Peter Stelzhammer

#NetworkAccessControl (NAC) for the defense Organizations around the world are being targeted by cybercriminals looking to steal information and data from corporate networks and disrupt manufacturing processes. @Belden's macmon NAC is a field-proven, vendor-neutral network security solution that is easy to deploy and manage to protect both IT and OT networks worldwide. Read the full press article in German at @Itwelt.at: https://lnkd.in/esA2qVfW #otsecurity #networksecurity #cybersecurity

10

New feature in TaskForce 2024.6! 🎉 With the new TaskForce update, you can combine various ports into a group in Express mode. Each group has different settings of target folder, file format, type of hash to calculate, and case report fields. #dfir #digitalforensics #forensicimaging

13

The webinar on the cyber insurance market in Germany by Peter Pillath of hendricks GmbH highlighted several critical points: 1. High Frequency of Cyber Incidents: In 2023, over 135,000 cyber incidents were reported in Germany to the Bundeskriminalamt . This underscores the pervasive nature of cyber threats in the country. 2. Significant Downtime and Costs: The average downtime following a severe cyber incident is 21 days. The financial impact of these incidents is substantial, considering the costs associated with business interruption, data recovery, and other related expenses. 3. Importance of Cyber Insurance: Given the rising incidents and associated costs, having an appropriate level of cyber insurance is crucial for businesses. Cyber insurance can help mitigate financial risks and support recovery efforts. 4. Evolving Eligibility Requirements: As cyber incidents increase in volume and impact, cyber insurance providers are raising the bar. They now demand businesses to demonstrate a robust cybersecurity posture, which involves providing extensive information and proof of strong security measures. This evolving landscape necessitates businesses to adapt and meet these new requirements. These points emphasize the critical role of cyber insurance in the current threat landscape and the evolving requirements for businesses to secure coverage. A safe digital economy requires all of us to make sure we play our role.

6

📣Ep: 77.A of Ampcus Cyber Daily News Bulletin! 🌐 Stay tuned with us for the latest updates in cybersecurity. Stay Safe!! Check the Daily Cyber News Highlights 👇   1. Helsinki suffers data breach after hackers exploit unpatched flaw. 2. PyPi package backdoors Macs using the Sliver pen-testing suite. 3. Apple backports security patches for RTKit iOS zero-day to older iPhones. 4. Cybercriminals Steal One-Time Passcodes for SIM Swap Attacks and Raiding Bank Accounts. 5. INC ransomware source code selling on hacking forums for $300,000. 6. Botnet sent millions of emails in LockBit Black ransomware campaign.   Your Security is our Priority.   Deep Chanda Salil Sankaran Nikhil Raj Singh Jaideep Patil Prajwal Gowda Saikat Das (Sam)   #AmpcusCyber #cybersecuritynews #cybercriminals #cybersecurityawareness #cybersecuritythreats #cyberscams #malwareattack #hackers #malware #databreach #informationsecurity #cybernews #Cybersecurity #cyberthreat #vulnerabilities #hacking #ransomware #ransomwareattacks #security #dataprotection 

12

Have a question about #osco? Maybe it's already answered in our frequently asked questions: https://lnkd.in/e3sJdB6d We just recently extended the FAQ based on new questions received, so keep them coming! :) #osco24 #security #InfoSec #OpenSpace #conference [lisi]

5

🔒 Security Information and Event Management #SIEM is crucial for modern cybersecurity. A SIEM solution like Enginsight GmbH´s correlates, and analyzes security data in real time, enabling early threat detection and swift response. Despite challenges, investing in SIEM is key for a comprehensive #cybersecurity strategy. Read more about it in our new blog post:

19

🗣️ Attention Linux developers, researchers, and end-users! The Linux Security Summit in Vienna, Austria, 16-17 September is looking for speakers! We need you if you are an expert on: 🔧Security Tools 🔧Security UX 🔧Open Source Supply Chain for the Linux OS 🔧Emerging Technologies, Threats & Techniques 🔧AND MORE 💻 Submit to speak by 19 May: https://hubs.la/Q02rkWBc0. #LinuxSecuritySummit #OpenSource #OSS #CallForProposals #CallForPapers #CFP #CallForSpeakers #LinuxFoundation #events #OpenSourceDevelopment #OpenSourceCommunity #linux #security #UXSecurity #EmbeddedSecurity #IoTSecurity #OpenSourceSecurity #LinuxSecurity

