Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Security
Check Point discovers WhatsApp vulnerability in image filter
[German]Another brief security information for the few remaining WhatsApp users. Security researchers from Check Point have discovered a vulnerability in the WhatsApp image filter function that hackers could exploit. In the meantime, however, this vulnerability has been fixed with an … Continue reading
Next Azure container vulnerability allowed data theft
[German]Microsoft issued a warning to its Azure customers about a security vulnerability that could have allowed hackers to access data. The punchline: It involved containers whose code had a known vulnerability that had not been patched. Microsoft has now updated … Continue reading
GhostScript 0-day vulnerability allows server compromise
[German]An unpatched vulnerability exists in GhostScript (up to v 9.50) that allows privilege escalation. Servers running the ImageMagick program are particularly at risk. These could be taken over by attackers. The vulnerability was discovered a year ago, but allegedly not … Continue reading
Attack via Office Documents on Microsoft MSHTML (ActiveX) RCE Vulnerability (CVE-2021-40444)
[German]Microsoft has issued a warning about the remote code execution vulnerability CVE-2021-40444 as of September 7, 2021. In campaigns, this vulnerability, which targets the MSHTML component of Internet Explorer, is exploited via compromised Office documents. Microsoft provides guidance on mitigating … Continue reading
Posted in browser, Office, Security, Windows
Tagged Internet Explorer, Office, Security, Windows
Leave a comment
Turn off Defender in Windows with symbolic links
[German]Symbolic links allow to disable Defender as antivirus protection under Windows without disabling features like Tamper Protection. The approach simply lets Defender run into the woods during scanning, because the virus scanner is redirected to other folders. I came across … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Bluetooth risks: Braktooth vulnerability and tracking via head phones
[German]Riskante Technik Bluetooth: So haben Sicherheitsforscher bei verschiedenen Bluetooth-Chip-Sets, die in Geräten wie Notebooks, Lautsprechern oder IoT-Geräten verwendet werden, gleich 16 verschiedene Sicherheitslücken entdeckt. Die Schwachstellen firmieren unter dem Namen Braktooth. Und in Oslo ist es gelungen, durch umherfahren mit … Continue reading
Cisco fixes critical authentication bypass vulnerability CVE-2021-34746
[German]A vulnerability (CVE-2021-34746) was recently found in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco's Enterprise NFV Infrastructure software. This is a solution designed to virtualize network services for easier management of virtual network functions (VNFs). The CVE-2021-34746 … Continue reading
HomeOffice and Smart-Home as a gateway for hacks into corporate networks
[German]In times of the coronavirus pandemic, more people are working in their home offices but accessing company computers remotely. On the other hand, more and more IoT devices are finding their place in the home environment as part of smart … Continue reading
FBI and CISA warns: Ransomware attacks on weekends and holidays
[German]The US security agency CISA and the FBI have issued a warning stating that ransomware gangs are now targeting weekends and holidays for their attack campaigns. This tends to thin out IT staff to monitor networks, and attacks are not … Continue reading
Juniper: RealTek vulnerabilities CVE-2021-35394 and CVE-2021-35395 are attacked in the wild
[German]Security researchers from Juniper Networks are sounding the alarm. Already since the first week of August 2021, model and routers from the manufacturer Arcadyan (installed in many OEM devices) have been attacked via vulnerability CVE-2021-20090. Now, attacks on vulnerability CVE-2021-35394 … Continue reading