Security basics: What is a vulnerability?
New MS Exchange zero-day: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2022/2022-258168-1032.html
An attack on the software build pipeline can to some degree be compared to an attack on your supply chain. Your code can be 100% reviewed, but still the end product will contain malicious code – a very dangerous situation. Defending software build pipelines from malicious attack – NCSC.GOV.UK
The EU Commission services have just released a comprehensive FAQ to help to demystify the implementation of the Cyber Resilience Act. If the official text left you scratching your head, this 66-page document might be your go-to resource for first practical answers to your questions. Worth a bookmark. Read it here:EU Commission – CRA Implementation
How well do you know your IT? Learn which questions to ask!
This was my start into the new week this morning! 🌞🚴 This week I’m at one of our customers laboratories. Certain tests with OT components require physical presence and can’t be done remotely – which is a difference to a lot of IT environments.
Cybersecurity in public transport: The operator of Hannover’s public transport was hacked. According to the linked article, it seems to be a ransomware attack. Bus and railway operation are not affected, but different systems such as the displays at the stations or the ticketing platform for the new “Deutschlandticket”. https://www.csoonline.com/de/a/cyberattacke-auf-hannoversche-verkehrsbetriebe,3674537