Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Software
Windows and the cURL trap; deleted curl instance breaks Windows update
[German]Microsoft delivers the cURL library with the operating system since Windows 10. However, Redmond does not manage to update the delivered cURL version promptly when security vulnerabilities become known. This leads to the fact that Curl versions with known vulnerabilities … Continue reading
SolarWinds hack in 2020: US Department of Justice knew 6 months in advance
[German]Does anyone remember the supply chain attack on SolarWinds' Orion software in 2020? That sent shockwaves through the IT landscape as masses of IT systems were hacked. Now it comes out that the US Department of Justice noticed the incident … Continue reading
Zyxel: Security advisory for CVE-2023-28771 in firewalls
Blog reader Liam had alerted me about vulnerability CVE-2023-28771 in Zyxel firewalls via email just a few days ago (thanks for that). An April 25, 2023 post states that improper handling of error messages occurs in Zyxel ZyWALL/USG series firmware … Continue reading
Apache Superset: CVE-2023-27524 allows Remote Code Execution (RCE)
[German]Brief note for users who deploy Apache Superset in their environment. There is a problem in the default configuration that the software can be attacked via remote code execution vulnerability. This becomes a problem if the server is accessible via … Continue reading
Parallels RAS licenses expire on April 24, 2023; reactivation required
[German]Brief note for administrators who use Parallels RAS (Remote Application Server). If the "big bang" breaks out on April 24, 2023 because the Parallels RAS refuses to work, it's probably not your fault. It looks like the vendor "screwed up" … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Additional information about the compromised 3CX desktop app
[German]The 3CX Desktop app from phone system provider 3CX was infected with malware via supply chain attack. As a follow-up, I have some additional information. For example, the incident has now been confirmed by 3CX and both Cyble and Kasperky … Continue reading
Citrix Cloud Connector May 2023 upgrade requires new DigiCert G4 root and intermediate certificates
[German]Brief note for administrators who are responsible for the deployment of the Citrix Cloud Connector. Normally, there is no need to worry about an update of this connector. However, in early May 2023, there is a connector update that administrators … Continue reading
March 2023: What's going up with AnyDesk?
[German]I'm picking up on a topic and posting it here on the blog for information purposes with a request for feedback from those affected. It's about the provider AnyDesk and its remote maintenance software of the same name. A reader … Continue reading
3CX desktop app (probably) infected in a supply chain attack (March 29, 2023)
[German]Warning to customers of phone system provider 3CX. Its 3CX Desktop app has probably been infected with malware via a supply chain attack. At least, that's what various reports from security companies as well as posts on reddit.com suggest. Here's … Continue reading
NoSpamProxy version 14.0.5 released – update!
[German]Short note for users who use NoSpamProxy to filter mails. The developers have released version 14.0.5 – those who still have an older version installed should update. The background is that the provider Cyren discontinues its services.