Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Security
Citrix Bleed: Vulnerability CVE-2023-4966 leaks session tokens in NetScaler ADC and Gateway, PoC available
[German]I would guess that Citrix users on unpatched instances are "under fire" once again, because more information is now available on the recently disclosed vulnerability CVE-2023-4966. Under the term "Citrix Bleed", security researchers have described how Citrix NetScaler ADC and … Continue reading
0patch Micropatches for Microsoft Office security feature bypass (CVE-2023-33150)
[German]ACROS Security released a micropatch on Oct. 24, 2203, to address a Microsoft Office Security Feature Bypass (CVE-2023-33150) vulnerability in Office versions 2010 and 2013, which are no longer in support.
Firefox 119 and 115.4 ESR released
[German]As of October 24, 2023, Mozilla developers have released the new Firefox 119 as well as the Firefox 115.4 ESR maintenance update. Firefox 119 is a new development branch. Here is a brief overview of the updates in question along … Continue reading
Okta support hack also affects 1Password account
[German]On October 21, yes, the hack of the Okta support platform had become known (see Okta support system hacked with stolen credentials). Two days later, on Oct. 23, 2023, 1Password issued a terse announcement that it had already detected suspicious … Continue reading
Cisco: New 0-day vulnerability (CVE-2023-20273) in IOS XE; already being exploited
[German]US vendor Cisco has publicly disclosed another 0-day vulnerability (CVE-2023-20273) in IOS XE as of October 20, 2023. This vulnerability is already being exploited in the wild to compromise systems. The vendor plans to provide fixes for the CVE-2023-20198 and … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Customer data from genome analysis provider 23andMe leaked on the web
[German] Provider 23andMe (creates analyses of the human genome) has suffered a cyber incident in which millions of customer data were stolen. At first, the provider denied everything. A few days ago, one million records of Ashkenazi Jews were published … Continue reading
Quishing (QR code phishing), a growing problem
In addition to classic email phishing and SMS phishing on mobile devices, the misuse of QR codes, which are used to lure users to obscure sites, is also spreading. If QR codes come to the victim via e-mails, it is … Continue reading
Okta support system hacked with stolen credentials
[German]Okta's support system has been compromised with stolen credentials. Vendor Okta (provider of authentication services in the cloud) just admitted that. The attacker was able to view files uploaded by certain Okta customers as part of recent support cases. The … Continue reading
Over 32,000 Cisco components compromised via CVE-2023-20198 vulnerability
[German]Short note for users who have Cisco components with IOS XE in use and these components are accessible via the Internet. As of October 16, 2023, Cisco issued a security warning about the 0-day vulnerability CVE-2023-20198, which is unpatched so … Continue reading
Warning: WinRAR vulnerability CVE-2023-38831 is exploited by Chinese and Russian hackers
[German]Warning to users of the WinRAR archive program. Various state threat actors from Russia and China are trying to exploit a vulnerability in the WinRAR archiving tool for Windows. Attackers can execute arbitrary code when unpacking archives via the CVE-2023-38831 … Continue reading