KW 48: German interior ministry presents draft for IT security law, Twitter hires influential hacker as security boss, Thousands of Spotify accounts hacked

NEWS

German interior ministry presents draft for IT security law: The ministry has submitted what is now the third draft for the revision of the IT Security Act. The new law aims to improve IT security and add stricter controls. In addition, the Federal Office for Information Security (BSI) will be given expanded powers and will be better equipped for the fight against botnets and neglected devices in the Internet of Things (IoT). The new law could be passed in December.
netzpolitik.org, heise.de

Companies need to improve IIoT security: Vasgard GmbH, together with the Bielefeld University of Applied Sciences, carried out a study on the current status of Industrial Control Systems (ICS) security in companies. The results show that some of the principles laid down by the BSI in 2013 have already been implemented on a large scale. Other aspects still show shortcomings. According to the study, the Internet of Things (IoT) in particular causes problems because it is growing faster than devices can be secured. This can be remedied by a complete and regularly maintained network plan and constantly checked and updated recovery plans.
it-business.de

Several Japanese companies victims of hacking attacks: Between October 2019 and October 2020, the hacking group Cicada, which is said to have links to the Chinese government, carried out cyber attacks on several Japanese companies. The hackers used, among other things, a security gap that was recently closed. Most of the companies are part of the automotive sector. The companies are based in countries around the world, including Germany and the United States.
heise.de

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of “Internet of Things”. iot-ticker.net

Twitter hires influential hacker as security boss: Facing some of the most persistent security challenges of its 14-year existence, Twitter has turned to Peiter “Mudge” Zatko, a renowned computer security expert, and given him a broad mandate to bolster security at the social media platform. Zatko gained recognition in the cybersecurity industry as a member of L0pht, a Massachusetts-based hacking collective that famously warned Congress in 1998 about the insecurities of the internet.
cyberscoop.com

Thousands of Spotify accounts hacked: Thousands of Spotify users have been urged to check their security protection following a major cyberattack on the service. The music streaming platform is reportedly being hit by a “credential stuffing” attack that could allow hackers to take over user accounts, disrupting playlists and profiles, with around 300 million Spotify attacks at risk. Such attacks look to utilize login details and personal information gathered from separate data breaches or cyberattacks to gain access to specific platforms.
techradar.com

Microsoft: Russia: “No cyber attacks on pharmaceutical companies” derstandard.at
Cyber crime: Hackers trick GoDaddy employees zdnet.de
Hackers blackmail Munich housing company br.de
Cyber security: Solution from Rheinmetall wins Bundeswehr innovation award pressebox.de
Hacking: How to deal with an IT security incident correctly it-daily.net

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

Around 245,000 Windows systems are still affected by the Bluekeep vulnerability.
t3n.de

BACKGROUND

BKA trains its own cybercriminals: For two years, Germany’s Federal Criminal Police Office (BKA) has been training its own cybercriminals. Most of them are career changers. As with conventional investigators, their job is to track down criminals or prevent terrorism. In order to become part of the cyber unit of the BKA, they usually need previous knowledge in relevant subjects such as computer science, mathematics or physics. The main focus of the work is the cooperation with the authorities of other countries. In order to begin training as a cybercriminalist, interested parties must pass psychological and technical tests in a selection process.
welt.de

Increase in cyber attacks on companies: The number of cyber attacks has risen again this year, especially because of the Covid-19 pandemic. Many people are working in the home office and thus represent an easier target. Medium-sized companies in particular are poorly positioned in this regard. In addition to phishing and ransomware attacks, companies are also troubled by human error. Some security companies therefore specialize in risk dialogue, which is intended to sensitize managers and employees to dangers. Experts expect that the risks will not decrease in the future and that the costs of preventing attacks will therefore rise.
faz.net

QUOTE

“Phishing is sure to be a big trend that we’re seeing in active attacks. In addition, you can see more and more blackmail attempts as well as attempts to steal the identities of customers or employees.”
Marcel Zumbühl, Chief Information Security Officer (CISO) of Swiss Post, on the dangers that threaten IT security at Swiss Post.
computerworld.ch

SECURE?

Hacker not responsible for the death of a patient: Contrary to initial assumptions, a hacker was not responsible for the death of a patient in the Düsseldorf University Hospital. After a ransomware attack on the clinic, the police opened a criminal investigation into negligent homicide. It was the first time law enforcement officers had declared a cyber attack the cause of a death. However, it has now been shown that the patient’s condition at the time of the attack was already so bad that the attack was of no relevance. Attacks on hospitals and other medical facilities have increased significantly in the wake of the Covid pandemic.
heise.de

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings