KW 5: Emotet has been disrupted, Hamburg data protectionists are investigating Clubhouse, School platforms continue to be targeted

NEWS

Emotet has been disrupted: The world’s most prolific and dangerous malware botnet has been taken down following a global law enforcement operation that was two years in planning. Judicial authorities and law enforcement took down the botnet’s whole infrastructure from the inside after gaining control of its servers. Machines infected by Emotet are now directed to infrastructure controlled by law enforcement, meaning cyber criminals can no longer exploit machines compromised. Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Those behind the Emotet lease their army of infected machines out to other cyber criminals as a gateway for additional malware attacks, including remote access tools (RATs) and ransomware.
zdnet.com, bleepingcomputer.com

Hamburg data protectionists are investigating Clubhouse: The Clubhouse app has been extremely popular in Germany for the last few weeks. But data protection advocates are critical of the app. On Tuesday, Hamburg’s data protection representative Johannes Caspar announced that there were some doubts among local supervisory authorities about the practices of US operator Alpha Exploration, which is why Caspar has sent the Californian operators a questionnaire to check compliance with European data protection law.
heise.de

School platforms in Hesse continue to be targeted: As in other German states, the central school platform for digital teaching in Hesse has also become the target of numerous hacker attacks. So far, however, the site has withstood the attempts of cyber criminals while handling the enormous rush of schoolchildren, the education ministry announced on Tuesday. Representatives of teachers‘ unions criticized serious disruptions at the start of the Hessian school platform on Monday. The school cloud of the Hasso Plattner Institute, which is used by around 100 schools in Hesse, was temporarily disrupted.
fr.de

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of „Internet of Things“. iot-ticker.net

International „Change Your Password Day“: February 1 is Change Your Password Day; while not official, many tech sites advertise the day to their readers. Users are asked to change passwords on that day to improve security. In 2012, Matt Buchanan, who at the time was writing for Gizmodo, came up with Change Your Password Day. He wrote about how there was a proliferation of accounts on the internet that used passwords and lamented that he had twice experienced an account getting hacked. He thought it would be a good idea if everyone changed their passwords together on the same day, and Change Your Password Day was born.
ghacks.net, securitymagazine.com

New findings in Solarwinds hack: Investigators probing the massive Solarwinds hack of the US government and businesses say they have found concrete evidence the suspected Russian espionage operation went far beyond the compromise of the small software vendor publicly linked to the attack. Close to a third of the victims weren’t using Solarwinds software, which was initially considered the main avenue of attack for the hackers, according to investigators and the government agency digging into the incident. The revelation is fueling concern that the episode exploited vulnerabilities in business software used daily by millions. Hackers linked to the attack have broken into these systems by exploiting known bugs in software products, by guessing online passwords and by capitalizing on a variety of issues in the way Microsoft Corp.’s cloud-based software is configured, investigators said.
wsj.com

New feature to fight phishing: KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has announced it launched a new email security feature, PhishER Security Roles. PhishER Security Roles makes KnowBe4’s PhishER email quarantine security measures more efficient. It allows cybersecurity professionals to assign custom permissions for the exact incident response roles and responsibilities that they need in their organizations. “With phishing attacks continuing to escalate, sophisticated features for defense tools like PhishER are needed to combat these ever-present threats,” said Stu Sjouwerman, CEO, KnowBe4.
knowbe4.com

Trends: Five forecasts on cybersecurity in 2021 security-insider.de
Data security online: Trust is increasing gradually it-daily.net
Privileged access management: Tech Data expands cybersecurity offering with Wallix it-markt.ch
Podcast: Security on the net – that’s how easy it is to protect ourselves spiegel.de
Cryptocurrency: How safe are Bitcoin and Co? cicero.de

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

75 percent of consumers stated that they are concerned about the security of their data and devices since they increasingly use digital services due to Covid, according to the McAfee study „2021 Consumer Security Mindset Report“.
it-zoom.de

BACKGROUND

How the EU wants to avoid zombie cars: The more connected the cars, the more vulnerable the systems are to hackers. It is all the more important to maintain cybersecurity. The EU wants to counter threats from hackers with new rules for software updates that will apply from 2022. And that seems more than advisable, because according to the consulting firm Capgemini, around 110 million connected vehicles will be on Europe’s roads by 2023.
efahrer.chip.de

Manufacturing sector targeted by hackers: Many manufacturing firms are now relying on the networking of their production parts in order to increase the level of production and monitor them in real time. But networking often opens the door to internet crime because the infrastructure is outdated. In cooperation with the Center of Strategic and International Studies (CSIS), the software production company McAfee carried out an investigation into the extent of cyber attacks. Around two-thirds of the IT and business decision-makers surveyed said that their company was hit by cyber crime at least once in 2019. It shows: When networking production, it is essential to rely on a holistic cyber security strategy in the company. But the “human factor” should also be included. Therefore, IT security training for the workforce should be an integral part of the security strategy.
industrie.de

QUOTE

„[Unfortunately, it happens again and again] that providers from the US are pushing their way onto the European market or are simply successful with us with their products and services without complying with the most basic data protection requirements of the European digital market.“
Hamburg’s data protection representative Johannes Caspar.
t3n.de

SECURE?

Email delivery error due to expired Spamcop domain: Cisco’s SpamCop anti-spam service suffered an outage Sunday after its domain was mistakenly allowed to expire. SpamCop provides a Real-time Blackhole List (RBL) that mail servers can use to determine if incoming mail should be considered spam.
bleepingcomputer.com

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings