Cyber Security Blog

Dive with us into the world of hackers, data espionage, and attack defense - several times a week for free!

The security vulnerability in the Java framework Log4Shell caused an uproar in the IT world. Hackers discovered the vulnerability in December 2021 and exploited it on the spot. Since then, the incidents have been accumulating, and the full extent cannot yet be estimated. At the same time, security experts warn about the long-term consequences of the vulnerability. Due to the wide distribution and the particular way Log4Shell is implemented, an unknown number of users are still at risk.

Recently, Microsoft informed about the vulnerability CVE-2021-40444 in the office software Office. The corresponding MS Office patch was already released in September 2021. Now it turns out that Microsoft did not even fix the cause of the vulnerability with the patch. Experts warn that criminals will continue to exploit the vulnerability and have even uncovered further potential dangers in connection with the exploit.

The cyber threat situation will remain extremely tense in 2022: IT security threats will be characterized by optimized attack strategies and methods that target companies and employees more perfidiously than ever before. If 2021 were already a "successful" year for cybercriminals, the cyber security risks in the new year would be even more so. In this article, you can find out which IT security threats companies will face in 2022.

Attackers can gain access to affected systems via a critical vulnerability in the Java logging library "Log4j". Users of Log4j versions 2.0 to 2.14.1 should immediately apply a patch to close the gap. We provide concrete recommendations for action in the article and supply a regularly updated list of callback domains.

Microsoft Exchange is used on many e-mail servers. There have been repeated attacks on vulnerable Microsoft Exchange servers in recent months. A BSI warning urges all administrators to check their systems and update Microsoft Exchange immediately. The reason for this lies in new IT security vulnerabilities in Exchange, which Microsoft closed with patches in October and November. Nevertheless, many servers are still vulnerable because no update has been made.

The home office has become a permanent part of many companies in the last two years. One primary reason for this is the Corona pandemic. At the same time, working from the home office has created a host of new IT security risks. The now more complex network structures and the human risk factor provide threats. With the following six tips, companies increase IT security in the home office and thus reduce the dangers posed by such a network structure.

While corporate IT security is becoming more and more powerful, cybercriminals are using open backdoors for supply chain attacks that are quite a sight to behold. Last May, cyberattacks such as SolarWinds and Passwordstate were public. A new study now shows that supply chain security has not changed much for the better. The supply chain remains a "blind spot" regarding potential risks threatening a company.

A large proportion of Internet users still believe that their data is of no interest to criminals. Many of them think that only well-known people are worthwhile targets for identity theft. In reality, however, fraudsters are particularly interested in the data of inconspicuous people. These are much easier to use for their fraudulent schemes, precisely because they are unknown persons.

Emotet belongs to the category of macro viruses. The malware has been known since 2014 and spreads via attachments in emails. At the beginning of 2021, we reported on our blog about how police authorities had dismantled the infrastructure behind Emotet. At the time, we already pointed out that the threat posed by the Emotet malware had not been banished for good. Now the malware is indeed back, as the latest analyses show.

Online and mobile banking are now widespread. Across the generations, banking transactions are gladly done on the PC or even via the smartphone. Cybercriminals take advantage of this and attack computers and cell phones with online banking Trojans. Experts see an alarming trend of increasing attacks of this kind, in which the hackers work with phishing and even more sophisticated methods. Those affected not infrequently have to bear the damages themselves because the jurisdiction in online banking is complicated.