Cyber Security Blog

Dive with us into the world of hackers, data espionage, and attack defense - several times a week for free!

Criminals are currently exploiting a critical vulnerability in VMware's "ESXi" virtualization platform to infiltrate malicious code and encrypt virtual hard disks. According to media reports, hundreds of companies and institutions in Germany alone could be impacted. The vulnerability has been known for two years - and patched. IT security managers should urgently install the security update published by the manufacturer to prevent their systems from being compromised.

After hackers managed to successfully compromise the systems of a subsidiary of the FORUM Media Group, the affected network had to be completely rebuilt at great expense. After the attempted attack (fortunately, no data was leaked or encrypted), the internationally active media company commissioned the IT security experts from Allgeier secion. The aim was to have the company's own IT security checked externally in order to prevent any further security incidents of this kind.

The IT term "air gap" refers to the complete physical separation of a device or network from the internet. It is one of the most radical methods used primarily to secure a computer that stores extremely valuable information or controls high-risk processes. The basic idea behind "Air Gap": Without an Internet connection, no access to the computer - and without access, no chance for hackers. Nevertheless, computers and networks isolated by "Air Gap" do not guarantee 100 percent protection against compromise attempts. In this article, you will learn how cyber criminals rely on technical-physical methods such as ultrasound, thermodynamics and electromagnetic fields to gain access to supposedly inaccessible data - and what form of manipulation Israeli researchers recently achieved by successfully influencing electromagnetic waves.

In Germany alone, around 10,000 Microsoft on-premise Exchange servers are still not patched against the ProxyNotShell vulnerability, which has been known since September 2022. IT security managers should urgently apply the security update provided by Microsoft to prevent their systems from being compromised.

The networking of our devices also makes securing cars one of the great cybersecurity challenges of our time. Automotive technology is not only becoming more advanced due to integrated software systems, but also increasingly complex and vulnerable in its endpoints due to "smart features". Successful automotive hacks have increased greatly in the last three years, showing how attackers manage to successfully manipulate vulnerabilities in the APIs used by vehicle telematics systems remotely. A few weeks ago, the US-American, in his capacity as an ethical hacker, discovered serious security vulnerabilities at 16 leading car manufacturers.

A cyber attack can threaten the very existence of your company. Until now, the financial losses resulting from a successful hacker attack could be mitigated by taking out cyber insurance. But as losses from cyberattacks continue to rise, insurers have now adjusted premiums and exclusion criteria in such a way that policies are becoming less attractive in some cases. Experts even assume that insurers will soon offer no insurance cover at all against cyberattacks, or only very heavily regulated cover. Companies should therefore introduce systems now that will prevent them from falling victim to ransomware and data leaks in the first place.

Migrating IT applications to the cloud brings many benefits for businesses. But have you ever wondered if your corporate data is safe from theft and espionage in the cloud? The answer is no. While cloud providers usually deploy a web application firewall (WAF) to protect against cyberattacks, researchers have now discovered that some of these firewalls can be circumvented relatively easily. In this article, we'll tell you exactly how this works and how you can check whether your company's data is adequately protected by your provider's WAF.

The IT system provider CTL Computertechnik Lang uses Allgeier secion's Active Cyber Defense service for early attack detection at one of its customers. The "Managed Detection and Response Solution" enables the permanent monitoring of network traffic for anomalies and the timely detection of command & control communication of potential attackers. The result: a convinced reseller and enthusiastic customer who now even uses ACD himself.

The past year 2022 can be described succinctly: hardly predictable. A challenging economic situation, political upheavals accompanied by rapidly changing framework conditions, inflation, a shortage of skilled workers and rising energy prices have led to an unprecedented sense of insecurity, the effects of which are also clearly being felt in the IT security industry. Where will the key challenges lie in the next 12 months? We have given some thought to this and summarized them on the basis of the following 9 points, because one thing is already foreseeable: The threat level remains high and will continue to worsen in 2023.

In May 2022, Red Canary security researchers discovered a new computer worm that spread primarily via USB storage devices and network shares on Windows systems. The malware, dubbed the "Raspberry Robin or LNK worm," was initially thought to be relatively harmless. It initially spread quite quickly, but no downstream actions were apparent. However, in October 2022, Microsoft security researchers found that Raspberry Robin appears to be part of an extremely complex and highly interconnected malware ecosystem whose distribution extends beyond the initial USB drive distribution. In this article, learn how Raspberry Robin went from a simple computer worm to a gateway for malware - and how to protect yourself.