Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Security
VMware security updates (August 2021)
[German]VMware has released security updates to address vulnerabilities in several products. An attacker could exploit some of these vulnerabilities to take control of an affected system. VMware vRealize Operations, VMware Cloud Foundation and vRealize Suite Lifecycle Manager are affected. US-CERT … Continue reading
SteelSeries software enables admin rights (LPE) on Windows
[German]After the Razer case, the next clunker has now come to light. After it became known that standard users can become administrators with Razer mice via the driver installation, a security researcher took a closer look at the SteelSeries device … Continue reading
ProxyShell, ProxyLogon and Microsoft's contradictious Exchange doc for virus scan exceptions
[German]On August 20, 2021, Microsoft published recommendations on the subject of virus protection for on-premises Microsoft Exchange Servers. Recommendations are also given there regarding the exclusion of certain folders from virus scanning. On the other hand, we are experiencing waves … Continue reading
(eMail-) Encryption with StartTLS as a security risk
[German]The encryption method StartTLS, which can be used in network communication, especially for e-mails, has a number of vulnerabilities that make it possible to break open communication by stealing access data, for example. This was already proven by German security … Continue reading
38 million records exposed by Microsoft Power Apps
[German]I've been waiting for something like this to happen for a while now. Misconfigured Microsoft Power Apps exposed 38 million records of sensitive data. Forty-seven government agencies and companies are affected, as security researchers at UpGuard discovered in May 2021 … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Windows 10: Administrator privileges obtained via Razer mouse via LPE vulnerability
[German]Connecting a Razer mouse is enough to gain administrative privileges as a standard user. The background is that the driver installation is executed with SYSTEM rights and the user can then open an administrative prompt. He already has administrative access … Continue reading
Wave of attacks, almost 2,000 Exchange servers hacked via ProxyShell
[German]I have been waiting for this for a long time, but now the feared has happened. Since Friday, there has been a massive wave of attacks on unpatched Microsoft Exchange servers via the ProxyShell vulnerability. Huntres has already discovered over … Continue reading
Decryptor for Synack Ransomware Available
[German]Security vendor Emisoft has released a decryptor that enables the decryption of files encrypted by the Synack ransomware. This allows victims to recover their files without having to pay the demanded ransom from the cyber criminals. The decryptor is available … Continue reading
Microsoft shows a "slim foot" with PrintNightmare
[German]PrintNightmare is the name given to a series of vulnerabilities in the Windows Print Spooler service. Attackers can use these vulnerabilities to extend rights and possibly take over domain controllers. Microsoft reacts half-heartedly with patches and recommendations, which in practice … Continue reading
2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)
[German]ecurity researchers had recently disclosed a new attack vector called PetitPotam. By means of an NTLM relay attack, any Windows domain controller can be taken over by attackers. ACROS Security has now presented the second free 0Patch solution for different … Continue reading