Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Security
LOLBin with WorkFolders.exe under Windows
[German]I do not know if it's widely known, but the legitimate Windows application WorkFolders.exe can be used to launch other .exe programs in the Windows System32 folder or the current folder. This allows malware to launch so-called LOLBin attacks, where … Continue reading
VMware vCenter vulnerability CVE-2023-34048 – many systems vulnerable
There is an out-of-bounds vulnerability CVE-2023-34048 in VMware vCenter that leaves systems vulnerable. A security researcher scanned the Internet for accessible and unpatched instances and found numerous systems. Administrators of VMware vCenter installations should ensure systems are patched.
ServiceNow silently fixes bug from 2015 that enabled data leaks
[German]The US company ServiceNow Inc. offers a cloud platform in whose software there has been a gaping bug since 2015 that allowed third parties to siphon off information without authentication. After a security researcher discovered the vulnerability, it was quietly … Continue reading
iLeakage: Unpatched Safari vulnerability – iOS 17.1 & macOS 14.1 released
[German]Apple has already released iOS 17.1 (also iPadOS) and macOS 14.1 on October 25, 2023. iOS 17.1 probably fixes an Exchange synchronization bug (described here in the blog), as a reader reports. In addition, a bug that reveals the MAC … Continue reading
Vulnerability CVE-2023-5363 in OpenSSL
[German]A vulnerability CVE-2023-5363 was found in the OpenSSL software. The initialization of the encryption key length and the initialization vector in OpenSLL is incorrect. However, a fix is already available for the Linux distributions Debian and Ubuntu.
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Piriform CCleaner victim of MOVEit transfer vulnerability
[German]The vulnerability in Progress Software's Managed File Transfer (MFT) solution MOVEit, which was disclosed in May 2023, has also affected CCleaner customers of the vendor Priform (bought by AVAST and owned by Gen Digital). Piriform has just admitted to a … Continue reading
Citrix Bleed: Vulnerability CVE-2023-4966 leaks session tokens in NetScaler ADC and Gateway, PoC available
[German]I would guess that Citrix users on unpatched instances are "under fire" once again, because more information is now available on the recently disclosed vulnerability CVE-2023-4966. Under the term "Citrix Bleed", security researchers have described how Citrix NetScaler ADC and … Continue reading
0patch Micropatches for Microsoft Office security feature bypass (CVE-2023-33150)
[German]ACROS Security released a micropatch on Oct. 24, 2203, to address a Microsoft Office Security Feature Bypass (CVE-2023-33150) vulnerability in Office versions 2010 and 2013, which are no longer in support.
Firefox 119 and 115.4 ESR released
[German]As of October 24, 2023, Mozilla developers have released the new Firefox 119 as well as the Firefox 115.4 ESR maintenance update. Firefox 119 is a new development branch. Here is a brief overview of the updates in question along … Continue reading
Okta support hack also affects 1Password account
[German]On October 21, yes, the hack of the Okta support platform had become known (see Okta support system hacked with stolen credentials). Two days later, on Oct. 23, 2023, 1Password issued a terse announcement that it had already detected suspicious … Continue reading