NIS2: New cybersecurity regulation in 2023
by Nico Pätzel
In the current world situation, where cyber threats are growing exponentially at a rapid pace, the European Union has taken a decisive step towards increased security with the introduction of the NIS2 Directive. The expanded set of rules not only serves as a guide for the protection of network and information systems, but also puts the focus on critical infrastructures (CRITIS) - the heart of our modern society. But why exactly is this revised directive so important for IT security managers? What innovations does it bring with it, and what challenges might we face? This article provides an in-depth look at the NIS2 directive, its key points and its relevance in today's digital era. Learn here how the NIS2 Directive serves as an enabler for a more robust and secure digital future.
Social engineering: A look at the spectacular hack of MGM
by Tina Siering
That's how fast social engineering can go. A remarkable hack hit the billion-dollar casino chain MGM, paralysing the technical infrastructure and causing disruptions within the casinos. What happened and how the attackers proceeded, we explain in this article.
Read more … Social engineering: A look at the spectacular hack of MGM
Perhaps you are also one of the 270 million people who actively used Microsoft Teams on a daily basis last year? The service is used frequently and with pleasure, especially in a professional environment, as it makes communication from the home office or remotely simple and convenient. However, a recently discovered security vulnerability significantly limits the convenience factor.
Read more … TeamsPhishers: New tool exploits vulnerability in MS Teams to send malware
Windows 11 security change: SMB signing becomes standard
by Tina Siering
Microsoft is working to further improve the security of the Server Message Block (SMB) protocol. In a new pre-release version of Windows 11, SMB signing is now enabled by default for Pro editions to enhance the security of network connections.
Read more … Windows 11 security change: SMB signing becomes standard
The Apache Foundation has announced that it has closed security vulnerability CVE-2023-25690 (CVSS score of 9.8) in Apache HTTP Server 2.4.56. What users should now take into account.
Read more … Apache HTTP Server: Vulnerability CVE-2023-25690 closed after PoC
Zero-day security vulnerability in MOVEit transfer
by Tina Siering
Attackers are currently actively exploiting a vulnerability in Ipswitch (a subsidiary of the US-based Progress Software Corporation) and gaining access to data when, for example, companies exchange documents with MOVEit, the Managed File Transfer (MFT) solution. Patch now!
Read more … Zero-day security vulnerability in MOVEit transfer
IT Security and the metaverse
by Tina Siering
A "revolutionary approach" or the "new Internet": There is no stinginess with superlatives when it comes to the topic of metaversum. Today's two-dimensional text and image landscapes on the monitors of our end devices are to become three-dimensional worlds of experience and shopping in the future. Today's metaverse platforms are still mainly in the gaming sector. But development is progressing steadily, and the way we work, socialise and live will change as a result. This will also open up new sales and growth opportunities for companies. But what does the metaverse mean for companies and organisations in terms of their IT security?
The internet is integrated into almost all aspects of our daily lives. However, when systems connected to the internet are connected to (e.g. critical) systems that have a direct impact on our economic prosperity, our livelihoods or even our health, insecure technologies and IT vulnerabilities open the door to cyber criminals and can create serious potential security risks.
The latest appeal from the German Federal Office for Information Security (BSI) to manufacturers of IT solutions is therefore clear and unequivocal: make your information technology products more secure!
Read more … BSI and international cyber security authorities call for more secure IT products
How cybercriminals secretly build in backdoors via SFX archives
by Tina Siering
Cybercriminals abuse SFX (Self-Extracting Archives) archives to undetectably install a backdoor in the victim's environment and execute PowerShell.
Read more … How cybercriminals secretly build in backdoors via SFX archives
Four good reasons to pursue a career as a CISO
by Tina Siering
As infrastructures and devices become increasingly digitised and interconnected, the potential attack surface for successful cyberattacks also grows. The position of Chief Information Security Officer (CISO) is therefore becoming increasingly common in Germany. Since he is responsible for the comprehensive cyber security strategy in companies or organisations - and thus essentially for the protection of sensitive data - the demands on professional and personal skills are immensely high. The long career path to becoming a CISO usually pays off: An attractive salary and good promotion prospects are just two of the advantages that come with the job as CISO. It is precisely the diverse challenges of the job description that offer the CISO great career potential.