Cyber Security Blog

Dive with us into the world of hackers, data espionage, and attack defense - several times a week for free!

In Germany alone, around 10,000 Microsoft on-premise Exchange servers are still not patched against the ProxyNotShell vulnerability, which has been known since September 2022. IT security managers should urgently apply the security update provided by Microsoft to prevent their systems from being compromised.

The networking of our devices also makes securing cars one of the great cybersecurity challenges of our time. Automotive technology is not only becoming more advanced due to integrated software systems, but also increasingly complex and vulnerable in its endpoints due to "smart features". Successful automotive hacks have increased greatly in the last three years, showing how attackers manage to successfully manipulate vulnerabilities in the APIs used by vehicle telematics systems remotely. A few weeks ago, the US-American, in his capacity as an ethical hacker, discovered serious security vulnerabilities at 16 leading car manufacturers.

A cyber attack can threaten the very existence of your company. Until now, the financial losses resulting from a successful hacker attack could be mitigated by taking out cyber insurance. But as losses from cyberattacks continue to rise, insurers have now adjusted premiums and exclusion criteria in such a way that policies are becoming less attractive in some cases. Experts even assume that insurers will soon offer no insurance cover at all against cyberattacks, or only very heavily regulated cover. Companies should therefore introduce systems now that will prevent them from falling victim to ransomware and data leaks in the first place.

Migrating IT applications to the cloud brings many benefits for businesses. But have you ever wondered if your corporate data is safe from theft and espionage in the cloud? The answer is no. While cloud providers usually deploy a web application firewall (WAF) to protect against cyberattacks, researchers have now discovered that some of these firewalls can be circumvented relatively easily. In this article, we'll tell you exactly how this works and how you can check whether your company's data is adequately protected by your provider's WAF.

The past year 2022 can be described succinctly: hardly predictable. A challenging economic situation, political upheavals accompanied by rapidly changing framework conditions, inflation, a shortage of skilled workers and rising energy prices have led to an unprecedented sense of insecurity, the effects of which are also clearly being felt in the IT security industry. Where will the key challenges lie in the next 12 months? We have given some thought to this and summarized them on the basis of the following 9 points, because one thing is already foreseeable: The threat level remains high and will continue to worsen in 2023.

In May 2022, Red Canary security researchers discovered a new computer worm that spread primarily via USB storage devices and network shares on Windows systems. The malware, dubbed the "Raspberry Robin or LNK worm," was initially thought to be relatively harmless. It initially spread quite quickly, but no downstream actions were apparent. However, in October 2022, Microsoft security researchers found that Raspberry Robin appears to be part of an extremely complex and highly interconnected malware ecosystem whose distribution extends beyond the initial USB drive distribution. In this article, learn how Raspberry Robin went from a simple computer worm to a gateway for malware - and how to protect yourself.

Extortion Trojans in the form of ransomware have become a serious and permanent threat. At the end of October 2022, for example, the hacker group Black Basta gained access to around 1,500 employee records after a successful ransomware attack on the IT service provider of the Deutsche Presse-Agentur (DPA), 20% of which were published on the darknet. The reason for the successful access to sensitive data, such as social security numbers or bank details: poorly protected FTP servers for storing documents. Ransomware attacks thus remain a relatively easy and extremely lucrative attack method, especially if the attacked systems are poorly protected. In this article, you will learn how to detect ransomware attacks on your company at an early stage and successfully fend them off.

Companies are confronted with increasingly complex cyber threats. Relying solely on preventive and pattern-based IT security measures (such as AV solutions and firewalling) is no longer sufficient today. Companies that want to be informed in time about a successful cyber attack have recognized the importance of early attack detection with the help of a "Managed Detection and Response solution" (MDR). The problem here is that most medium-sized companies do not have the necessary budget and do not have enough specialists, time and know-how to independently set up a Security Operations Center (SOC) required for this purpose. With Active Cyber Defense (ACD), Allgeier secion offers a 24/7 managed security service that relieves the IT security teams in this regard and can be booked cost-effectively at a flat monthly service fee. In this article, you can read how exactly the security analysts in the ACD team detect cyber attacks at an early stage and get answers to frequently asked questions.

At the beginning of August 2022, a new ransomware emerged that could not be assigned to any known malware family so far: the ARCrypter ransomware. The cybercriminals behind the extortion software have already attacked major Latin American organizations - including the Chilean government. Meanwhile, they are expanding their activities around the world, targeting German targets as well. Researchers have now figured out how ARCrypter works and what the characteristics of an ARCrypter attack are. The good news up front: with the right security tools, you can effectively protect yourself from the new threat.

The cybersecurity industry is more dynamic and rapidly changing than any other sector. Today's insights may already be outdated tomorrow. Because at the same pace as IT security develops new measures to protect IT infrastructure, networks, and endpoints, cyber criminals bring new tools to the market, refine attack methods, or use unknown techniques to successfully carry out cyber attacks. Anyone who wants to stay as well informed as possible in the multi-layered environment is dependent on regular updates. This applies equally to technically interested users and IT staff. One popular source of information in Germany is the podcast. More than 40% of all Germans regularly listen to podcasts - one fifth of them daily. We asked our IT security consultants for recommendations on ethical hacking and present our top 5 most popular cybersecurity podcasts here.