9 News from KW28.2025 - Summarized at level92.fun

New week, new wews: Nine interesting contributions from week 7.7 – 13.7 (KW28-2025) initialled and numbered, to make it easy for yout, two of which looked at in detail and provided with more details – again across my ‘wews’ world.

Article 1

Prime Day(s) overshadow IT/Tech reporting

If anyone hasn't noticed, here's a quick reminder: From 8.7 to 11.7 there are almost everywhere only snappers!

I think I don't have to go into the point much more, even with ad blockers and various anti-tracking measures it should be hard to avoid the bargains this week.

True to the motto:If you can’t fight it, embrace it“I would therefore suggest that you prefer one or the other purchase that is to be made in the coming months anyway. And on that occasion, I was able to Android:Netrunner Place deck, now at home Zero signal If you're into card games, cyberpunk or just collecting, this should be your thing. ⁇ Also available at Amazon ⁇

But the rest of the week I'll let you off the hook, I promise!

Article 2

Android security patches in July = 0

What now, fish or meat? The first paragraph for this month looks promising:

The Android security bulletin provides details about vulnerabilities affecting Android devices. Fix security patch level from 05.07.2025 or higher All these problems. For information about how to check the status of a device's security update, see Check and update the Android version.

But already in the next section is rowed back directly, this month there is virtually nothing to do. It's summer vacation, one or the other wonders.

announcements

The Android security bulletin for July 2025 includes none Android security patches.

Kind as I am, I have of course well rated the service, which was offered to me in such detail. Thumbs up!

For that otherwise between 2 and 3 dozen CVE processed are really refreshingly different. Okay, let's move on, there's nothing to see here...

Article 3

AMD Epyc and Ryzen CPU Sidechannel Attacks

Behind the AMD release number AMD-SB-7029 There's a lot going on with CVE that's been made public. On the whole, however, rather from light to medium, the ‘oh shit’ moment is absent.

However, since many Epyc Server CPUs (third and fourth gene, codenames Milan, Milan-X, Genoa, Genoa-X, Bergamo and Siena) are affected and there are probably many instances with users, you should not take such messages lightly.

The gaps in the Ryzen desktop CPU of the Gen 5 to 8 should actually be less important, usually there are fewer users on these systems. The good news is that patches for all vulnerabilities in both lines have been available for 6 or more months.

AMD also has a fancy PDF with published that the whole looks further, who likes can read further in detail.

CVE Overview:

Let's start with the ‘medium’ graded ones and look at what AMD writes about it:

CVE-2024-36350: Critical AMD processor vulnerability in Store Queue – concerns a ‘transient scheduler attack in the Store Queue of certain AMD processors’ (CVE details at Redhat). This vulnerability allows attackers to access sensitive data through timing attacks on the memory queue of certain AMD processors.

CVE-2024-36357: A transient execution vulnerability in some AMD processors that may allow an attacker to:data in the L1D cache“ to explore what “potentially resulting in the leakage of sensitive information across privileged boundaries„. (CVE Details at Redhat) This vulnerability affects the L1D cache and can lead to the disclosure of sensitive information across privilege boundaries.

CVE-2024-36348 (CVSS 3.8 – Low)

CVSS vector: AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Description: A transient execution vulnerability in some AMD processors may allow a user process to speculatively derive the control registers, even if the User Mode Instruction Prevention (UMIP) feature is enabled. This can lead to information leakage.
Technical details: Bypasses the UMIP security feature, which usually prevents user programs from accessing certain system registries.

CVE-2024-36349 (CVSS 3.8 – Low)

CVSS vector: AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Description: A transient execution vulnerability in some AMD processors may allow a user process to derive the TSC_AUX value even if such read access is disabled. This can lead to information leakage.
Technical details: Affects the Time Stamp Counter Auxiliary (TSC_AUX) register, which should normally be protected from unauthorized access.

CVE-2024-36350: Transient scheduler attack in the store queue of certain AMD processors that enables timing-based side channel attacks.

CVE-2024-36357: Vulnerability in L1D cache that could lead to disclosure of sensitive information across privilege boundaries.

Common characteristics

Risk assessment: None critical or highly rated, as they:

Require Local Access (AV:L)
Have low attack complexity (AC:L)
Require low privileges (PR:L)
No user interaction required (UI:N)
Impact on other security contexts (S:C)
Limited Confidentiality Effects (C:L)

Article 4

Outlook: Bright to cloudy. Or storm depth?

This week Outlook has simply failed for ~’n day, apparently in large parts of the DACH region. Nice new cloud.

Microsoft Outlook was affected by a serious, multi-day disruption that affected millions of users worldwide. The disturbance occurred in two waves in July 2025.

