[German]Microsoft has published a security advisory on January 7, 2021, regarding another security update for the Edge browser. Microsoft had to close three vulnerabilities that were unpatched in Edge 86.0.664.57. Here is some brief information about it.
[German]Information for administrators in server environments. Communication with (web) servers should be performed with current TLS 1.2 or TLS 1.3 encryption. Fallback to older TLS 1.0/1.1 or SSL standards should be removed. The US National Security Agency (NSA) has issued recommendations on this.
[German]It is currently being investigated whether the SolarWinds hack could have been carried out via the TeamCity software of the Eastern European company JetBrains. In addition, it became known that the SOLARBURST hackers had access to e-mail accounts of the U.S. Department of Justice. And the Capitol's IT staff faces the problem of cyber security after a mob raided this building.
[English]Just a short information from a blog reader who is being re-offered a 2019 update for VMware as of January 5, 2021. I am interested in whether this is an isolated case or affects more users.
[German]ACROS Security has released a micropatch for a Local Privilege Escalation 0-day vulnerability in the SysInternals tool PsExec for its 0patch agent. PsExec is used by administrators to perform tasks with system privileges.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]FortiGuard Labhas released a security alert covering several vulnerabilities, ranging from SQL injection to buffer ofverflow bugs. The vulnerabilities are found in FortiWeb Web Application Firewalls and are of medium severity.
[German]Google has updated the Google Chrome browser for Windows, macOS and Linux to version 87.0.4280.141 as of January 6, 20201. This update fixes 16 vulnerabilities.
[German]Mozilla developers have released version 84.0.2 and 78.6.1 ESR of the Firefox browser on January 6, 2021. These are security updates for the browser. Here is an overview of the updates.
Small note for users of VMware vCenter before version 6.5u1. If you are using older versions, you should update to 6.5u1. This is because there is a vulnerability that allows files to be read without authentication.
In late December 2020, I had blogged about an undocumented user in Zyxel products (CVE-2020-29583), see my the blog post Undocumented User in Zyxel Products (CVE-2020-29583). The vendor has provided an update to remove this undocumented user that's a backdoor. Now I read that cyber criminals are actively scanning the Internet for vulnerable Zyxel products to exploit the backdoor.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
