Attack on GSM-R

ByStefan Karg 10.10.202225.08.2025

Cables for GSM-R were intentionally cut this morning in northern Germany. This is a very serious incident and has to be carefully investigated with regard to the motivation of the attackers.

Link to article of German newspaper “Die Zeit” (08.10.2022)

Vulnerabilities

2FA phishing
ByStefan Karg 01.08.202225.08.2025

A new hashtag#attack technique on the rise: 2FA phishing.Learn how it works: How do attackers try to get around multi-factor authentication? https://www.microsoft.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud

Read More 2FA phishing
Standardization

DKE
ByStefan Karg 15.09.202325.08.2025

This morning I’m on the way to Frankfurt for ICS – Informatik Consulting Systems participating at a DKE security working group meeting regarding standardisation of railway security.

Read More DKE
Conferences / Events

VDEI Security Conference
ByStefan Karg 23.11.202225.08.2025

Getting ready for my talk at Verband Deutscher Eisenbahn-Ingenieure e.V. (VDEI) Fachtagung Cybersecurity 2022. I’ll be speaking about Security for Safety and will be sharing a couple of lessons learned and best practices from real world projects at ICS – Informatik Consulting Systems.

Read More VDEI Security Conference
Security

Üstra hacked
ByStefan Karg 04.04.202325.08.2025

Cybersecurity in public transport: The operator of Hannover’s public transport was hacked. According to the linked article, it seems to be a ransomware attack. Bus and railway operation are not affected, but different systems such as the displays at the stations or the ticketing platform for the new “Deutschlandticket”. https://www.csoonline.com/de/a/cyberattacke-auf-hannoversche-verkehrsbetriebe,3674537

Read More Üstra hacked
Security

Attack via public links
ByStefan Karg 10.08.202225.08.2025

This is actually a very interesting attack vector described in this post:As an attacker place a Google Ad for a keyword, which will be mapped to accidentally pasted unprotected Dropbox links (I’m sure, this will also work with other cloud providers) and see what you will get… LinkedIn Post

Read More Attack via public links
Conferences / Events

Security for Safety pitch at it-sa 2021
ByStefan Karg 19.10.202125.08.2025

A short excerpt from my pitch on ‘Security for Safety’ as part of the BW-International Session at it-sa 2021 is available here: Post | LinkedIn

Read More Security for Safety pitch at it-sa 2021

Similar Posts