Caution, Quishing: Criminals use QR codes for phishing attacks
by Tina Siering
QR codes have been around for almost 30 years. Today, we scan the square codes with our smartphone as a matter of course to release bank orders, create a digital vaccination certificate or retrieve coupons. However, since QR codes are also used by cybercriminals for fraudulent purposes, you should not trust the little squares without limits. You should be especially careful if you receive a QR code via email: A sophisticated phishing attack could be hiding behind it. We show you how to recognize quishing attacks and protect yourself from them.
Read more … Caution, Quishing: Criminals use QR codes for phishing attacks
8 criteria to recognize a secure website
by Tina Siering
As practical, useful and indispensable as the Internet is, countless dangers lurk there. Cybercriminals mercilessly exploit any vulnerability, no matter how small, to infiltrate networks, compromise computers, steal identities or leak data. As more and more effective and multi-layered defenses against cybercrime are being deployed in the IT security arena with extreme reliability, humans remain the greatest vulnerability. Hackers usually choose the easiest way to get to their target - and that way is far too often through users. In this article, we highlight the risks that can arise from surfing the Internet and list eight criteria that can be used to identify a reputable and trustworthy website. Also learn how to best secure networks against cyberattacks.
Three tools hackers use to attack your Active Directory
by Tina Siering
If you understand what makes people tick, you can manipulate them. Psychological influence through sophisticated interpersonal interaction is known as social engineering - and is responsible for around 98% of all cyberattacks! The classic is the fake email that lures unsuspecting victims to fraudulent websites. Or criminals use false identities on social networks to obtain confidential information. Through targeted manipulation, social engineers get people to do things they wouldn't normally do. Nowadays, networks can be secured more and more reliably by versatile IT security solutions, but "human hacking" still remains the biggest vulnerability in cybersecurity. In this article, you will learn which social engineering tactics cybercriminals use and which tools attackers use to take over compromised systems.
Read more … Three tools hackers use to attack your Active Directory
QakBot malware: Warning of increasing attacks
by Tina Siering
For several days now, there has been a strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide. We have also already identified successful attacks as part of our ACD monitoring. After infection, criminals can gain access to online banking accounts, leak user data, and reload further malware. As one measure to mitigate the risk, we urgently recommend adjustments to the Group Policy Objects (GPO).
Cybercriminals are true masters at constantly adapting their attack mechanisms to effective IT security measures. New tools and iterative changes to existing malware are used to mercilessly exploit security vulnerabilities. Among the numerous threats, ransomware stands out as one of the biggest. More and more companies have to face extortion Trojans. A completely new threat called LockFile now relies on intermittent encryption. LockFile not only encrypts much faster than previous ransomware, but also bypasses security solutions that work reliably. This article shows why criminals are increasingly relying on intermittent encryption and how companies should react to the new threat.
Read more … New ransomware trend: Why criminals increasingly rely on intermittent encryption
Ad Hoc News: Warning of "BlueBleed" data leak at Microsoft
by Tina Siering
In a blog post on 19.10.2022, Microsoft confirmed that sensitive customer data had been exposed!
The reason was a misconfigured Microsoft endpoint server that was publicly accessible via the internet. In total, it can be assumed that sensitive data from approx. 65,000 companies in 111 countries was publicly accessible.
Read more … Ad Hoc News: Warning of "BlueBleed" data leak at Microsoft
Emails: The five biggest security mistakes
by Tina Siering
In 1972, a Canadian IT consultant named Ian Sharp ventured a prediction that would go down as one of the biggest miscalculations in computer technology. At the time, Mr. Sharp was rock-solidly convinced that "e-mail was a totally unsaleable product." Today, 50 years later, electronic mail has become the most important digital communications tool of all. More than 200 billion e-mails will be sent in 2022 - and that's every day. But e-mail has not only become indispensable for communication between private individuals or companies; it is also used frequently and with pleasure as a marketing tool. The German economy invests around two billion euros in e-mail advertising every year. Despite or perhaps because of its long history, e-mail is still surrounded by security myths. In this article, we have summarized the five biggest security errors in dealing with e-mails. Not surprisingly, email is still one of the main gateways for cyber attacks on companies.
Whether white-hat, black-hat or grey-hat: the basis for successful hacking is always the willingness to learn. Ambition, motivation and personal commitment pay off particularly well in the field of ethical hacking. This is because pentesters are sought-after specialists who are inundated with well-paid job offers, especially in times of extensive digitization. If you are interested in hacking, are considering a career in the field, or simply want to learn more about the methods and techniques of ethical hackers, we recommend the TOP 5 YouTube recommendations of our IT security consultants.
Read more … Learn to hack - the TOP 5 YouTube recommendations of our IT Security Consultants
Top News Exchange Hack: New Microsoft Exchange zero-days are actively exploited for attacks
by Tina Siering
Attention: On September 29, 2022, GTSC published a blog article about high-risk vulnerabilities! It reports on a new attack opportunity that exploits two not yet disclosed vulnerabilities (0-Day). In doing so, attackers can perform remote code execution (RCE) on affected Microsoft on-premise Exchange servers. Our security analysts have also verified anomalies in connection with the new zero-day vulnerabilities during active analysis as part of our Managed Security Services. The vulnerability occurs, among other things, in Outlook Web Access (OWA) or in a related component and has not yet been fixed by Microsoft.
Malware, composed of "MALicious" and "SoftWARE", is the generic term for malicious software explicitly created to infect IT systems. This buzzword covers a wide variety of malware - from viruses and worms to adware and spyware, rootkits and ransomware. In this article, we show the different types of malware, assess the threat potential for your company and provide valuable tips on how you can protect IT systems, networks and end devices from the numerous threats.
Read more … Different types of malware, potential threats and tips for protection!