Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Security
SolarWinds hack in 2020: US Department of Justice knew 6 months in advance
[German]Does anyone remember the supply chain attack on SolarWinds' Orion software in 2020? That sent shockwaves through the IT landscape as masses of IT systems were hacked. Now it comes out that the US Department of Justice noticed the incident … Continue reading
Zyxel: Security advisory for CVE-2023-28771 in firewalls
Blog reader Liam had alerted me about vulnerability CVE-2023-28771 in Zyxel firewalls via email just a few days ago (thanks for that). An April 25, 2023 post states that improper handling of error messages occurs in Zyxel ZyWALL/USG series firmware … Continue reading
SonicOS SSLVPN: CVE-2023-1101 at MFA – new firmware for Gen6 firewalls (6.5.4.12-101n)
[German]Reminder for administrators using Sonic Wall products. There is a critical vulnerability in SonicOS SSLVPN that allows an authenticated attacker to use excessive MFA codes. The vulnerability, CVE-2023-1101, received a CVSS v3 index of 4.3 from SonicWall on March 28, … Continue reading
Apache Superset: CVE-2023-27524 allows Remote Code Execution (RCE)
[German]Brief note for users who deploy Apache Superset in their environment. There is a problem in the default configuration that the software can be attacked via remote code execution vulnerability. This becomes a problem if the server is accessible via … Continue reading
Microsoft Defender Threat Intelligence now with hash and URL search
[German]Small addendum: Microsoft expanded its Microsoft Defender Threat Intelligence (Defender TI) this week. Defender TI now includes functions that allow logged-in users to check file hash values. It also adds support for a URL search. This should allow security managers … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Nearly two-thirds of XIoT vulnerabilities remotely exploitable
[German]From a security perspective, I think we're in for a disaster – I've had Claroty's State of XIoT Security Report: 2H 2022 for a few days now. It does show the positive impact of increased vulnerability research and increased vendor … Continue reading
Windows April 2023 Updates: Netlogon- and Kerberos protocol changes, there seems to be issues
[German]Microsoft has indeed postponed its schedules for phased adjustments to the Netlogon protocol (due to CVE-2022-38023) and the Kerberos protocol from April 11, 2023 to June 13, 2023. But with the Windows update of April 11, 2023, the option to … Continue reading
QueueJumper: Patch critical RCE vulnerability in MSMQ service
[German]A remote code execution vulnerability CVE-2023-21554 exists in the Microsoft Message Queuing service (MSMQ), which has been rated critical with a CVEv3 score of 9.8. Microsoft has released security updates for Windows clients and servers on April 11, 2023, that … Continue reading
Posted in Security, Update, Windows
Tagged Patchday 4.2023, Security, Update, Windows
Leave a comment
Affinity forums hacked (April 6, 2023)
[German]Unpleasant information for users of Affinity forums. The operator informs its users that there was a cyber attack on April 6, 2023. It seems that the account of an administrator was compromised, so that the attacker(s) could gain access to … Continue reading
Google Chrome 112.0.5615.121 / Edge 112.0.1722.48
[English]Google has released unscheduled updates to Google Chrome Browser 112 in the Extended and Stable channels for Mac, Linux and Windows as of April 14, 2023. Microsoft has also update the Edge browser version 112. They are security updates that … Continue reading