Alarm shortly after implementation: ACD protects Weitzer Parkett from potential Log4j attack
by Tina Siering
Weitzer Parkett - one of Europe's leading parquet manufacturers - wanted to effectively and permanently strengthen its own IT security within the company. In order to respond to the acutely increased threat situation, the endpoint security used was to be supplemented by a solution that would enable proactive monitoring of all systems in the network. After extensive research, those responsible decided to use Allgeier secion's lean but effective Active Cyber Defense (ACD) service instead of the initially considered SIEM (Security Information and Event Management) solution - just in time to nip a Log4j attack in the bud.
Dark Utilities: Platform offers Command&Control as a Service
by Tina Siering
The use of cloud services has been commonplace for companies and private users for several years. The cloud simplifies and accelerates data exchange, makes information available worldwide, regardless of device, and enables modern, location-independent work. Many service business models are also based on data exchange via the cloud or via platforms that can be accessed via the Internet. Various "as-a-service" services offer immediate access to software via practical subscription models, in many cases making the purchase of hardware superfluous and relieving companies of resource-intensive care and maintenance work. Cybercriminals have also discovered the many advantages of this type of platform for themselves. With the "Dark Utilities" service, a platform is now available that enables cyberattacks at low cost, with outsourced development effort and without the need for in-house server infrastructure. In this article, learn how Dark Utilities works, what the dangers are, and how you can protect yourself and your company from the new, dark business model.
Read more … Dark Utilities: Platform offers Command&Control as a Service
Six golden rules for enhanced email security
by Tina Siering
The most widely used method of communication in organizations and companies is still e-mail. It is therefore not surprising that more than 90 percent of successful cyber attacks start with a supposedly harmless e-mail. In almost all cases, the weak point is invariably the same: the human being. Fake sender identities increase the chances that malware attachments will be opened. The perfidious game of the CEO-Frauds is so successful because the attackers already familiarize themselves in advance with the company's circumstances in great detail. With the following six rules, you can effectively protect yourself from the threat of ransomware, phishing, virus-infected attachments and the like.
What do the ancient Romans, Leonardo da Vinci and 21st century cybercriminals have in common? The answer is "steganography," the hiding of secret information in an innocuous, inconspicuous environment. The ancient technique of steganography is in fact currently one of the greatest dangers that can lurk for users during digital data transmission. Cyber criminals have currently refined the techniques of steganography to such an extent that malware can hardly be detected by conventional security technology. In this article, you will find out what exactly this term means, what tricks hackers can use to infiltrate malware onto your computer, and how you can protect yourself against this undetected danger.
Read more … Steganography: How secret code in media files becomes a threat to IT security
LastPass confirms security incident
by Tina Siering
Back in mid-August 2022, unknown attackers gained access to servers of the password manager provider LastPass and were able to successfully copy internal data.
The company has now acknowledged the incident in a blog post and assured: Master passwords and user data in the encrypted password vault should not be affected. What users of the service should consider, however, can be read in the short blog post on the topic.
In order to close potential IT security gaps, sensitize its own employees and be prepared for the worst case scenario, the Versorgungswerk der Zahnärztekammer Berlin commissioned Allgeier secion with a comprehensive, three-part IT security audit. In addition to a black box and a social engineering audit, the incident response readiness strategy was also put to the test.
Read more … Comprehensive IT security audit at Versorgungswerk der Zahnärztekammer Berlin (VZB)
Vulnerabilities in Apple's WebKit and the operating system kernel allow attackers to execute malicious code on iPhones, iPads and Macs and significantly expand privileges. Users of affected devices should immediately install the manufacturer's emergency update.
Read more … Apple fixes two critical zero-day vulnerabilities - updates strongly recommended
Security risk IoT devices - the underestimated danger
by Tina Siering
The abbreviation IoT stands for "Internet of Things" and refers to the increasing networking between "smart" devices and machines both with each other and with the Internet. To achieve this, the devices are equipped with network cards (LAN or WLAN). Often used for cost-saving reasons, smart building objects found in companies, such as fire detectors or IP cameras, already form the standard today. However, when acquiring IoT devices, many organisations are not aware that they entail major risks for IT security. To protect themselves from data espionage, operational failures and network compromises, companies and organisations should take effective security precautions.
Read more … Security risk IoT devices - the underestimated danger
"It needs to work, it has to be simple and it must be affordable": Elbe-Werkstätten trust Allgeier secion's Active Cyber Defense (ACD) service
by Tina Siering
As an inclusive institution, Elbe-Werkstätten has an increased security risk when it comes to IT security. In addition to already existing, established security solutions, further measures in the area of "Managed Protection and Response" (MDR) should therefore be added. The condition: It had to work simply, be affordable and also be implementable with a small team. After some research, those responsible decided on Allgeier secion's lean but effective Active Cyber Defense (ACD) service instead of their own SIEM solution (Security Information and Event Management), which they had initially considered.
How hackers are circumventing multi-factor authentication - and organizations should upgrade now
by Tina Siering
The use of multi-factor authentication (MFA) significantly increases the level of access security compared to the simple use of username and password and makes it more difficult for cybercriminals to access sensitive data. With MFA, two or more credentials are required to gain access to a system, for example, via additional confirmation of login via personal smartphone. Multi-factor authentication actually adds a significant amount of security - but that the process protects one hundred percent against successful account takeovers is a fallacy! Learn in this article which seven tactics are used by cybercriminals to circumvent MFA.