BSI issues red alert for Log4J vulnerability

The BSI has declared a red alert level for the Log4j vulnerability on Saturday, Dec. 11, 2021. Numerous applications are threatened by the vulnerability.

According to media reports, the affected applications include iCloud and Minecraft, as well as a system from Tesla. Various federal agencies are also threatened by the vulnerability.

Read more

BayLDA führt anlasslose Kontrollen zur Sensibilisierung vor Ransomware-Angriffen durch

BayLDA conducts random checks to raise awareness against ransomware attacks

The BayLDA has announced that it will conduct audits at companies to make them aware of ransomware attacks and query the protective measures implemented by the companies against such attacks. In the last six months alone, companies reported several hundred such attacks to the BayLDA. The victims of these attacks are small to large companies from a wide range of industries.
Read more

BSI und BKA warnen vor Cyber-Attacken über Weihnachten

BSI and BKA warn of cyber attacks over Christmas

The German Federal Office for Information Security (BSI) and the German Federal Criminal Police Office (BKA) warn in a press release published on 02.12.2021 of increased attack risks (e.g. cyber attacks) on companies over the Christmas holidays this year.
Read more

Videobeitrag - TISAX - Prototypenschutz - IT-Sicherheit - Informationssicherheit - Informationssicherheitsbeauftrater - IT-Sicherheitsbeauftragter - IT-Security - Information Security Officer - ISB - ITS - Autohäuser

VIDEO: TISAX® prototype protection – what are prototypes and what should be considered?

In addition to information security and data protection, there is a third area in which the VDA-ISA defines requirements. In the video, we deal with this third area with the topic: “TISAX® prototype protection”.

Read more

NIS2 - Security of Network and Information Systems 2

NIS2 – Security of Network and Information Systems 2.0 for more cybersecurity in the EU

At the end of 2020, the EU Commission presented a draft for the Security of Network and Information Systems (NIS) 2.0 directive. This is intended to replace the NIS Directive, which became the first EU-wide cybersecurity law to come into force in August 2016. The new draft makes further demands on companies with regard to cybersecurity.

Read more

Another vulnerability in Microsoft Exchange servers

The widespread Microsoft Exchange mail server has again been targeted by cyber criminals. Last week, security researcher Orange Tsai presented a new attack method called ProxyShell on said software at the BlackHat security conference. This now prompts criminals to actively look for this loophole and exploit it, as the evaluations of various honeypots show. In computer security, a honeypot is, for example, a server that simulates the network services of a computer, an entire computer network. Honeypots are used to obtain information about attack patterns and attacker behavior. Due to the information obtained in this way, this situation is to be regarded as very critical, especially if the Microsoft Exchange Server can be reached via the Internet, which is currently the case with over 400,000 servers.

Read more

Unterschied zwischen TISAX und ISO27001 - ISMS

Difference between TISAX® and ISO 27001

Information security in the company is becoming increasingly important. In this context, the establishment and maintenance of an information security management system, ISMS for short, is of central importance. In order to successfully master this project, TISAX® and ISO 27001 are often referred to. This blog article will therefore highlight the difference between TISAX® and ISO 27001.

Read more

Brand bei OVHcloud - Cloud - Datenschutz - DSGVO

Fire at OVHcloud

Data in the cloud must also be secured!

The serious fire at Europe’s largest cloud provider OVHcloud last week vividly illustrates the consequences that can occur for companies if IT security is not given appropriate priority.
Due to the fire, all servers had to be shut down. The result: according to media reports, more than 3 million websites were at least temporarily unavailable. Among them were also those of smaller government institutions in various countries. And: Some customers lost data completely.
Many companies are only slowly realizing that IT security is not optional. Nevertheless, many still deal with the topic far too superficially and in many cases simply rely on “the cloud”.
The devastating fire at OVHcloud is a good example of what this can lead to. According to press reports, a number of customers lost data for good because they had not provided a sufficient backup.

Read more

Cyber Gefährdung - Datenschutz und IT-Sicherheit - Corona bedingt verschärft

Risk in the area of information security and data protection from Corona intensified

The corona pandemic has given SMEs in particular a boost in digitization. Collaboration tools have reached an unprecedented level of penetration. Home office is widely accepted by employers. For many companies and employees, everyday life in the company has improved and made it easier. Despite all the euphoria, one shouldn’t forget data protection and information security. The BSI (short for Federal Office for Information Security) also reminds of this in its “Report on the Situation of IT Security in Germany 2020” from October 20, 2020, in which it states that the attack surface and the associated cyber threat to criminals increased during the pandemic.
Read more

Daten, Papierarchieve, DSGVO, was gibt es alles zu beachten?

Data protection in data and paper archives

The digitization of processes, the outsourcing of data to cloud solutions, email archiving, the implementation of the requirements from the GoBD with regard to the documentation of digital business processes with corresponding storage solutions and backups as well as the handling of the extensive requirements for IT security and data protection resulting from all this are all part of the The center of the action.
Read more