Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Security
LogoFAIL: Critical vulnerabilities in the UEFI code
[German]There are several critical vulnerabilities in the UEFI code of the firmware of various BIOS/UEFI implementations that could be used to inject malware into a system. The whole thing was already announced by the Binarly REsearch Team on November 29, … Continue reading
Microsoft identifies Russian attacker exploiting CVE-2023-23397 in Outlook to access Exchange accounts
[German]CVE-2023-23397 is a vulnerability in Microsoft Outlook that could be exploited in conjunction with Microsoft Exchange servers, which was closed with security updates in March 2023. Microsoft has now identified an attacker based in Russia who is actively exploiting CVE-2023-23397 … Continue reading
Recordings from Nullcon Security Conference (Goa 2023)
In September 2023 there was the "Nullcon Security Conference" in Goa. I was invited this year, but unfortunately (as with so many other conferences) I was unable to attend (which is better from an environmental point of view). But the … Continue reading
20,000 unpatched Exchange servers accessible via the Internet (Dec. 2023)
[German]Looks like we're heading for the next cyberattack disaster. Network scans by security researchers have found around 20,000 Microsoft Exchange servers that are accessible via the internet and vulnerable to remote code attacks. The Exchange servers are located in Asia, … Continue reading
Zyxel warns of critical security vulnerabilities in NAS devices
[German]Does anyone operate a Zyxel NAS in their environment? The Taiwanese manufacturer has just warned of several vulnerabilities in the firmware of these devices. Three critical vulnerabilities allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
iOS, macOS, Safari: Emergency updates close vulnerabilities
[German]Apple released updates for iOS, macOS and Safai a few hours ago. These emergency updates are intended to close critical security vulnerabilities (CVE-2023-42916 & CVE-2023-42917) that are already under attack. These vulnerabilities can expose sensitive data while browsing. So it's … Continue reading
Security risks from web cams; Hikvision cameras and NVR with security risk
[German]Security cameras with vulnerabilities pose a risk to their owners. The same applies to webcams, which can often be taken over by attackers. Cameras and NVRs (Network Video Recorder) from the manufacturer Hikvision have vulnerabilities that can be exploited by … Continue reading
Edge 119.0.2151.97 / 118.0.2088.122 fixes CVE-2023-6345
[German]The vulnerability CVE-2023-6345 in Google's Chromium browser also affects the Microsoft Edge browser. Microsoft has released an update of the Edge (Chromium) browser in the extended and stable channel on November 29, 2023 to fix the already exploited vulnerability.
Google Chrome 118.0.5993.15 and 119.6045.199/.200
[German]Google has released updates of the Google Chrome browser in the Stable Channel for Mac, Linux and Windows to version 119.0.6045.199/.200 on November 28, 2023. Version 118.0.5993.15 was released in the Extended Stable Channel. The Android app of the Chrome … Continue reading
Fingerprint sensors and thus Windows Hello can be bypassed via vulnerabilities
[German]Microsoft is using Windows Hello in its operating system for password-free login. This is supposed to be more secure than a password, as it cannot be stolen. Security researchers were asked by Microsoft's Offensive Research and Security Engineering (MORSE) to … Continue reading