Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Security
3 vulnerabilities discovered in MS Azure API management
[German]Security researchers from Israeli security vendor Ermetic have discovered three vulnerabilities in Microsoft's Azure API management. Two server-side request forgery (SSRF) vulnerabilities and an unrestricted file upload issue create risks for the Microsoft cloud environment. The vulnerabilities could be abused … Continue reading
SpecTor: Europol, FBI & Co. arrest 288 operators and customers of darknet drug marketplace
[German]In a coordinated action called SpecTor, Europol, the FBI and other law enforcement agencies arrested 288 operators and customers of a darknet platform where drugs were being transshipped. The operation covered 9 countries. Law enforcement authorities also seized the illegal … Continue reading
Windows hardening: Guidances and key dates 2023
[English]Small reminder for administrators in the Windows environment. In 2023, Microsoft will continue to implement various hardening measures for Windows systems (DCOM authentication, Kerberos, Netjoin/Domain Join, etc.). These hardening measures will be rolled out in stages through monthly updates. Even … Continue reading
iOS 16.4.1(a): Rapid Security Responses Updates
[German]Apple has released an unscheduled security update (Rapid Security Response Update) for iOS to version 16.4.1 (a) on May 1, 2023. However, there are reports that there are problems with this special update on iPhones.
Google Authenticator: Backup of passcodes in Google Account; but end-to-end encryption is yet to come …
[German]It's a lesson in how things shouldn't really work. The Google Authenticator app enables two-factor authentication for online accounts. In order to be able to use a replacement device with the app if the phone is lost, Google has implemented … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
SolarWinds hack in 2020: US Department of Justice knew 6 months in advance
[German]Does anyone remember the supply chain attack on SolarWinds' Orion software in 2020? That sent shockwaves through the IT landscape as masses of IT systems were hacked. Now it comes out that the US Department of Justice noticed the incident … Continue reading
Zyxel: Security advisory for CVE-2023-28771 in firewalls
Blog reader Liam had alerted me about vulnerability CVE-2023-28771 in Zyxel firewalls via email just a few days ago (thanks for that). An April 25, 2023 post states that improper handling of error messages occurs in Zyxel ZyWALL/USG series firmware … Continue reading
SonicOS SSLVPN: CVE-2023-1101 at MFA – new firmware for Gen6 firewalls (6.5.4.12-101n)
[German]Reminder for administrators using Sonic Wall products. There is a critical vulnerability in SonicOS SSLVPN that allows an authenticated attacker to use excessive MFA codes. The vulnerability, CVE-2023-1101, received a CVSS v3 index of 4.3 from SonicWall on March 28, … Continue reading
Apache Superset: CVE-2023-27524 allows Remote Code Execution (RCE)
[German]Brief note for users who deploy Apache Superset in their environment. There is a problem in the default configuration that the software can be attacked via remote code execution vulnerability. This becomes a problem if the server is accessible via … Continue reading
Microsoft Defender Threat Intelligence now with hash and URL search
[German]Small addendum: Microsoft expanded its Microsoft Defender Threat Intelligence (Defender TI) this week. Defender TI now includes functions that allow logged-in users to check file hash values. It also adds support for a URL search. This should allow security managers … Continue reading