Tag Archives: Software

LogoFAIL: Critical vulnerabilities in the UEFI code

[German]There are several critical vulnerabilities in the UEFI code of the firmware of various BIOS/UEFI implementations that could be used to inject malware into a system. The whole thing was already announced by the Binarly REsearch Team on November 29, … Continue reading

Posted in devices, Security, Software | Tagged , , | 2 Comments

Advertising

40 years of Turbo Pascal

[German]I recently recognized that the Turbo Pascal development environment was introduced by Borland 40 years ago. But it completely passed me by. I myself only came into contact with Turbo Pascal around 1987/1988. Today, a brief look back for the … Continue reading

Posted in General, Software | Tagged , | 1 Comment

How to find weak passwords in Active Directory and eliminate them with PowerShell

[Sponsored Post]Weak or compromised passwords are a known gateway for attackers. If you are able to identify which users in Active Directory (AD) are threatened by this, then PowerShell can help to remedy it. However, PowerShell scripts cannot eliminate basic AD deficits, other tools are needed for this. More ...

Windows: cURL 8.4.0 update coming on November 14, 2023 patch day

[German]There is a vulnerability in the cURL library and tool in older versions, which was closed by the project on October 11, 2023 with version 8.4.0. Microsoft delivers cURL with Windows, but has not yet updated this version. My understanding … Continue reading

Posted in Security, Software, Update, Windows | Tagged , , , | Leave a comment

Advertising

VMware vCenter vulnerability CVE-2023-34048 – many systems vulnerable

There is an out-of-bounds vulnerability CVE-2023-34048 in VMware vCenter that leaves systems vulnerable. A security researcher scanned the Internet for accessible and unpatched instances and found numerous systems. Administrators of VMware vCenter installations should ensure systems are patched. Advertising

Posted in Security, Software, Virtualization | Tagged , | Leave a comment

Vulnerability CVE-2023-5363 in OpenSSL

[German]A vulnerability CVE-2023-5363 was found in the OpenSSL software. The initialization of the encryption key length and the initialization vector in OpenSLL is incorrect. However, a fix is already available for the Linux distributions Debian and Ubuntu. Advertising

Posted in Security, Software | Tagged , | Leave a comment

Advertising

Cisco: New 0-day vulnerability (CVE-2023-20273) in IOS XE; already being exploited

[German]US vendor Cisco has publicly disclosed another 0-day vulnerability (CVE-2023-20273) in IOS XE as of October 20, 2023. This vulnerability is already being exploited in the wild to compromise systems. The vendor plans to provide fixes for the CVE-2023-20198 and … Continue reading

Posted in devices, Security, Software | Tagged , , | Leave a comment

VMMap v3.4 released

As of October 17, 2023 VMMap v3.4 has been released in Sysinternals Tools. VMMap is a utility for analyzing virtual and physical process memory on Windows. Advertising

Posted in Software | Tagged | Leave a comment

Over 32,000 Cisco components compromised via CVE-2023-20198 vulnerability

[German]Short note for users who have Cisco components with IOS XE in use and these components are accessible via the Internet. As of October 16, 2023, Cisco issued a security warning about the 0-day vulnerability CVE-2023-20198, which is unpatched so … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Advertising

Warning: WinRAR vulnerability CVE-2023-38831 is exploited by Chinese and Russian hackers

[German]Warning to users of the WinRAR archive program. Various state threat actors from Russia and China are trying to exploit a vulnerability in the WinRAR archiving tool for Windows. Attackers can execute arbitrary code when unpacking archives via the CVE-2023-38831 … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Sonicwall: Security updates for SonicOS close nine vulnerabilities

In SonicOS there are several vulnerabilities (buffer overflows) that have received a CVSS index of up to 7.7. Sonicwall has therefore released software updates for SonicOS for their firewalls, that close new vulnerabilities (CVE-2023-39276, CVE-2023-39277, CVE-2023-39278, CVE-2023-39279, CVE-2023-39280, CVE-2023-41711 and … Continue reading

Posted in Security, Software, Update | Tagged , , | Leave a comment