Cyber Security Blog

Dive with us into the world of hackers, data espionage, and attack defense - several times a week for free!

Following a serious attack with ransomware on the municipal IT service provider Südwestfalen-IT, administrations in more than 70 cities, districts and municipalities in North Rhine-Westphalia are largely paralysed. Registering cars, applying for ID cards or a birth certificate - many everyday processes are currently not possible for the citizens of NRW. Payment of a ransom has been refused in consultation with the affected municipalities and investigations are ongoing.

According to the latest BSI Situation Report 2023, the criminal business with ransomware is still one of the biggest threats to companies, organisations and public institutions. Ransomware is the term for malware that is capable of encrypting data and thus rendering it unusable. The blackmailers make unlocking the data dependent on ransom payments. From the US government's point of view, the "success" of ransomware is not least due to the willingness to pay the ransom demanded. The flow of ransom money is now to be dried up through an international alliance of numerous countries.

The Mozi malware first appeared in 2019 and managed to infect more than 1.5 million IoT devices worldwide in just a few years. The malware specialises in IoT end devices and DSL routers and is designed to create large-scale botnets, which were subsequently used for DDoS attacks, exfiltrating data or executing arbitrary commands, among other things. The geographical focus of Mozi is in China, although numerous infections have also been observed by security researchers in Germany. The Mozi botnet was suddenly shut down at the end of September 2023. Chinese law enforcement authorities may be behind the end of Mozi.

Confluence is a web-based software solution developed by the Australian company Atlassian for web-based collaboration and optimised knowledge management. The software allows users to collaborate on details around their projects in documentation, task lists and project plans. A recently discovered critical security vulnerability allowed attackers to gain admin rights - and thus compromise entire systems. A published patch closes this vulnerability in certain versions of the Confluence Data Center. Admins should react immediately.

Cisco, a global leader in networking solutions, has issued an urgent security advisory for switches and routers running the IOS XE operating system. The highly critical zero-day vulnerability (CVE-2023-20198) was announced a few days ago. Through vulnerability in the web interface, attackers can create an admin user without prior login and thus take control of the device. We recommend that network administrators act quickly as the vulnerability is currently being actively exploited by attackers and poses a serious threat to the IT security of companies worldwide.

Six reasons for successful APT attacks


Advanced Persistent Threats, or APTs, are targeted, complex cyberattacks that are usually carried out by highly organised and well-funded threat actors. In contrast to conventional cyber attacks, APTs aim to establish themselves in corporate networks for as long as possible - in order to secretly collect and manipulate data or gain access to internal knowledge. Due to human error, poorly configured security solutions or generally inadequate security measures, APTs can operate even in otherwise very well secured industrial companies. In this article, we have compiled the 6 main reasons for successful APT attacks.

There is an urgent need for action for users of Progress Software's WS_FTP Server software. After serious security vulnerabilities were discovered and classified as critical. Among the vulnerabilities, the one with the identifier CVE-2023-40044 stands out, indicating a CVSS score of 10.0 and thus maximum severity.

WebP is an open-source image format developed by Google that results in smaller file sizes with fewer visual artefacts. It is used by a wide range of applications. The zero-day vulnerability that has now been discovered therefore has serious implications, the extent of which is currently difficult to assess.

The German economy has become even slightly more digital in the past year 2022 - this is one of the core results of the digitisation index of the Federal Ministry of Economics and Climate Protection. The pioneers are large companies and the information and communication technology sector. But small and medium-sized enterprises are also networking their production and administration departments more and more. More digitalisation means more endpoints - in the form of stationary desktop PCs, laptops, mobile devices and IoT devices. Unfortunately, with the increase in device communication comes an increase in potential attack targets. Cybersecurity teams are faced with the major challenge of identifying attack attempts in the continuously growing volumes of data. In this article, you will learn which cyber dangers threaten companies in the course of digitalisation and how highly networked environments can be effectively secured.