However, it was only a week ago that the German-speaking countries were already Problems with Exchange Servers There was OWA.

First wave of disturbances (9-10 July 2025)

Period and duration

Start date: Wednesday evening, 9 July and Thursday morning, 10 July
Duration: About 11 hours
End: Evening of 10 July 2025

Affected users and symptoms

Millions of users worldwide affected
Complete failure of both Outlook app and webmail access
Main problems:
- Login difficulties (40,68% of reported problems)
- No new e-mails can be received (28,81%)
- Shipping problems (20,34%)
- Other Problems and Connection Disorders

Regions concerned

Particularly affected in Germany were:

Munich
Frankfurt am Main
Göppingen
Berlin

Microsoft's response

First report: July 10 at 8 a.m. (via X/Twitter)
Official statement: “Part of the mailbox infrastructure is not working as efficiently as expected”
Solution: Cause found and Fix rolled out worldwide
Transparency: Specific technical details have not been published

In general, there is a lot of information at Microsoft, but unfortunately you usually have to collect it yourself. Status about running services that affect Office365 can be For example here find.

Otherwise, there is also a Twitter / X account sends status messages.

As a source of information, you can also use Microsoft's own Cloud service overview page use.

Second wave of faults (12 July 2025)

New problem

Cause: Problems with the detection of payment details
Symptoms: Users received notifications of invalid licenses despite current payments
Error message: “Something went wrong. Please try the action recommended below." with "Update application" button

Extent of the second disturbance

Millions of Users Affected Again
Exchange platforms are also unavailable
German users are particularly affected:
- Allestoerungen.de: around 200 notifications
- Netzwelt.de: More than 3,400 messages at 10 a.m. (increasing trend)

Microsoft's Response to the Second Disruption

Date: Microsoft reported about 9 o'clock on X
Statement: “We identified the cause of the problem and provided a solution. We closely monitor deployment and expect the issue to be gradually addressed as deployment progresses.”

All-clear reached the users then e.g. About the Net World which also: already before reported the incident and collected reports from users.

conclusion

The Outlook disruptions in July 2025 highlighted the vulnerability of critical email infrastructures. Particularly problematic was the fact that two different serious disruptions occurred within a few days – first a general infrastructure failure, then problems with the licensing system.

Microsoft reacted relatively quickly both times, but withdrew with technical details and praised only improvement for the future.

There's still room for improvement, friends!

Article 5

Supermarkets raise deposit for shopping carts to 1.08 euros

In the bustling metropolises of Cologne, Düsseldorf and the tranquil Neckarsulm, a revolution is underway that could fundamentally change the shopping behavior of German consumers.

After decades of stability, the powerful giants of German retail – including the time-honored discounter dynasties Aldi, the expansive Globus group and the wide-spread Rewe empire – have made a decision that will affect millions of households: The historical increase of the shopping cart deposit from the one euro unchanged for over two decades to the precise amount of one euro and eight cents.

The Historical Dimension of Overdue Reform

This groundbreaking announcement was not made spontaneously or arbitrarily, but is the result of years of economic analysis and market-strategic considerations. Karl Wenz, the eloquent and far-sighted spokesman for the long-established Edeka Group, which functions as one of the key players in this unprecedented coalition, granted the prestigious Postillon exclusive insights into the motives of this far-reaching decision.

"This long overdue reform," Wenz said, with the authority of a man who has been observing developments in German retail for decades, "is rooted in a fundamental economic reality that has been ignored for far too long. Since that memorable year in 2002, when the euro was introduced as the single currency, ushering in a new era of European trade, the shopping cart deposit has remained trapped in a kind of frozen time capsule at the symbolic amount of one euro.’

A comparison that encourages reflection

In order to illustrate the drama of this economic stagnation, Wenz gives a particularly clear and comprehensible example for every citizen: “Let's look at the simple but meaningful case of a scoop of ice cream – that sweet treat that delights young and old alike. In 2002, such a delicious ball cost only a modest 50 cents. Today, however, in 2025, consumers will have to spend an average of €1.70 on the same pleasure – an increase of over 240 per cent!”

These figures speak for themselves and underline the justification of the measures now announced. ‘In this context,’ Wenz continues with convincing logic, ‘a moderate increase to EUR 1.08 is not only justified, but is downright conservative and consumer-friendly.’

The technical revolution: A masterpiece of engineering

However, the practical implementation of this visionary reform requires nothing less than a complete technical revolution of the entire German shopping cart infrastructure. In the coming months, an unprecedented conversion program will begin, which will cover the entire fleet of shopping carts at all participating discount stores and supermarkets.

