[German]The Windows 10 security updates released on July 13, 2021 for the regular patchday (see Patchday: Windows 10 Updates (July 13, 2021)) may cause printing issues in certain scenarios. Printing and scanning can fail if these devices use smart card authentication (PIV). Microsoft has since confirmed this bug and published a separate support post about it.
U.S. manufacturer Kaseya was the victim of a supply chain attack, and as a result, systems belonging to about 1,500 customers were encrypted with ransomware. Kaseya said this week that it has a universal decryptor to decrypt customer files. Affected parties may contact sales, it said. Now there are reports that Sales is not responding, and if contact is made, Kaseya is requiring victims to sign a confidentiality agreement before the data is decrypted. I've added the info in the post Kaseya received universal decryption tool after ransomware attack.
[German]Several vulnerabilities (CVE-2021-1600, CVE-2021-1601) exist in IPv4 and IPv6 forwarding in the Cisco Intersight Virtual Appliance. These vulnerabilities could allow an unauthenticated, adjacent attacker to access sensitive internal services through an external interface. However, Cisco has since provided security updates to address these vulnerabilities.
[German]Microsoft will change some design elements of the user interface in Windows 11. In addition to rounded window corners, the Start menu will also be seriously revised. Among other things, it is centered on the taskbar. Why they decided on something like this, and what other considerations there are, Microsoft has made public in a video.
[German]Yesterday, July 24, 2021, I had reported about a new attack vector called PetitPotam that can be used to take over Windows domain controllers by means of an NTLM relay attack (see my post PetitPotam attack allows Windows domain takeover). In the meantime, Microsoft has reacted and published a security advisory about this security issue. At the same time, Microsoft makes suggestions on how this vulnerability can be mitigated by administrators. Let me summarize the most important information.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The curiosity about Windows 11 tempts some users to install pre-release versions on their computers. This is not a problem, as there are corresponding installation images directly from Microsoft for Windows Insiders as regular updates for Windows 10 machines. However, some users get installers from obscure sources and catch malware in the process.
[German]LemonDuck and LemonCat is malware that both acts as a bot and mines crypto-money. LemonDuck can run on different platforms (Linux, Windows), threatening machines on corporate networks. According to Microsoft, this malware has been poorly documented so far, which is why they want to address and change that in two blog posts. I'll just include it as a Sunday reading topic.
[German]A report from security vendor Sophos indicates that cyber criminals are increasingly abusing the successful chat service Discord to host, spread and control malware. Most notably, the malware aims to grab data from Discord users. During the investigation period, it was noticeable that four percent of the total TLS-protected malware downloads occurred through the Discord service. The growing popularity of the gaming-focused text and voice chat platform has attracted the attention of malware operators.
[German]There is a new attack vector called PetitPotam. This enables a threat actor to launch an NTLM relay attack on domain controllers. Ultimately, this can be used to take over entire domains. Since many organizations run domain controllers with Microsoft Active Directory Certificate Services, a correspondingly large number of systems are likely to be at risk. Here is a short overview of what I know in the meantime.
[German]Microsoft has revised the security advisory for the HiveNightmare vulnerability in Windows 10 (from version 1809) this week. I also have an analysis of the vulnerability from Sophos. And security researcher Kevin Beaumont had posted a proof-of-concept including description on GitHub, but was then briefly banned from the GitHub site by ex-employer Microsoft. A brief overview of these issues.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
