WhisperGate: New type of malware attack in Ukraine
by Tina Siering
In mid-January, the first reports of attacks on computer networks in Ukraine emerged. The targets were mainly websites of authorities and the government, as well as other important organizations. According to initial analyses, it is a new type of malware. Experts are puzzling over the background of the attack, which seems to follow a planned pattern.
Read more … WhisperGate: New type of malware attack in Ukraine
The security vulnerability in the Java framework Log4Shell caused an uproar in the IT world. Hackers discovered the vulnerability in December 2021 and exploited it on the spot. Since then, the incidents have been accumulating, and the full extent cannot yet be estimated. At the same time, security experts warn about the long-term consequences of the vulnerability. Due to the wide distribution and the particular way Log4Shell is implemented, an unknown number of users are still at risk.
Read more … Log4j: Why the security breach will keep the connected world busy for years to come
Recently, Microsoft informed about the vulnerability CVE-2021-40444 in the office software Office. The corresponding MS Office patch was already released in September 2021. Now it turns out that Microsoft did not even fix the cause of the vulnerability with the patch. Experts warn that criminals will continue to exploit the vulnerability and have even uncovered further potential dangers in connection with the exploit.
Read more … Patch me if you can: Microsoft cannot close critical security hole
More than half of the companies surveyed in the Ivanti study suffer from a lack of staff - especially in the area of IT specialists. A representative survey by Bitkom is even more dramatic: here, seven out of ten companies state a shortage of IT specialists. For the available IT experts in the companies, this means: more work with less time. Successfully carried out cyber attacks are thus detected more slowly, insufficiently combated and at the same time phishing attacks occur more frequently. A real vicious circle is brewing on the horizon of digitalisation. What solutions are there?
GDPR at the workplace: You should definitely observe these requirements to avoid a data breach!
by Svenja Koch
On the one hand, the GDPR is intended to ensure the protection of personal data, but on the other hand, it is also intended to ensure the free movement of data within the European single market. Since its introduction in 2018, the GDPR has placed high demands on employers and employees - since then, a data protection breach can be sanctioned with high penalties. In this article, you will learn what you need to pay particular attention to as an employer when it comes to data protection in order to avoid a data breach.
Claroty study reveals vulnerabilities: Industrial facilities and KRITIS increasingly vulnerable to remote access
by Svenja Koch
For a long time, industrial controls were isolated local systems. Through further development and integration into the modern IT infrastructure, this industrial sector is now connected to networks and the Internet. Suddenly, critical ICS vulnerabilities are emerging that threaten industry and CRITIS. There is therefore an acute need to catch up in the area of industrial security - this is the conclusion of a recent study by Claroty.
The spectacular actions of the Conti Ransomware extortionists - a journey into the world of cybercriminals
by Svenja Koch
An unusual incident provides insights into the business of the ransomware developers of this malware. An apparently dissatisfied user of a Ransomware as a Service model published operating instructions and scripts of this platform. The information from the Conti Leak allows a look behind the scenes of a modern ransomware and how hackers copy as well as monetise the concept of cloud services.
IoT security vulnerability in the Kalay cloud platform! Over 83 million devices affected?
by Svenja Koch
IP cameras, digital video recorders or baby monitors definitely make our everyday lives more comfortable. IoT devices of all kinds are now used in millions of households and businesses around the world - and are now under attack! This is because a recently discovered IoT security vulnerability allows cyber attacks on the networked devices, where attackers can take control of the networked smart devices via the internet. The vulnerability, named CVE-2021-28372, is classified with a threat level of "critical".
Update Kaseya attack: company still struggling with the consequences - was there a ransom payment?
by Svenja Koch
At the beginning of July 2021, a cyber attack occurred on the IT service provider Kaseya. This attack had a global impact, as it was an attack on the company's supply chain. In Sweden, for example, up to 800 branches of the supermarket chain Coop had to close for days because the cash register systems were not available. About a month after the incident, Kaseya is still struggling with the consequences of the attack. Our update on the consequences of the spectacular cyber attack!
EU puts together package against money laundering: virtual currencies like Bitcoin also in its sights!
by Svenja Koch
With the proposed changes, the EU Commission wants to close gaps in existing laws and improve citizens' IT security. Current legislation no longer fits the digital reality. Anonymous accounts on crypto exchanges not only facilitate money laundering, they also provide hackers with an ideal environment for processing extortion payments as part of cyber attacks.