[German](US) mobile carrier T-Mobile is investigating whether there was a data leak or hack. This is because 100 million customer records, some of which reveal very detailed information, were offered in an underground forum, allegedly from this provider. The provider is investigating this possible data protection incident, but is keeping a low profile.
[German]Lenovo had disabled the GPU-supported H.264 encoding in Nvidia GeForce graphics units on its notebooks due to patent disputes. The suspected cause was a patent dispute with Nokia. Now, however, things are moving again. After a firmware update of the BIOS, functions for GPU-supported decoding and encoding of H.264 video material can be used on the affected notebooks again.
[German]Short addendum from this week. Microsoft has also released an update for the .NET Framework. The Security and Quality Rollup Update KB5004757 for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 is available for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2. The update can also be downloaded from the Microsoft Update Catalog and includes quality and reliability improvements.
[German]Microsoft only introduced its Windows 365, which runs Windows 10 on Azure, at the beginning of August 2021 and also released it for customers. There is also a test version that interested parties can take a look at. Now, security researchers have discovered that the credentials (username and password) for a Windows 365 instance can be read in plain text. A deadly story, as attackers could take over corresponding installations in this way.
[German]In my blog post Ransomware gang uses PrintNightmare to attack Windows servers, I had reported about the first case where the PrintNightmare vulnerability was used to attack Windows. Now Talos Security has already come across the second case, reporting that the Vice Society ransomware gang is also attacking systems using the Windows PrintNightmare vulnerability.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Small article at the end of the week, concerning the US vendor Kaseya. After the supply chain attack on Kaseya RMI software and encryption of numerous customer systems, a decryption key has surfaced in an underground forum. In addition, a blog reader alerted me to an update that closes various security holes in a Kaseya product.
[German]I'm bringing this up again before the weekend, even though the readership of this blog is probably well informed and keeps the Exchange servers up to date with the latest patches. It's Friday the 13th and we're about to hit the weekend. And it looks like the wave of attacks on Microsoft Exchange Servers via the ProxyShell vulnerability is rolling in now. All Exchange Servers still running on the March 2021 patch level and accessible via the Internet are vulnerable to these attacks and can be taken over.
[German]Microsoft has closed a number of vulnerabilities with updates on patchday (August 10, 2021). I have an overview that I am posting for the sake of completeness. In addition, Microsoft has distributed two security update revisions in the days in mails, which I also publish here. Maybe this is of interest for someone.
[German]Both Microsoft and the vendor Tenable have addressed the question of how to better protect corporate environments against cyberattacks and ransomware infections in blog posts. I have summarized the relevant information in the following post.
[German]It happened, there is the first case of a ransomware gang using the Windows PrintNightmare vulnerability to attack Windows servers. In July 2021, security vendor Crowdstrike was able to thwart a ransomware attack against a target in South Korea. During the evaluation, the security researchers found that the Magniber ransomware gang attempted to exploit the vulnerability (CVE-2021-34527)
MVP:
2013 – 2016
WIMVP:
2017 – 2020
