Michael Georg Speller

Bundesamt für Sicherheit in der Informationstechnik (BSI)'s 20th German IT Security Congress kicked off today, highlighting the growing issue of cyberattacks. According to the IBM X-Force Threat Intelligence Index 2024, hacks via stolen or compromised credentials have surged by 71% year-over-year. The manufacturing industry, at 28%, bears the brunt of attacks in Europe. To gain an edge in the cat-and-mouse game against hackers, cybersecurity experts increasingly leverage #blockchain for its immutability and tamper-proofing features. Other #CyberSecurityTrends2024 gaining traction include #ZeroTrust frameworks, the Secure Access Service Edge (#SASE), and proactive AI risk mitigation. Additionally, alliances form to foster resilient IT infrastructures. And who better to speak on #IndustrialSecurity strategies than the renowned K5 chief detective inspector Daniel Lorch? Mark your calendar for 23 May 2024, when the expert will share insider knowledge at our "SPS Technology Talk". Register for free (German only): sps.digital.mesago.com #SPS_live #BringingAutomationToLife

4

Are you new to cybersecurity? Ever heard of penetration tests? Our colleague Jonas will share some valuable insights on October 10th! In cooperation with our friends at DInO | Digital Innovation Ostbayern, Jonas will introduce you into the realms of cybersecurity. Learn about penetration tests and how they will help making your products safer! Best part about it? It's totally free to join! So what are you waiting for?

6

Apple warns of spyware attacks in 92 countries Credits: DER STANDARD #CyberSecurity #CyberResilience #DataProtection #SwissStartUp #InfoSec #CyberCrime #DigitalTransformation #CyberResilienz #Datenschutz #Cybersécurité #RésilienceCyber #Innovation #Switzerland #CyberSicurezza https://lnkd.in/e6WvKybB

2

In a large-scale operation against global cybercrime, a number of servers were confiscated and domains taken offline. Several people were arrested and an arrest warrant was issued for others. Credits: Swiss IT Magazine #CyberSecurity #CyberResilience #DataProtection #SwissStartUp #InfoSec #CyberCrime #DigitalTransformation #CyberResilienz #Datenschutz #Cybersécurité #RésilienceCyber #Innovation #Switzerland #CyberSicurezza https://lnkd.in/eWtBZ-Ze

2

The #Cybersecurity Maturity Model Certification (#CMMC) final rule is finally here – and its complexity warrants extra attention. Read our highlights. https://brnw.ch/21wOSvt

22

The DFSA's 2024 Cyber Thematic Review has been released. The Review underscores the ongoing importance of cyber security, and that it remains a priority for the DFSA. 641 firms were asked to participate in the Review, which assessed firms’ cyber security maturity and compared results with the outcomes of the 2022 Review. The 2024 Review highlights progress in hygiene practices but points to gaps in third-party risk management, encryption, testing and incident response. Read the full Thematic Review report here https://lnkd.in/gAnhnjvE For more on how our Cyber Security Team can assist you, please reach out to us https://lnkd.in/g7fYNTRD #cybersecurity #dataprotection #compliance

30

FaceDancer: An exploitation tool aimed at creating hijackable, proxy-based DLLs https://lnkd.in/dx_CSYtW #Pentesting #CyberSecurity #Infosec

1

🚀 DevSecCon Germany Sebastian Roth and Ardit Beu present “Using Threat Modeling to Create a DevSecOps Plan” with Mohamed AboElKheir! 🚀 Join us to learn practical approaches and best practices for embedding robust security measures into your workflow from the outset. 🗓 Event Details: • Date: 30th July • Time: 12pm CEST • Location: Virtual (Join from anywhere!) In this session, we will illustrate the importance of initiating the security planning process with a comprehensive threat model. This foundational step is essential for devising a strategic plan to select, implement, and configure the most suitable security tools. By proactively identifying potential threats and vulnerabilities, we can ensure that these tools effectively mitigate identified risks. Furthermore, we will discuss the integration of these tools into various stages of the development pipeline, thereby enhancing the overall security and resilience of your systems. Key Takeaways: • Foundational Importance of Threat Modeling: Understand why starting with a thorough threat model is critical for strategic security planning. • Early Identification of Threats and Vulnerabilities: Learn how early detection ensures that security tools are effectively aligned with identified risks. • Strategic Selection and Implementation of Security Tools: Gain insights into selecting, implementing, and configuring the most appropriate security tools based on the threat model. • Seamless Integration into Development Pipeline: Discover best practices for integrating security tools into different stages of the development pipeline. • Enhancing Security and Resilience: Explore methods to bolster the overall security and resilience of your systems through strategic planning and tool integration. Don’t miss this opportunity to learn from an expert in the field and network with fellow professionals! 🔗 Register now to secure your spot and be part of this insightful event. We look forward to seeing you there!

