Hacker behind doxxing of German politicians charged: German prosecutors have announced that they have brought charges against a 22-year-old hacker who released personal data of dozens of politicians, journalists and other public figures online. The German man – arrested in January last year – is accused of multiple computer crimes, as well as making false reports to the police and attempted blackmail. Police at the time of his arrest said he had confessed to stealing and leaking online private data – so-called doxxing – from hundreds of politicians and public figures, among them Chancellor Angela Merkel. Further charges include a blackmail attempt against several German MPs, in which the hacker demanded Bitcoin payments worth around 900 euros in exchange for withholding their personal data.
Hackers blackmail online shops: More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the amount of stolen data is much larger. The attacker is hacking into insecure servers that are reachable over the public web, copies the databases, and leaves a note asking for a ransom in return of the stolen data. According to “Bleeping Computer”, some of the wallets used by the bad actors have already received a combined total of BTC 5.8 (about 51,000 dollars) in about 100 transactions.
Fresenius data has appeared online: Medical data and personally identifiable information belonging to patients at a Fresenius Medical Care unit are currently available online on a paste website. Fresenius is a large private hospital operator in Europe and its systems were compromised as part of a massive campaign from Snake ransomware that targeted organizations across all verticals. The hackers published a small batch of data but they announced that there was more to come, announcing that the data is part of a much larger leak.
Researchers find Bluetooth vulnerability: Cybersecurity experts have found a security vulnerability in the process of pairing Bluetooth connections. According to the researchers, the key that is generated between two devices when paired can be intercepted. This can happen, for example, when connecting to loudspeakers and a smartphone or between two smartphones. With the key it is possible for hackers to access devices and cause possible damage.
IoT is a challenge for IT departments: A survey by monitoring specialist Paessler shows how many companies are currently still struggling with IoT. 54 percent of German IT administrators surveyed stated that IoT was their greatest challenge. The rise in networking of devices increases the security and administration requirements for the IT departments of companies. “An IoT network is only as strong and secure as its weakest endpoint. Every connected device is a potential gateway into the network,” says Gabriel Fugli, Team Manager at EMEA Paessler. Other issues that IT administrators struggle with include data storage and big data, which are also becoming increasingly important in the course of IoT development.
Awareness & automation: The yin and yang of cybersecurity computerwoche.de
2010-2019: Ten years of cybersecurity in retrospect it-daily.net
Guide: How do companies protect themselves and their customers? t3n.de
Home office: Cybersecurity in the aftermath of Covid-19 it-daily.net
EU Cybersecurity Act: Uniform EU standards for IT security cio.de
NUMBER OF THE WEEK
57 percent of Austrian companies were victims of cyber attacks last year, according to a recent study.
Cyber insurance is not always enough: Florian Jörgens, Chief Information Security Officer at Lanxess, has explained that an increasing number of companies are insuring themselves against cyber attacks. In fact, the number of hacking attacks on companies is rising, as the example of EasyJet recently showed. Personal data records were stolen from the airline. Jörgens warns, however, that insurance companies don’t work in important cases: on the one hand, humans are still the biggest risk factor – they often open emails with malware. On the other hand, attacks often originate from networks of suppliers and partners – not from their own infrastructure, which can be well secured. Companies should therefore examine the policies for cyber insurance closely so that, in case of doubt, they aren’t forced to pay up following a hacking attack.
Facebook is preparing measures to fight election manipulation: In 2016, Russian hackers made headlines by intervening in the US presidential campaign. The scandal wasn’t just about the hacking of Hillary Clinton’s emails, but about propaganda campaigns on social networks like Facebook. Global Threat Disruption chief David Agranovich said in an interview that they are now much more vigilant. Russia is by no means the only actor – groups from Iran or China, as well as independent groups, are also trying to spread disinformation. The aim is no longer to put a candidate in a bad light, but rather to question democratic processes and to increase divisions within the population.
“The cyber agency is a company that will be founded shortly to stimulate and coordinate research. It’s about answering research questions from the Federal Criminal Police Office, the Federal Police, the Navy, and the Air Force.”
Christoph Igel, managing director of the new federal cyber agency in Germany, has talked about the agency’s tasks.
Launch of the Trustwave Security Colony: Trustwave has expanded the reach of its unique cybersecurity collaboration platform, which leverages sourced knowledge from a global community of organizations to help others solve pressing cybersecurity challenges, beyond its birthplace of Australia. Through Trustwave Security Colony, organizations gain access to a wealth of resources – best practices from real-world consulting initiatives, risk assessment tools and guidance from high-level security experts – to bolster their security postures.