[German]Suspected state hackers have succeeded in tampering with SolarWinds' widely deployed networking and security products worldwide. Through a supply chain attack, a Trojan or the SunBurst backdoor was rolled out with a software update.
[German]According to a report, the U.S. Treasury Department and another U.S. agency responsible for Internet and telecommunications have fallen victim to a sophisticated cyber attack. Suspected government hackers were able to pull documents. Addendum: It seems, that a backdoor in Solarwinds' products was the vulnerability used for the hacks.
[German]Users of iPhones running iOS 14 are complaining that they are not getting notifications for incoming SMS text or iMessages messages. This appears to be a bug in iOS 14 that can also affect notifications from other apps.
[German]Security experts from IoT-Inspector have tracked down a total of 7,339 dangerous vulnerabilities in popular gifts such as connected children's toys, smart speakers or hobby drones. In terms of security, that's likely to be the collective horror under the Christmas tree. Products from well-known manufacturers are also represented.
[German]Microsoft's Windows 10 version 1903, released in spring 2019, has now reached the end of support. Systems still running this Windows 10 version will now be migrated to newer Windows 10 versions in unmanaged environments.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]The Microsoft 365 security team points out a malware campaign called Adrozek. The malware targets popular browsers such as Google Chrome, Microsoft Edge, Firefox, etc. and tries to manipulate the browser in such a way that advertisements are played during a search. Through this approach, those behind it try to generate revenue. Europe seems to be particularly affected.
[German]The gaming platform Steam have had serious vulnerabilities. Security researchers from Check Point have discovered that attackers can exploit the bugs found to repeatedly crash a player's session. Taking over a victim's computer or infecting all other computers connected to a third-party server are probably also possible. Valve has issued a patch, but 3rd party games may be vulnerable.
[German]A security researcher from NetSPI, who discovered the Kerberos authentication vulnerability CVE-2020-17049, has now published the details as well as an exploit. Anyone running an affected environment on Windows Server should react and patch now at the latest.
[German]Note for people running Sophos firewalls or similar with Cyberoam OS. Sophos has deployed a hotfix for its Cyberoam firewalls and routers to address an SQL injection vulnerability.
[German]Microsoft has published some notes about security updates and revisions on December 8 and again on December 10, 2020. I am posting them here on the blog without comment.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