37

3 Kommentare

Security gaps found in encrypted cloud storage services Researchers from ETH Zurich have discovered critical security vulnerabilities in five popular end-to-end encrypted (E2EE) cloud storage services: Sync, pCloud, Seafile, Icedrive, and Tresorit, which serve around 22 million users. These cryptographic flaws could allow attackers to bypass encryption, access confidential files, tamper with data, or even insert unauthorized files. While all five providers claim to offer robust encryption, four of them showed significant vulnerabilities, undermining their security promises. Tresorit emerged as the most secure among the group, with only minor metadata tampering and file-sharing risks, whereas Sync, pCloud, Seafile, and Icedrive had more severe flaws. Key vulnerabilities identified include unauthenticated key material in Sync and pCloud, public key substitution risks in Sync and Tresorit, and protocol downgrade attacks in Seafile. These issues can enable unauthorized data access, interception, or brute-force attacks. Although Sync is reportedly "fast-tracking fixes" for some issues, other providers have varied in their responses, with Icedrive declining to address the concerns. ETH Zurich researchers highlight that such flaws are common in E2EE cloud services, calling for further investigation and a standardized protocol to ensure reliable encryption across the industry. #E2EESecurity #CloudStorage #Cybersecurity #DataPrivacy #Encryption #ETHZurich #TechSecurity #DataProtection #EndToEndEncryption #Sync #pCloud #Seafile #Icedrive #Tresorit #CloudSecurity #TechResearch #CryptographicFlaws #DataIntegrity #VulnerabilityReport #SecureCloud #DataConfidentiality #TechIndustry #FileEncryption #SecurityFlaws #DigitalPrivacy #SecurityStandards #DataSafety #ProtocolSecurity #StandardizedEncryption #CloudComputing #DataProtectionRisks #DigitalSecurity #CloudSafety #AttackPrevention #ITSecurity #CloudTech #CyberThreats #TechNews #ACMConference #ResearchFindings #TechJournalism #SecurityResearch #FileSecurity #CloudEncryption #PrivacyRisks #EnterpriseSecurity #DataIntegrity #CloudSolutions #DisruptiveTech

Vorarlberg IT Specialists Train to Defend Supply Chains Against Cyberattacks 🔐💻 On June 5-6, #IT experts from #Vorarlberg and Lake Constance region participated in a cybersecurity training in #Dornbirn. Using the AIT Cyber Range, they practiced responding to a series of severe cyberattacks on a supply chain of four companies. The exercise simulated IT system failures, ransom demands, media chaos, and food supply disruptions. The goal was to restore normal operations through emergency plans and communication strategies, which the participants successfully achieved.⚠️ Read more 🔗 https://lnkd.in/dHy7yQ3G Wirtschaftskammer Vorarlberg | Digital Factory Vorarlberg GmbH | #cyberrange

7

Spyware, claiming the good, doing the bad? 🔎 First, what is Spyware?   Spyware, a double-edge sword, is malicious software installed on a smartphone or computer. It secretly gathers information like location, browsing habits, keystrokes, while also intercepting all communications (messages and calls). These data are transmitted to third parties, jeopardizing both privacy and security of the user. 🤔 Why use Spyware?   Marketed by companies as legitimate software for monitoring and surveillance, spyware is often advertised with slogans like 'We work to save lives and create a better, safer world’ or ‘Create Insights, Win the Digital Race’. However, the reality behind these claims seems to be quite different. 😶 Who uses Spyware?   Mostly governments. Officially, they use them for anti-terrorism or other similar consensual purposes. In practice, government can also misuse them to surveil their own citizens or target specific individuals including journalists, political activists, and opponents who can fall victims to spyware. ☝️ The Ethical Dilemma of spyware?   Spyware are products meant to be sold by companies developing them. How can they control the final usage of the software? Similarly to a weapon dealership who sells a weapon, not knowing if its product will be used to harm other human beings. Ultimately, it raises similar ethical questions. Want to know more? Fred Raynal delves into the prevention of spyware misuse. Read the full interview here:  https://lnkd.in/ePBPdBEG

11

1 Kommentar

⚠️ ETH Zurich researchers have uncovered serious security flaws in popular end-to-end encrypted (E2EE) cloud storage platforms like Sync, pCloud, Seafile, Icedrive, and Tresorit. These vulnerabilities could allow attackers to access or manipulate sensitive data due to weaknesses in cryptographic designs. Issues range from file tampering and password brute-forcing to compromised file integrity, often caused by weak encryption protocols and unauthenticated keys. While some providers are addressing the flaws, Icedrive has refused to fix them. The findings highlight that even trusted E2EE services can fail to fully protect user data, emphasizing the need for stronger cryptographic security. For more insights 👉 https://buff.ly/3NF7Tcw #CyberSecurity #DataPrivacy #Encryption #CloudSecurity #E2EE #Cryptography #Vulnerability #DataProtection #CloudStorage #TechSecurity

2

Unveiling the Digital Curtain: In a sobering wake-up call, the cyber siege on the Social Democratic Party of Germany reveals its origins in Russia, underscoring the critical imperative for robust internal security measures. This breach not only highlights the vulnerabilities within political entities but also serves as a stark reminder of the pressing need to fortify and continually validate security controls within organizations to safeguard against ever-evolving cyber threats. To the post 👇 https://lnkd.in/dqBmDAJb

2