A recent study shows: Attacks on the software supply chain are particularly lucrative for cybercriminals. A single hack within the supply chain is enough to infect several thousand companies with malware in one go. So it's no wonder that the criminal business with attacks on software components is booming - not least because supply chain security is often neglected. It would be very easy to close the security gaps with innovative solutions.
Read more … Attacks on the software supply chain are on the rise: How to act now
QNAP releases firmware patches for 9 vulnerabilities in video surveillance systems and NAS devices
by Tina Siering
Taiwan-based company QNAP has released security updates for its VS Series NVR video surveillance system and various models of network-attached storage (NAS) devices. Users should apply firmware patches promptly.
Cyber criminals have no industry boundaries. Even companies with a good IT security department can be affected by a cyber attack. What to do if it is successful? Experts use the term "incident response readiness" to summarize how to react appropriately in an emergency. Our article contains important first aid measures. It also shows how you can prepare your company to keep damage to a minimum in the event of a hacker attack. After all, a long-term and well thought-out strategy against cyber attacks pays off for all company stakeholders.
Read more … Cyber attack on your company? This is how to react correctly in an emergency!
"Sitting alone in a dark office wearing a hoodie" - The 5 biggest myths of cyber security
by Tina Siering
Cyber security experts are loners who sit in front of their computers all day in hoodies in darkened rooms, hacking lines of code upon lines of code into the keyboard, have no social life (and don't want one either) - the common opinion about working in cyber security teams is full of prejudices. The cliché from Hollywood movies, however, has little to do with reality.
In the course of digitalization, even small and medium-sized enterprises have to process more and more information and data. The data is elementarily important for maintaining operational processes. New technologies, for example the Internet of Things (IoT), as well as the globalization of the entire economy are making the network of digital services ever more closely meshed. The more sensitive and critical a company's own data is, the greater the need for protection. Current security analyses show that companies worldwide are at permanent risk of falling victim to cyber attacks. Particularly critical data must be adequately and continuously protected against cybercrime, such as sabotage, espionage and loss, in accordance with the EU Data Protection Regulation. In the event of a compromise, there is a risk of financial damage as well as loss of reputation. In addition, managing directors of a limited liability company can be held liable in the event of damage if they have not adequately secured their systems - in some cases, this can result in severe fines! In this context, penetration tests enable the rapid detection and elimination of IT and information security vulnerabilities that could result in a loss of personal data as defined by the EU GDPR. In this article, you will learn which pentesting methods are particularly suitable for medium-sized businesses and which of them is the right one for your company.
Read more … Pentesting: Which test methods are particularly suitable for medium-sized companies
Critical infrastructure: Allgeier secion provides IT security for Emden's public utility company
by Tina Siering
In a combined black and white box audit, Allgeier secion's IT security experts reviewed the entire IT infrastructure of Stadtwerke Emden. The goal: to prevent disruptions or failures and to meet the legally prescribed security requirements for energy providers.
Premiums for cyber insurance currently know only one direction: up. More criminal activity, an increased proportion of home office workers and the Corona pandemic have driven up premiums for what should be essential cyber insurance. According to an industry analysis, cyber insurance in the U.S. market saw a 130% price increase in 2021. For many small and medium-sized businesses, the premiums are barely affordable - or are no longer insured by providers in the first place. With ACD, the "Active Cyber Defense", there is an equally efficient and affordable alternative for reliable protection against cyber attacks. In this article, you will learn how companies can be protected against potential attacks in the best possible way, even without existing insurance coverage.
Read more … Premiums for cyber insurance soon unaffordable for SMEs? Can ACD be an alternative?
After the leak of chat logs at Conti: exceptionally deep insights into the ransomware group
by Tina Siering
The Conti gang is one of the world's most notorious, because most successful, hacker groups. With its ransomware-as-a-service business model, Conti provides cybercriminals with toolkits, instructions, and infrastructure - in short, all the accessories needed to extort ransom in the digital age. With the start of the Russian war of aggression on Ukraine, the Conti gang sided with the Russian aggressors - which apparently caused internal displeasure. At the end of February, data was leaked that provided unusually deep insights into the structures and daily routine of the ransomware group.
The hardware manufacturer HP warns that there are critical IT security vulnerabilities in more than 200 printer models. In this article, we explain what measures are now necessary to close the vulnerability and how printers can be secured in principle.
Read more … Critical security vulnerabilities in more than 200 HP printer models
Securing the online banking account, the e-mail inbox or access to the corporate cloud with a password is no longer sufficient given the current threat situation. MFA, multi-factor authentication, is a much more secure alternative for protecting sensitive areas. With MFA, two or even more credentials, so-called factors, are combined. But how exactly does multi-factor authentication work - and why should you also rely on this secure procedure? This article provides the answers.
Read more … What is multi-factor authentication (MFA) - and why is it so important?