Cyber Security Blog

Dive with us into the world of hackers, data espionage, and attack defense - several times a week for free!

Attention: On September 29, 2022, GTSC published a blog article about high-risk vulnerabilities! It reports on a new attack opportunity that exploits two not yet disclosed vulnerabilities (0-Day). In doing so, attackers can perform remote code execution (RCE) on affected Microsoft on-premise Exchange servers. Our security analysts have also verified anomalies in connection with the new zero-day vulnerabilities during active analysis as part of our Managed Security Services. The vulnerability occurs, among other things, in Outlook Web Access (OWA) or in a related component and has not yet been fixed by Microsoft.

Malware, composed of "MALicious" and "SoftWARE", is the generic term for malicious software explicitly created to infect IT systems. This buzzword covers a wide variety of malware - from viruses and worms to adware and spyware, rootkits and ransomware. In this article, we show the different types of malware, assess the threat potential for your company and provide valuable tips on how you can protect IT systems, networks and end devices from the numerous threats.

Many of the current malware threats exploit vulnerabilities in operating systems and deployed software to compromise systems. As soon as they are known, the manufacturers patch the entry points as part of updates - i.e., they close them with minor or major adjustments to the architecture. "A software update is available": Surely you are also familiar with this message that pops up on the screen at regular intervals. This article shows why you should not simply click away from this message, but rather treat it as a top priority.

Borat, the whimsical fictional character of actor Sacha Baron Cohen, is known for absurd jokes, hilarious entertainment and, of course, the iconic neon green mankini. However, anything but funny is a new malware called Borat RAT. The Remote Access Trojan (RAT) is increasingly spreading around the world and is considered particularly treacherous and dangerous among security experts due to its combination of RAT, spyware and ransomware. In this article, learn how criminals are using Borat RAT, what purposes the malware serves, and how organizations can protect themselves from the new malware through incident response readiness and managed detection and response (MDR) solutions.

The use of cloud services has been commonplace for companies and private users for several years. The cloud simplifies and accelerates data exchange, makes information available worldwide, regardless of device, and enables modern, location-independent work. Many service business models are also based on data exchange via the cloud or via platforms that can be accessed via the Internet. Various "as-a-service" services offer immediate access to software via practical subscription models, in many cases making the purchase of hardware superfluous and relieving companies of resource-intensive care and maintenance work. Cybercriminals have also discovered the many advantages of this type of platform for themselves. With the "Dark Utilities" service, a platform is now available that enables cyberattacks at low cost, with outsourced development effort and without the need for in-house server infrastructure. In this article, learn how Dark Utilities works, what the dangers are, and how you can protect yourself and your company from the new, dark business model.

The most widely used method of communication in organizations and companies is still e-mail. It is therefore not surprising that more than 90 percent of successful cyber attacks start with a supposedly harmless e-mail. In almost all cases, the weak point is invariably the same: the human being. Fake sender identities increase the chances that malware attachments will be opened. The perfidious game of the CEO-Frauds is so successful because the attackers already familiarize themselves in advance with the company's circumstances in great detail. With the following six rules, you can effectively protect yourself from the threat of ransomware, phishing, virus-infected attachments and the like.

What do the ancient Romans, Leonardo da Vinci and 21st century cybercriminals have in common? The answer is "steganography," the hiding of secret information in an innocuous, inconspicuous environment. The ancient technique of steganography is in fact currently one of the greatest dangers that can lurk for users during digital data transmission. Cyber criminals have currently refined the techniques of steganography to such an extent that malware can hardly be detected by conventional security technology. In this article, you will find out what exactly this term means, what tricks hackers can use to infiltrate malware onto your computer, and how you can protect yourself against this undetected danger.

LastPass confirms security incident


Back in mid-August 2022, unknown attackers gained access to servers of the password manager provider LastPass and were able to successfully copy internal data.

The company has now acknowledged the incident in a blog post and assured: Master passwords and user data in the encrypted password vault should not be affected. What users of the service should consider, however, can be read in the short blog post on the topic.

The abbreviation IoT stands for "Internet of Things" and refers to the increasing networking between "smart" devices and machines both with each other and with the Internet. To achieve this, the devices are equipped with network cards (LAN or WLAN). Often used for cost-saving reasons, smart building objects found in companies, such as fire detectors or IP cameras, already form the standard today. However, when acquiring IoT devices, many organisations are not aware that they entail major risks for IT security. To protect themselves from data espionage, operational failures and network compromises, companies and organisations should take effective security precautions.