[German]Microsoft has released a security advisory for the Edge browser as of September 9, 2021, updating the browser to version 93.0.961.44. The update also closed the CVE-2021-38669 vulnerability.
[German]NAS manufacturer QNAP has released security updates for devices that work with QTS, QuTS hero and QuTScloud on September 10, 2021. In addition, there are probably also security updates for routers with QuNetSwitch. The security updates are intended to close vulnerabilities that are already being exploited by attackers.
[German]Trend Micro has released patch 2342 for its Worry Free Business Security Advanced 10.0 for Windows 10, effective September 10, 2021. Here's some information about it. Trend Micro Worry-Free Business Security (TM WFBS) protects small businesses, users, and assets from data theft, identity theft, risky websites, and spam (Advanced variant only).
[German]Microsoft has released Windows 11 build 22454 for Windows Insiders as a preview in the Dev Channel on September 9, 2021 – just under a month before the general release on October 5, 2021. Now this build is also available for download as an ISO installation image for Windows Insiders.
[German]Another brief addendum to a topic that has been on my stack for a few days already. James Forshaw from Google Project Zero disclosed a vulnerability in Windows AppContainers as early as mid-August 2021, which allows communication via the firewall in the network. After Microsoft was informed about the vulnerability, it said that it would not provide a patch. Recently, however, Microsoft rowed back and announced a patch to Forshaw. James Forshaw from Project Zero has since made the vulnerability and the details of the security hole public.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that hackers are exploiting a critical vulnerability in Zoho's password management solution ManageEngine ADSelfService Plus. The vulnerability allows attackers to take control of the system. The vendor has provided a security update to close the vulnerability.
[German]Another short information for administrators of FortiGate installations, which has been dangling with me for a few days. Unknown persons have created a collection of 87,000 FortiGate SSL-VPN credentials, which they are now using specifically to attack corresponding installations. CERT-Bund has just issued a warning to this effect, administrators need to act.
[German]A few days ago, Microsoft disclosed a security advisory for the CVE-2021-40444 vulnerability in the MSHTML component included in Windows. It said there was an attempt to exploit the vulnerability in the wild via crafted Office documents. But Office users are actually protected from this threat by the protected view, they said. Now it is becoming known that this protection can be bypassed and does not work.
[German]Another brief security information for the few remaining WhatsApp users. Security researchers from Check Point have discovered a vulnerability in the WhatsApp image filter function that hackers could exploit. In the meantime, however, this vulnerability has been fixed with an update to the app.
[German]Microsoft issued a warning to its Azure customers about a security vulnerability that could have allowed hackers to access data. The punchline: It involved containers whose code had a known vulnerability that had not been patched. Microsoft has now updated the programs. This is now the second case within a few days where serious vulnerabilities in Azure containers became public.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
