Benjamin Delpy did it again. This time his attention was focused on the aged SCCM1. Once developed in the late 90s, it looks back on a turbulent history with some twists and turns. Unfortunately the security behind it looks exactly the same what you would expect and at best can be considered as “rotten” when still using 3DES2 to communicate with clients3. Read more

Everybody with an Internet-faced Microsoft Exchange server, Outlook Web Access (OWA) or Exchange Active Sync (EAS) can consider his or her system as compromised since January. This is reported by security experts like Chris Krebs1 and news magazines like Golem2 or Heise3. In Germany, the BSI has contacted more than 9,000 companies4. Read more

This picture is for all the people I have had discussions with in recent years about Digitisation in general or, more specifically, about the integration of tablets or notebooks within a corporate network. My recommendation then and now: Zero Trust! Isolate and segment potentially insecure, closed-source AD infrastructures! Read more

Yesterday and today I’ve noticed the author malvuln1. He has uncovered vulnerabilities for 14 malware and backdoor applications. Yes, you are correct: He has found vulnerabilities in malware and backdoors, practically with proof-of-concepts to reproduce. No need to emphasise, that’s all Windows malware we’re talking about. Read more