[German]Security researchers recently disclosed a new attack vector called PetitPotam. Using an NTLM relay attack, any Windows domain controller can be taken over by attackers. Now, ACROS Security has presented a free 0Patch solution for various Windows Server versions that prevents exploitation of the vulnerability.
[German]Security researchers from Check Point have found a dangerous vulnerability in the eBook reader Amazon Kindle. Attackers could have used malicious code to take over the linked Amazon account of the device owner or read out his data. In the meantime, Amazon has closed this vulnerability with an update.
[German]Microsoft has updated the Edge browser to version 92.0.902.67 as of August 5, 2021. The release notes state that security updates to the Chromium browser have been included. Microsoft emailed me the list of fixed vulnerabilities in Chromium.
[German]In the blog post PrintNightmare: Point-and-Print allows installation of arbitrary files I had reported about a new vulnerability in Windows. A remote print server, which can be reached by unauthorized persons, allows to install arbitrary malicious files on the clients via point-and-print. In the article I had also mentioned ways to mitigate it. Now ACROS Security has presented a free 0Patch solution for various Windows Server versions that prevents exploitation of the vulnerability.
[German]Brief information for administrators in enterprise environments who manage Windows Updates via Configuration Manager (ConfigMgr). On January 31, 2022, the first features will be deprecated. For example, Desktop Analytics for Windows 7, Windows 8.x and older Windows 10 versions will no longer be supported. Later in 2022, more features will be dropped Here's some information on what to look out for.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]Security researchers from Forescout and JFrog have just made public the vulnerabilities in the NicheStack TCP/IP library grouped under the term INFRA:HALT. They had come across it while analyzing the library. This NicheStack TCP/IP library is used in products (industrial controllers and IOT industrial devices) from more than 200 vendors. More than 6,400 vulnerable devices are currently accessible online.
[German]A short information tidbit about Microsoft's Cloud PC and issues during setting up Windows 365. The cloud service is only available since a few days (see Windows 365 released) and Microsoft has already had to suspend the provisioning of the free trial versions because the demand exceeded the available resources. But there are already first experiences that setting up Windows 365 at the Cloud PC ends with the error "failed provisioning".
[German]Does Copilot, the AI solution launched by Microsoft on GitHub for embedding code snippets (e.g., in Visual Studio code), violate fair use and the rights of code developers? The nonprofit Free Software Foundation has just raised some questions about the fairness, legitimacy and legality of the AI-driven coding assistant CoPilot.
[German]The Swiss-based ProtonMail e-mail service offers end-to-end encryption of mails before they are sent to ProtonMail's server. ProtonMail is operated by Proton Technologies AG, which is based in Plan-les-Ouates (Canton Geneva). Its servers are located in two locations in Switzerland, outside EU and US jurisdiction. As a result, ProtonMail is (supposedly) considered a "secure email service and haven of privacy."
[German]The NSA (National Security Agency) and CISAgov have published Kubernetes configurations and recommendations for securing Kubernetes environments against cyber attacks. Understanding the options for building and maintaining a secure Kubernetes cluster is key to protecting your data and resources.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
