2FA phishing - Stefan Karg

Vulnerabilities

New MS Exchange Zero-day vulnerability
ByStefan Karg 29.09.202225.08.2025

New MS Exchange zero-day: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2022/2022-258168-1032.html

Read More New MS Exchange Zero-day vulnerability
Vulnerabilities

CVE-2024-3094: Why the xz-utils backdoor is more than a technical issue
ByStefan Karg 02.04.202425.08.2025

Despite the Easter holidays, a lot of incredible work was done over the weekend by many researchers analysing the details of the xz-utils backdoor. Some examples are: As the situation unfolds, it is becoming clear that this was not just one of the most sophisticated technical (perhaps the most sophisticated) attempts to introduce a backdoor…

Read More CVE-2024-3094: Why the xz-utils backdoor is more than a technical issue
OT

Windows 3.11 in 2024? Here’s why.
ByStefan Karg 03.02.202425.08.2025

There is a job advert for a Windows 3.11 administrator role in the rail industry doing the rounds on the internet right now – e.g. here at Heise. It’s often accompanied by the question why such old systems are still in use – it’s 2024! Yes, this is the reality of OT systems – not…

Read More Windows 3.11 in 2024? Here’s why.
Security

Real world phishing attacks
ByStefan Karg 25.01.202325.08.2025

This post is a great example, that a spear phishing attack also works in the offline world. It does not always have to be an e-mail! Thank you to Marc Torke for sharing this. The letter in the picture is claiming to come from an official German court and was sent to a newly founded…

Read More Real world phishing attacks
Vulnerabilities

CVE-2024-3094: xz-utils backdoor
ByStefan Karg 30.03.202425.08.2025

The newly discovered xz-utils backdoor, which was published yesterday (NVD – CVE-2024-3094 (nist.gov)) also affects one of the Linux distributions most used by penetration testers: Kali Linux. ❗Make sure, that you are updating your Kali installations as fast as possible, especially when you updated them before in the time frame between 26.03.2024 and 29.03.2024. 💡For…

Read More CVE-2024-3094: xz-utils backdoor
Security

USB Killer redefined
ByStefan Karg 30.03.202325.08.2025

A Military-Type Explosive Sent Via USB Drive (gbhackers.com) ⚡ So far, USB-Killer devices were used by attackers (or pentesters) to disable or destroy devices with USB interfaces by discharging a high power electrical shock into the data lines of the USB port. ❗ If you find a USB stick somewhere: Do not plug it into…

Read More USB Killer redefined

Similar Posts