Everybody with an Internet-faced Microsoft Exchange server, Outlook Web Access (OWA) or Exchange Active Sync (EAS) can consider his or her system as compromised since January. This is reported by security experts like Chris Krebs1 and news magazines like Golem2 or Heise3. In Germany, the BSI has contacted more than 9,000 companies4. The scope of the current security vulnerabilities are comparable to the previous Microsoft major Incidents regarding Eternal-Blue5 and Wannacry6 4 years ago. Read more

This picture is for all the people I have had discussions with in recent years about Digitisation in general or, more specifically, about the integration of tablets or notebooks within a corporate network. My recommendation then and now: Zero Trust! Isolate and segment potentially insecure, closed-source AD infrastructures! Keep smartphones, tablets or laptops out! This also applies to unknown, untrusted applications. " jumper laptops" are the better places for them. Put business applications on RDP/RDS terminal servers1 and create uniform, web-based, open interfaces that can be monitored and controlled. Read more

Yesterday and today I’ve noticed the author malvuln1. He has uncovered vulnerabilities for 14 malware and backdoor applications. Yes, you are correct: He has found vulnerabilities in malware and backdoors, practically with proof-of-concepts to reproduce. No need to emphasise, that’s all Windows malware we’re talking about. There is no indication whether he contacted the respective vendors of the affected “software” prior to his full disclosure. Also missing are CVE2 reference numbers and CVSS3 Scores. Read more

Tomorrow I will give a short presentation for the DigiNet Südwestfalen December, 1st 2020, 08:30 am on my Conferencing-Server Topic: “Security of Conferencing Software” giving Stakeholders and Decision-Makers Orientation for risk-assesment. This is a non-public event. Please register via Sonja Pfaff on the DiginetSWF Website. About DigiNet Südwestfalen: In early 2019, the Transferverbund Südwestfalen started to track down service providers and networks active in the field of digitalization in South Westphalia as part of the NRW. Read more