.0.4664.104 for Android) as of December 13, 2021. It is a security update that closes a critical and exploited vulnerability. Here's a quick overview.
Apple has released the update to iOS 15.2 for compatible iPhones (from iPhone 6s) and iPads (from iPad Pro, iPad Air 2, iPad 5th Gen., iPad mini 4) on Dec. 13, 2021. Via the Apple page HT201222, one can access a list of fixes. But there is a caveat: The controversial nude photo filter for iMessage is now on board. Currently it can only be activated for iMessages. But what is much more serious is that it is now part of the system.
[German]The critical vulnerability CVE-2021-44228 in the JAVA library log4j, which became known a few days ago, threatens millions of software products. For many server products, users can do little. However, I would like to recommend a closer look to administrators of VMware products, because the manufacturer indicates some virtualization products as affected by the vulnerability.
[German]Users who use the Minecraft game, which belongs to Microsoft, urgently need to update its client, which is written in JAVA. The background is that the log4j vulnerability CVE-2021-44228 also makes Minecraft servers vulnerable via Minecraft clients. The developer of Minecraft, Mojang, already announced this in a blog post over the weekend.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Security researchers from Fortinet warned as early as December 6, 2021 that the Mirai-based botnet Moobot attacks vulnerabilities in the web servers of Hikvision camera systems. All it takes is sending a crafted instruction to the web server to inject commands and compromise the whole thing. The systems are then abused by the botnet for DDoS attacks.
[German]In Windows 11, there was a performance issue with certain NVMe SSDs. With certain random write operations, the throughput performance dropped up to 45% compared to Windows 10. The whole thing was discussed in forums on the Internet. After I picked up the whole thing on the blog, it also led to "not comprehensible" type discussions in the comments. Now, however, Microsoft seems to have addressed and fixed exactly this problem with one of the latest Windows 11 updates.
[German]CyberNews security researchers discovered a Desktop Services Store (DS_STORE) file left on a publicly accessible web server that belongs to Microsoft Vancouver. By analyzing the file, the investigations team was able to learn about the files hosted on the Microsoft Vancouver server, as well as several database dump files stored on the server. This flaw has been corrected, after CyberNews security researchers informed Microsoft.
[German]If you want to continue to have security updates for Windows 7 SP1, Windows Server 2008 and Windows Server 2008 R2 in 2022, you need the ESU package for the third year. Microsoft is now releasing the relevant keys for ESU 2022. A distributor, who already provided these ESU keys for the first and second year, provided me with the relevant information at the end of the week.
Alexa.com is a website of Alexa Inc – a subsidiary of Amazon, which has been providing website ranking for 25 years and is used to compare websites. Now the provider has announced that the Alexa.com site will be discontinued on May 1, 2022. No new subscriptions have been available since December 8, 2021. In addition to the announcement of the provider, the colleagues from Bleeping Computer have written something about it here.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