39

#OWASP Top 10 #Mobile #Security #Threats: Our colleague Steffen Lortz is one of the 5 authors of the list. Our heartfelt congratulations! The OWASP® Foundation Top 10 lists (Download: https://lnkd.in/d-FmM4NW) are globally popular and recognised standards in developer and security circles for the most important security problems that need to be addressed in software development. Steffen, who works for us as a Principal IT Architect, was invited by the OWASP project manager to work with us at the end of 2022. Steffen: "It was a really cool experience to work with international security experts like Milan Singh Thakur, Alaedinne Mesbahi, Kunwar Atul, Mohamed Benchikh and Mohammed Junaid Tariq." Their investigations were based on security information provided by Google and data from companies about IT security problems they had identified. The group met every Wednesday morning to exchange information across the different time zones. Steffen also incorporated feedback from his colleagues in the mobile and cybersecurity departments. Steffen analysed and described 2 threats: ◾ Threat M6: Inadequate Privacy Controls   Privacy controls are concerned with protecting Personally Identifiable Information (PII), such as names, addresses, credit card data, information about health and sexuality. Almost all mobile apps process PII.   This information is valuable to hackers. They could use it to - impersonate the victim to commit a fraud, - misuse the victim's payment data or - blackmail the victim.   Privacy violations can have severe impact on the provider of a hacked app, like - sanctions from legal regulations (e.g., EU-GDPR), - financial damage due to lawsuits or - reputational damage due to media coverage.   Adequate privacy controls are achieved by minimizing the processed PII, only storing or transferring it when absolutely necessary and only with proper protection mechanisms. ◾ Threat M7: Insufficient Binary Protection   A mobile app's binary is its executable package, as downloaded from an app store. Binaries are subject to two types of attacks:   Reverse engineering: The binary is analyzed for valuable information, like secrets, algorithms or vulnerabilities.   Code tampering: The binary is manipulated to remove license checks, paywalls or to obtain other benefits. Alternatively, malicious code is injected.   Binary attacks can have severe impact on the app's provider, e.g., - follow-up attacks due to leaked secrets or vulnerabilities, - business damage due to copied intellectual property or - reputational damage due to distribution of malicious copies.   To achieve sufficient binary protection, countermeasures like obfuscation, encryption, integrity checks and penetration tests can be employed. Yet, what is sufficient highly depends on the particular app. Thanks to Emily Searle-White and Chrissie Gericke for the linguistic cross-check.

29

2 Kommentare

The latest update for #WSO2 includes "How #Asgardeo Protects You from Costly Downtime" and "Introducing the #Choreo CLI". #API #integration #cybersecurity https://lnkd.in/dUF72Rvs

1

🚨𝗖𝗼𝘂𝗻𝘁𝗱𝗼𝘄𝗻 𝘁𝗼 𝘁𝗵𝗲 𝗨𝗸𝗿𝗮𝗶𝗻𝗲 𝗣𝗲𝗮𝗰𝗲 𝗦𝘂𝗺𝗺𝗶𝘁: 𝗦𝗲𝗰𝘂𝗿𝗶𝗻𝗴 𝗔𝗴𝗮𝗶𝗻𝘀𝘁 𝗖𝘆𝗯𝗲𝗿 𝗧𝗵𝗿𝗲𝗮𝘁𝘀 🚨 With just days until the Ukraine Peace Summit at Bürgenstock Resort Lake Lucerne Bürgenstock Resort, Switzerland, the region is becoming a high-security zone. Critical infrastructure is being fortified against potential cyber attacks. Nick Mayencourt, Cybersecurity Expert and CEO of Dreamlab Technologies, emphasised the urgency: 'Sleeper viruses' could be activated at any moment, causing devastating impacts on critical infrastructures. Dreamlab Technologies has noted a sharp increase in #cyberattacks from Russia. These attacks range from automated website assaults to more sophisticated threats. This analysis and warning come from an interview with NZZ, highlighting the critical need for heightened cybersecurity measures during the summit. 🔗 Stay Informed: https://lnkd.in/e-EX-PUf #CyberSecurity #UkraineSummit #DigitalDefense #DreamlabTechnologies #CyberAwareness #CyberAttack #GlobalLeaders

29

Marc Heuse, Code Assurance Lead at SRLabs will present at Cybersecurity Summit in Hamburg on June 19th! His Keynote "Secure Application Development of the Future,” covers 🔒 Secure software strategies in agile environments 🔍 Advances in static code analysis & fuzzing  🚀 Emerging trends and future directions 🤖 The impact of large language models Join us in Hamburg and be part of the conversation Let's shape the future of secure software together! 🛡️✨ #fuzzing #cybersecuritysummit #securesoftware

42

🤔 How can hackers extort thousands of euros from you and millions from a company? Our CISO Michal Srnec talked about this in the Let's Talk Business podcast for Startitup. Why hacker attacks are on the rise and what consequences can these attacks have on individuals and companies? Watch or listen for yourself. 👇 #letstalkbusiness #startitup #podcast #videocast

16

🚀 Exciting News for Cybersecurity Enthusiasts! Join Jan C. Wendenburg of ONEKEY at the RSA Conference 2024 in San Francisco 🌉 on May 6th for his talk on "Automated Product Cybersecurity Compliance Management." Learn how ONEKEY's Product Cybersecurity & Compliance Platform can help you navigate the upcoming EU Cyber Resilience Act. Don't miss the chance to exchange ideas and insights with Jan! #RSAC2024 #Cybersecurity #ONEKEY #TechInnovation #ProductCompliance🛡️

6

Lineaje Tackles Open-Source Management with New Solution https://lnkd.in/eg_DKMBi The Challenge of Open-Source Software Risk Open-source software plays a crucial role in modern software development, enabling organizations to accelerate innovation and streamline development cycles. However, it also introduces significant security risks. Research indicates that open-source software has 10 times more risk than code created by internal developers and accounts for 95% of all risk in applications. The challenge lies in identifying and managing these risks effectively. Introducing Lineaje’s Open-Source Manager (OSM) Lineaje, a leader in continuous software supply chain security management, has introduced a groundbreaking solution called Open-Source Manager (OSM) to address these challenges by providing full lifecycle governance […]

2

Microsoft is publishing results of our longstanding investigation into activity by the Russian-based threat actor we track as Forest Blizzard (STRONTIUM) using a custom tool to obtain elevated permissions and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit CVE-2022-38028 in the Windows Print Spooler service as part of its post-compromise activities. Learn more about the technical aspects of GooseEgg, its deployment, and persistence methods, as well as recommendations for mitigating this threat. https://msft.it/6041YG3dW

5