The previous, seemingly simple construction with a single one-euro slot will give way to a highly complex but well-thought-out four-slot architecture. This engineering feat includes:

The tried-and-tested 1-euro slot as the heart of the construction
A precisely calibrated 5-cent slot for the first supplementary coin
A meticulously dimensioned 2-cent slot for the second additional element
A filigree 1-cent slot as a crowning finish

Only when all four coin slots are properly stocked with the corresponding pieces of money, the mechanism is activated and the shopping cart is released for the customer. This solution combines the highest precision with user-friendly functionality.

conclusion

This landmark reform may only mark the beginning of a broader modernisation of the German retail sector. Experts are already speculating on further innovative developments that could come to consumers in the coming years. The successful implementation of the new deposit system could serve as a blueprint for similar reforms in other areas of daily life.

The decision of the large retail chains ultimately shows that even in a time of rapid technological developments and digital transformation, the basic mechanisms of retail are subject to constant evolution. What seems to be a revolutionary innovation today could become the natural standard tomorrow – a testament to the adaptability and innovative power of the German economy.

Source: The postillon

Article 6

Bread box FTW! The C64 is back.

Commodore 64 Ultimate – The modern remake of the classic

YouTuber Christian Simpson (known as ‘Peri Fractic’) has taken the entire Commodore Corporation including all 47 trademarks still registered. His YouTube channel ‘Retro Recipes’ was published after the takeover in ‘Retro Recipes x Commodore“ renamed.

Two weeks after the acquisition announcement, the first product launch was no less than a hammer:
A new/old C64, the first in over 30 years!

Hats off, horny move!

A lot of information can be found e.g. at Galaxus, I think there are currently 1-2 people working there who have grown up with the good piece ⁇

Otherwise, I can also this Article recommended by the PCGH. Also definitely lovers of bread boxes in the editorial office!

Do you still have a bit to dive into the story, here There is as much information as the heart desires.

Profit tip: When it gets bright and you meanwhile drifted after 100 links to a page that deals with nuclear-powered submarines, don't worry about it, this can happen. Short reminder, it was about this topic:

Technical specifications

Centerpiece: AMD (Xilinx Artix-7) FPGA chip for true-to-original software playback – not emulation, but new hardware that works like the original

Storage:

128 Megabyte DDR2 RAM
16 megabytes of NOR flash memory

Compatibility: At least 99 percent compatibility with all known C64 games and peripherals from the 80s and 90s

Connections and connectivity

Classical connections:

Datasette interface for tape drives
DIN-8 video output for classic tube TVs
All known retro connections fully functional

Modern connections:

HDMI port with PAL/NTSC timing simulation (1080p @ 50/60 Hz)
3x USB-A 2.0, 1x USB-C
3.5 mm jack connector, Optical S/PDIF
MicroSD slot
Ethernet connection (100 Mbps) and WLAN

Emulation and simulation skills

The C64 Ultimate can simulate various classic components:

Datasette (tape drive) – e.g. from USB stick
Disk drives, modules, SID chips, memory extensions, and network features
Optionally switchable Scanline effects for an authentic retro feel

Keyboard and Design

Maintain original layout
Modern Gateron Pro 3.0 switches with RGB LEDs (55 grams of impact force)
Characteristic ‘bread box’ housing as in the original

Scope of delivery and extras

64 GB USB memory with over 50 pre-installed programs, games, music and demos in audio cassette design. It also includes an exclusive sequel to ‘Jupiter Länder: Ascension’.

Availability and prices

Pre-order: Currently only available as a pre-order
(planned) Delivery: October/November 2025

Pricing (three variants):

Classic beige: approx. 260 Euro / 299,99 USD
Transparent Starlight Edition with LEDs: approx. 300 Euro / 349,99 USD
Gold-plated Founders Edition: 430 Euro / 499,99 USD (with 24 carat gold plated badge and satin gold keys)

Call me skewery - I don't care. The bread box simply has to be classic beige, transparent or gold-plated is then simply not the C64. Just look for yourself:

conclusion

After more than 30 years, there are again new official Commodore hardware, which offers the most true-to-original experience possible without classic emulation thanks to FPGA technology.
The C64 Ultimate successfully combines retro charm with modern amenities and is aimed at retro computing enthusiasts who want to enjoy the authentic C64 experience with contemporary comfort. The rapid product announcement just two weeks after the brand acquisition shows the ambitious plans of the new Commodore owner.

Godspeed Peri, make it Frantic <3

Article 7

Ameo's clinics go offline as a precaution

After an attack was detected, the IT managers decided to take the entire network offline. Difficult decision when clinics, medical centers and emergency medicine are involved?

