Tag Archives: Security

SSH snake steals SSH keys

[German]Warning about the Snake worm, which is designed to steal SSH keys. The SSH-Snake malware was discovered by the Sysdig Threat Research Team (TRT). The self-modifying worm uses SSH credentials discovered on a compromised system to spread throughout the network. … Continue reading

Posted in Security, Software | Tagged | Leave a comment

Advertising

LockBit ransomware group back? And new findings

[German]Recently, international law enforcement agencies have announced the dismantling of the LockBit ransomware group's infrastructure. However, this appears to have been only a brief success – the LockBit ransomware group has set up new servers and appears to be back … Continue reading

Posted in Security | Tagged | Leave a comment

How to find weak passwords in Active Directory and eliminate them with PowerShell

[Sponsored Post]Weak or compromised passwords are a known gateway for attackers. If you are able to identify which users in Active Directory (AD) are threatened by this, then PowerShell can help to remedy it. However, PowerShell scripts cannot eliminate basic AD deficits, other tools are needed for this. More ...

Mailboxes are currently flooded by password reset, newsletter or account confirmation mails – it's an attack

[German]A German blog reader contacted me this week and reported a worrying observation made by one of his customers. The customer is receiving a flood of requests to reset his passwords, to confirm a newsletter or a now user account. … Continue reading

Posted in Security | Tagged | Leave a comment

Advertising

Attacks on OpenVPN servers (Synology and others) since Feb. 2024

[German]It seems that products, that using OpenVPN servers, are now under (Brute Force) attacks. A blog reader contacted me by email the other day because he had observed strange behavior. His logs showed access attempts from the same IP addresses … Continue reading

Posted in devices, Security | Tagged , , | Leave a comment

Vulnerabilities in HP Laser printers (Feb. 2024)

[German]Printer manufacturer Hewlett Packard has published security messages warning of vulnerabilities in various HP Laserjet printers. These vulnerabilities can be used to inject code. The manufacturer has provided firmware updates to close the vulnerabilities in its devices. Thanks to the … Continue reading

Posted in devices, Security | Tagged , | Leave a comment

Advertising

VMware Warning: Uninstall Enhanced Authentication Plug-in (EAP)

[German]Virtualisation vendor VMware has just issued a security warning. It concerns the Enhanced Authentication Plug-in (EAP), which should be uninstalled as a matter of urgency. Critical vulnerabilities have been found in the Enhanced Authentication Plug-in (EAP). We do not know … Continue reading

Posted in Security, Software, Virtualization | Tagged , , | Leave a comment

Critical vulnerability in ConnectWise remote software Screenconnect (Feb. 2024)

[German]Does anyone use Screenconnect from the provider ConnectWise? A critical vulnerability (CVSS 3.1 10.0) has been discovered in the remote desktop software, which should be closed immediately. An initial exploit for this vulnerability is already available. Here is a quick … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Ivanti Endpoint Manager vulnerability CVE-2021-44529: Code injection or backdoor?

[German]New scandal surrounding Ivanti Endpoint Manager. In 2021, Ivanti closed a security vulnerability CVE-2021-44529 in the product known as "code injection". There were rumors that it was a backdoor in an open source project. A security researcher then took another … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Advertising

Progress Kemp LoadMaster (Load-Balancer) vulnerabilityCVE-2024-1212

On February 8, 2024, administrators using the Progress Kemp LoadMaster load balancer were advised to update its firmware. The information on the vulnerability CVE-2024-1212 in the Progress Kemp LoadMaster firmware was not released until February 21, 2024. I have updated … Continue reading

Posted in Security, Software | Tagged , | Comments Off on Progress Kemp LoadMaster (Load-Balancer) vulnerabilityCVE-2024-1212

Using Ubiquiti Router with standard passwords? Reset your device after a spy network was unfold

[German]International law enforcement agencies (FBI, BKA etc.) have broken up a suspected Russian espionage network that was infecting routers from the manufacturer Ubiquiti. The spy network has been shut down last week. However, users of Ubiquiti routers should now reset … Continue reading

Posted in devices, Security | Tagged , | Leave a comment