KW 9: Experts criticize Germany’s IT security law, Reformed BND law is headed for the constitutional court again, Medical data of 500,000 online in France cyberattack

NEWS

Experts criticize Germany’s IT security law: The draft for the German government’s new IT security law drew heavy criticism from experts in the parliament’s interior committee on Monday. The experts unanimously spoke out against the draft, which had so many weaknesses that, according to constitutional law teacher Klaus Gärditz, a “fundamental reformulation” was necessary. The main reason for criticism is a passage which, in the event of security concerns, would allow the interior ministry to prevent the use of critical components in the telecommunications network and other critical infrastructures. The regulation is aimed at the Chinese company Huawei, which could play a central role in the expansion of the 5G network in Germany, but which is said to have close ties to the Chinese government.
faz.net

Reformed BND law is headed for the constitutional court again: There is also fierce criticism from experts with regard to the new law for Germany’s Federal Intelligence Service. After the constitutional court in Karlsruhe classified the original law in 2016 as unconstitutional, the federal government submitted a new draft to the Interior Committee last week. Critics fear that the plan is to not only legalize the surveillance of the secret service abroad, but also to expand it. According to the new draft, the German foreign secret service is likely to legally hack telephone and internet providers in friendly countries in the future. The invited experts attested that the plans had considerable “constitutional risks”.
netzpolitik.org

Medical data of 500,000 online in France cyberattack: Confidential medical data from nearly 500,000 people in France, including names and contact details, has been stolen and put online. The identifying information was sometimes accompanied by details of people’s blood type, social security number, date of birth, general practitioner, health insurance provider, medical treatments, illnesses and health updates, including pregnancy test results. All of the labs that stole data were using software created by specialist healthcare provider Dedalus. Didier Neyrat, managing director of Dedalus France, told Agence France-Presse: “We are not sure that the only reason for this incident is the Dedalus software.“ But, he added: “We have set up a group of crisis cells because we take this seriously, and we will work in partnership with our clients to understand what happened.”
fr24news.com

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of „Internet of Things“. iot-ticker.net

New US investigations against Israeli spyware manufacturers: The NSO Group appears to be facing renewed scrutiny by the US Department of Justice (DoJ) months after leading technology companies said the spyware maker was “powerful and dangerous” and should be held liable to the country’s anti-hacking laws. DoJ lawyers recently approached the messaging app WhatsApp with technical questions about the alleged targeting of 1,400 of its users by NSO Group’s government clients in 2019, according to a person with knowledge of the matter. NSO Group was reportedly facing an FBI investigation in early 2020. People familiar with the matter said it had seemed to stall, but that the DoJ was showing renewed interest in the case. It is not clear which suspected hacking targets DoJ investigators are examining or what phase the investigation is in.
theguardian.com

New Unc0ver tool enables hacking of iPhone 12: An iPhone hacking team has released a new jailbreak tool for almost every iPhone, including the most recent models, by using the same vulnerability that Apple last month said was under active attack by hackers. The Unc0ver team released its latest jailbreak this weekend, and says it works on iOS 11 (iPhone 5s and later) to iOS 14.3, which Apple released in December. In a tweet, the jailbreak group said it used its own exploit for CVE-2021-1782, a kernel vulnerability that Apple said was one of three flaws that may have been actively exploited by hackers. By targeting the kernel, the hackers are able to get deep hooks into the underlying operating system.
techcrunch.com

BND uses unconventional methods to search for new employees: A recruitment campaign by Germany’s Federal Intelligence Service is currently causing a stir. „Follow the glitch karnickel“ („Follow the glitch rabbit“) is the name of the campaign that the foreign secret service is using to look for hackers to hire. Some time ago, the BND set up its own department for IT specialists who deal with hacking, cryptography and data analysis. The so-called white hat hackers are supposed to give Germany an information advantage and take action against terrorism, the proliferation of weapons of mass destruction, human trafficking, organized crime and industrial espionage. As part of the campaign, rabbits were painted on the side of different Berlin buildings. Those interested can use the link written under the rabbit to reach the application for the BND – while the name of the secret service is never explicitly mentioned.
morgenpost.de

Protection: What Fritzbox users can do against attacks on their routers heise.de
Attack: Digital entry registration of the federal government targeted by hackers bz-berlin.de
Learning platform: 14-year-old responsible for attacks on BigBlueButton and Moodle? swr.de
Covid: Security report shows extent of cyber attacks during pandemic sicherheitsforum.ch
Partnership: IT security company Stormshield and LogPoint announce cooperation it-daily.net

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

From January until the end of October 2020, a total of 1.02 billion attacks were carried out on systems protected by the Mimecast security system – an increase that Mimecast Vice President Klaus Seidl attributed to the increased use of home offices.
it-zoom.de

BACKGROUND

Apple urged to improve the validity of its app privacy labels: At the end of January, a report from „The Washington Post“ called attention to the recently launched app privacy labels for Apple’s App Store. The small-scale study showed more than half the third-party apps’ self-submitted privacy labels were completely false or at least misleading. Now the US House Committee on Energy & Commerce has urged Apple to improve the validity of its App Privacy labels along with asking for more specifics on the system.
9to5mac.com

Lazarus hacker group: How dangerous are the North Koreans? The notorious North Korean hacker group Lazarus is said to have tried to spy on vaccine data from pharmaceutical company Pfizer. This is at least indicated by the attacker’s approach, which is very similar to earlier operations by the North Korean elite unit. In an interview with “Wirtschaftswoche”, cybersecurity expert Min Chao Choy warns against underestimating the hacker group. In 2011, the group was successful in identifying security weaknesses in South Korean computer game companies and selling them to third parties. The group is funded directly by the state and is an important source of foreign currency, which the Pyongyang regime relies on. The hackers focus on foreign banks and cryptocurrencies. The attempted attack on Pfizer could be related to the ambitious North Korean attempt to develop its own Covid-19 vaccine.
wiwo.de

QUOTE

„In view of the granted period of only one day for participation (in earlier drafts), a comprehensive assessment of the draft law that is appropriate to the significance and effects of the IT-SiG 2.0 is only possible to a very limited extent.“
The eco-Verband der Internetwirtschaft not only criticized the content of the new IT security law drawn up by the German government, but also the procedure, which was hardly suitable for dealing intensively with the content of the draft.
heise.de

– Anzeige –
IoT: Melita.io IoT-Netz auf LoRaWAN-Basis etablieren, building IoT 2021, Sigfox Germany setzt auf 0G iot-ticker.net
Blockchain: Diana Biggs steigt bei Valour ein, Bitcoin: Keine Herausforderung für US-Dollar, BMW unterstützt Blockchain-Startup Vendia blockchain-ticker.net
Smartlife: Google 3D Animals: Fantastische Tiere in lebensgroßer 3D-Ansicht, „Smart Home“ – Energiewende als Treiber, VdTÜV-Studie: Sorge vor Cyberangriffe auf vernetzte Produkte steigt smartlife-ticker.net
AI: Startup to increase chances of artificial insemination with AI, Volkswagen is exploring flying vehicles in China ai-ticker.net

SECURE?

App wants to teach children how to handle IT security: Users of digital tools and devices are getting younger and younger. And it’s never too early to be concerned with safety. The developers of Foldio thought so too and have developed a point-and-click adventure for children ages seven and up. It is available on the German app store and was developed in cooperation with the Federal Ministry of Education and Research and the CISPA Helmholtz Center for Information Security. In the game, Finn the Fox is supposed to teach children the basics of data protection, cyberbullying, passwords and child protection.
appgefahren.de

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings