[German]The vulnerability CVE-2021-40444 in the Windows MSHTML library has been known since September 7, 2021. Attackers try to attack Windows machines via this vulnerability using manipulated Office files. There are security updates from Microsoft, but not for older Windows versions. ACROS Security provides 0patch solutions to secure Windows against the MSHTML vulnerability (CVE-2021-40444).
[German]The GDPR plugin for WordPress from the provider legalweb.io has been hacked. WordPress installations that have used this plugin are considered compromised. Users are being redirected to malware sites. Here is a brief summary of what I am aware of so far, based on a reader's tip.
[German]In September 2021 updates for Windows 10 could cause issues: Some applications no longer started or could no longer access their data. The cause is a problem in the Microsoft Exploit Protection Export Address Filtering (EAF) function. Microsoft has confirmed that and rolled out the problematic fixes using the KIR featrue. I briefly summarize the issue again with some explanations.
[German]Today another short article on the Pegasus surveillance software from the Israeli NSO Group. After the discovery of this spy software on smartphones of politicians and activists in the summer of 2021, the Trojan was recently found on phones of French politicians as well. The days I have also received information that Softorina has released the Zeus app for Windows. This allows iPhones to be scanned for the Pegasus spyware.
[German]A brief article about Microsoft Exchange Server (On-Premises). The release of the Cumulative Update (CU) for Microsoft Exchange Server for September 2021 has been postponed to September 28, 2021. There are supposed to be some new features with the cumulative update. In addition, Microsoft has recently published a document on the update of Exchange Server on the Internet.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]IT security ist costly, which is often not understood by the management. If a security incident then occurs, the level of concern is high and repairing the damage costs considerable sums. Security provider Palo Alto Networks does the math and shows the true costs of cybersecurity incidents. I received the informationlast week, and I'm posting it on the blog.
Microsoft has just released Microsoft.Data.SqlClient version 3.0.1. The update fixes several issues that are important to users.
[German]Following the Chrome update (to version 94.0.4606.61), Microsoft has also updated the Edge browser to version 94.0.992.31 as of September 24, 2021 via Windows Update. The security update fixes the vulnerability CVE-2021-37973, which has already been fixed in Google Chrome. The release notes available on this page don't give too much information. MSPU has published some details here.
[German]Apple has integrated the "App Tracking Transparency" (ATT) feature since iOS 14.5. This is supposed to give users the choice regarding the transparency of tracking by third-party apps. The whole thing sounds like an important step in protecting user privacy. The loaded question that arises: How effective is this ATT measure on the bottom line. Someone took a look after 5 months.
[German]VMware has published information on a total of 19 vulnerabilities in the products VMware vCenter Server (vCenter Server) and VMware Cloud Foundation (Cloud Foundation) [VMW2021a] as of September 21, 2021. Some of these are critical vulnerabilities – specifically, the CVE-2021-22005 vulnerability was rated "critical" with a score of 9.8. VMware has released corresponding security updates.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
