Criminals getting closer to State Actors

A few years ago, we saw a clear difference between state actors and criminals looking at the technologies and procedures they applied attacking an environment. Over time we have seen these two groups coming closer together. In the meantime, criminals seem to have caught up. They started to use more sophisticated and targeted malware and…

Ukraine Power Outage Confirmed as Cyber Attack

Andi t will happen again; I would expect: Ukraine Power Outage Confirmed as Cyber Attack …and not “only” in Ukraine. Swiss TV did a series called Blackout on January, 2nd – three days the power is gone and what happens, what happens afterwards etc. There were seven “fictions documentaries“, which were really interesting. What was…

Recommendations for Intelligent Public Transportation

We talked a lot about critical infrastructure protection – especially in the light of failures thereof. Therefore I really like some of the work ENISA does on recommendations for them.

Here is a new one for intelligent public transportation: Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations

Blackout of Critical Infrastructure – it will be about Resilience this year

Remember the prediction we have seen in a lot of “what security brings us in 2016” that we will see failure of critical infrastructure due to security incidents. Well, it seems that news just waited for the year to turn 2016 to appear (not exactly, the US news appeared late December): The US Power grid…

Better Metrics Needed to Assess Security of Critical Infrastructure?

This is actually an interesting discussion: Critical Infrastructure: Better Cybersecurity Metrics Needed. From a high level view there is nothing you can object here. Definitely we need better metrics and definitely it would help us to understand the maturity of security in any given company – not just the critical infrastructure. But wait, I think…

Targeted Attacks – a Video Series

Trustworthy Computing in partnership with Microsoft IT, Microsoft Consulting and the product groups just released a series of videos on targeted attacked and how to defend.

I would definitely urge you to listen to them and make sure you implement the countermeasures: Targeted Attacks Video Series


Enhanced by Zemanta

Internet Accessible SCADA Systems

This is a fairly scary view of the world…. Freie Universität Freiburg mapped the Internet accessible SCADA systems. Have a look on your own:


Enhanced by Zemanta

Security in 2013 – the way forward?

Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into…

Mitigating Pass the Hash Attacks

In the recent months, we have seen more and more targeted attacks towards our customers. A lot of them use a technique called Pass the Hash. This made us publishing a paper, which explains Pass the Hash but much more important shows some fairly simple to implement mitigations against this type of attack. As they…

UPDATE: Security Advisory – Update For Minimum Certificate Key Length

Yesterday I blogged about the Security Advisory – Update For Minimum Certificate Key Length. I would like to take the opportunity to give some more information on it. The reaction on the advisory is interesting so far. Some customers expect mainly older applications to run into a problem. Others tell us that they mandated 2k…

Security Advisory – Update For Minimum Certificate Key Length

As you know, I rarely blog about Security Advisories or updates but this time, I want to make sure that you saw that: We released the Microsoft Security Advisory (2661254) – Update For Minimum Certificate Key Length to make you aware of the fact that we will restrict usage of all certificates with RSA keys…