A blog about IT and other stuff :-)
Recently, there have been sold Exploits on the dark web, for exploiting Zyxel NAS devices, but researchers have found out, that firewall’s also have the vulnerbility: https://krebsonsecurity.com/2020/02/zyxel-0day-affects-its-firewall-products-too/ Zyxel advisory – please note, not all Zyxel devices can be patched, so…
Read more
An easy to use exploit, have been discovered for Exchange 2010, 2013, 2016 and 2019, patch now. If you have a login for a normal user, you can execute code on the server as “SYSTEM” account through Exchange Control Panel…
Read more
Now it’s time to disable direct RDP access or at least patch it: Sophos have made an BlueKeep exploit which changes the Windows accessibility shortcuts, and renames utilman.exe so you get shell :-O Read more here: https://news.sophos.com/en-us/2019/07/01/bluekeep-poc-demonstrates-risk-of-remote-desktop-exploit/?cmp=30727 Video: https://vimeo.com/344915265
DANISH CONTENT THIS TIME 🙂 Fra 1/1-2019 gælder der nye regler ift. email kryptering i Danmark, disse er udstedt af datatilsynet. Det kan være svært at holde hoved og hale i alle de teknikker der er. Der nævnes bla. TLS…
Read more
Due to the new CPU bug, memory can be read by criminals, therefore update your OS and virtuel environments: Relevant Products VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) excluded Workstation version 14 VMware Fusion Pro / Fusion…
Read more
Sophos UTM mail security has many features, it also supports DKIM (DomainKeys Identified Mail), which allows the UTM to cryptographically sign outgoing messages. Unfortunately it’s not “that” easy to set up, like any other UTM feature, but that’s not the UTM’s…
Read more
To harden the communication to this site and it’s input forms, SSL has been added. Also Google Chrome will no longer display a warning that the site is not secure 🙂
During security audit scans, it is sometimes seen that a Microsoft Internet Information Services (IIS) server is exposing the servers internal ip, when a speciel get request is sent to the server. This can be due to misconfig, unpatched server…
Read more
Adding an additional layer of security with DNSSEC: It’s easy to setup, your DNS provider has to support this though, read more about DNSSEC (Domain Name System Security Extensions) here: https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.