[German]An analysis of the supply chain attack on the Orion product line of the US security vendor SolarWinds suggests that the attackers had access to the source code base. For months, they prepared the insertion of the Trojan, which acted as a backdoor, and injected it into the source code.
[German]Another topic I like to cover. With the update KB4586853 for Windows 10 2004 and 20H2, Microsoft also addressed the bug that caused bluescreens on Thunderbolt NVMe SSD units. The upgrade block has therefore been lifted as of December 11, 2020.
[German]Microsoft has published an overview of revisions of various CVEs as of December 15, 2020. I received the whole thing by mail last night, and I'm posting it here for your information.
[German]The knowledge about the cyber attack against US authorities and companies via the SUNBURST backdoor is growing. The U.S. State Department and other government agencies may have been hacked as well. Meanwhile, Microsoft and other industry partners have seized the domain with the C&C server and hope to be able to track down infected systems.
[German]Mozilla's developer have released version 84.0.0 and 78.6.0 ESR of the Firefox browser as of December 15, 2020. These are new development branches for the browser. Here is an overview of the new features.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The developers of the Thunderbird email client have released Thunderbird 78.6.0 on December 15, 2020. This is a maintenance update for the 78 main version of the email client, which fixes bugs and closes security holes.
[German]Was sloppiness or at least a lax security culture at the US software manufacturer SolarWinds possibly responsible for their compromised updates of the Orion products, that has been shipped for months with the SUNBURST Trojan? This Trojan has been used to hack numerous US government agencies and the security vendor FireEye in recent months. Here is a look into a security abyss …
Microsoft has released Windows 10 Insider Preview build 20279 for Windows Insiders in the Developer Channel as of December 14, 2020. This build is largely identical to build 20277, which was released on December 10, 2020. Microsoft wants to test upgrade options to other builds. Windows Insiders who upgraded to build 21277 (RS_PRERELEASE) will not be offered this build because they are on a newer build. The announcement was made on the Windows blog, where you can read about fixes and known issues, as well as other details.
[German]Windows 10 20H2 administrators using VMware ThinApp should beware. I have received feedback from users that after installing update KB4592438, VMware ThinApps no longer starts. Here's an overview, what I know so far.
Security Researchers from Website Planet found, that an UK Tax Relief Company Exposes Customers' Personal Information due to a misconfigured web server. Here are a few details about this Data Leak.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