Basically, this reads Statement of the website First of all completely logical and of course also without alternative:

A central, self-determined shutdown of the networks has led to restrictions on the availability of digital services in the AMEOS facilities in Germany.

AMEOS IT identified an attack on Monday evening and shut down all digital systems as a precaution. Since then, the experts of the IT services have been working with the highest priority on recommissioning. Digital medical applications have already been put back into operation.

The care of the patients in the AMEOS Klinika as well as the residents in the AMEOS care and integration facilities was and is ensured at all times. The emergency departments as well as therapeutic and diagnostic services, such as the emergency laboratory, were available at all times and were available.

Those of you who either work in the health system yourself or have been a guest lately can surely imagine how difficult it must be if you are suddenly cut off from all your usual helpers and then everything is spontaneously done analogously again.

So or so similar It also reads when you look around the web. Gradually, a few more figures come to light. Among others, these:
About 100 locations in All of Germany affected. The Ameos Group treats more than 500,000 patients annually. The hospital network includes more than 100 facilities at more than 50 locations. In addition to Helios and Sana, Ameos is one of the largest private clinic operators in the German-speaking world.

Definitely no fun. Let's keep our fingers crossed for the girls and boys of IT.

Article 8

HarfangLab: cybersecurity report + ESET survey

Cybersecurity among european companies 2025: From Reliance to Resilience conducted by Sapio Research and the ESET survey in the DACH region both come to the same conclusion:

Threat Situation and AI Influence

Current threat perception:

40% European companies rate their cyber threat level as ‘extreme’ or ‘very serious’
France shows the highest concern (48%), Germany and Belgium lower (33% or 36%)
58% see AI-assisted cybercriminals as the main risk factor (increase of 46% in 2024)

Main Consequences of Cyber Attacks:

53% Data leaks are the worst consequence
40% worry about deletion/destruction of information systems
36% Fear of espionage and theft of intellectual property

Digital Sovereignty and Control

Loss of control as a critical problem:

Only 19% Companies have complete control over their security infrastructure
43% have limited control over their own protection systems
78% Leaders are more concerned about digital sovereignty than they were a year ago

Trend towards European on-premises solutions:

31% Prefer on-premises EDR solutions over cloud-based ones
17% actively plan to switch to on-premises cyber security models
Governmental organisations (27%) and health care (24%Leading this trend

European cybersecurity as a competitive advantage

Regulation as Strength:

94% Respondents consider that European cybersecurity regulation is necessary
70% see Europe as a role model for global cybersecurity and data protection regulation
71% report that non-European business partners value the European data protection standard

Vendor selection criteria:

26% prioritize on-premises deployment capabilities in vendor selection
Only 22% identify performance as the main selection criterion
Quality of customer service and ‘human factor’ are gaining in importance

Common insights and trends

1. The Growing Importance of Digital Sovereignty

Both studies show a significant shift towards European cybersecurity providers, driven by:

Data protection concerns
Geopolitical tensions
Need for control over critical infrastructure

2. AI as a double-edged sword

82% believe AI-enhanced cybersecurity solutions can help counter AI-enhanced threats
79% emphasize that human analysts remain indispensable even in an AI-augmented future
59% worry about exaggerations of security providers regarding AI capabilities

3. Regulatory compliance as a competitive advantage

Europe has established itself as a standard setter for cybersecurity and data protection, which gives European companies international competitive advantages.

4. Challenge between innovation and control

While American and Asian providers are often technological leaders, European companies increasingly prefer solutions that ensure control, transparency and compliance.

Sources: HarfangLab | ESET DE | OpenSystems | Heise.de

conclusion

The sources highlight a fundamental shift in the European cybersecurity landscape: From pure performance orientation to a strategic view of sovereignty, control and trust. European companies are willing to make technical compromises for these values, but increasingly see that European suppliers can catch up technologically and offer equivalent solutions.

The trend towards cybersecurity made in Europe is not only a response to geopolitical uncertainties, but also an expression of growing awareness of the strategic importance of digital autonomy in an increasingly interconnected world.

Article 9

Raider is now called Twix!

And HBO turned Max into HBO Max again.

HBO that eventually became HBO Now, then offered HBO Go & Now in parallel, which were then renamed HBO Max in the pandemic only to later turn it into Max, which is now allowed to be called HBO Max again.

I don't want to unken, but can it be that with each of these (certainly not cheap) renaming measures some consulting company has nicely stopped their hands? Would definitely explain how to choke through 7 renamings in 15 years...

All right, what do I know?

I will say goodbye this week to the – level92 typical - words of Chinese IT specialist Sun-Tsu:

Use your resources wisely

Don't waste time or budgets on unnecessary technology or excessive complexity. Focus on the essentials and maximize the benefits of your existing funds.