Security

DDoS attacks

ByStefan Karg 03.02.202325.08.2025

The German Federal Office for Information Security (BSI) informs about a wave of DDoS attacks against websites of mainly airports as well as from the financial sector and the government, which happened last week.

Post of BSI on LinkedIn

Vulnerabilities

CVE-2024-3094: xz-utils backdoor
ByStefan Karg 30.03.202425.08.2025

The newly discovered xz-utils backdoor, which was published yesterday (NVD – CVE-2024-3094 (nist.gov)) also affects one of the Linux distributions most used by penetration testers: Kali Linux. ❗Make sure, that you are updating your Kali installations as fast as possible, especially when you updated them before in the time frame between 26.03.2024 and 29.03.2024. 💡For…

Read More CVE-2024-3094: xz-utils backdoor
Vulnerabilities

2FA phishing
ByStefan Karg 01.08.202225.08.2025

A new hashtag#attack technique on the rise: 2FA phishing.Learn how it works: How do attackers try to get around multi-factor authentication? https://www.microsoft.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud

Read More 2FA phishing
OT

New Publication: Automated Security Risk Management for trains
ByStefan Karg 21.07.202525.08.2025

Patric Birr and I published an article in SIGNAL+DRAHT, the leading international medium for control and safety technology plus communication and information technology in the railway sector. In the article we propose automating Security Risk Assessments by using digital twins. These allow attack trees to be derived automatically enabling a systematic analysis of potential attack…

Read More New Publication: Automated Security Risk Management for trains
Security

Two-factor authentication
ByStefan Karg 10.02.202225.08.2025

Start to annoy hackers today by using two-factor authentication (2FA)! Setting up 2-Step Verification (2SV) – NCSC.GOV.UK

Read More Two-factor authentication
Security

ISO 27005 Information Security Risk Manager
ByStefan Karg 16.12.202517.12.2025

This month I’ve earned the Information Security Risk Manager. ISO/IEC 27005 certification of rigcert.education. Having multiple years of experience in managing security risks in OT environments according to IEC 62443-3-2, the ISO 27005 provides an extended perspective on risk management. Effective information security risk management is crucial for maintaining secure systems. Failing to properly assess…

Read More ISO 27005 Information Security Risk Manager
Cyber Resilience Act (CRA) | Uncategorized

CRA: Standardization projects
ByStefan Karg 01.12.202501.12.2025

Currently a lot of standardization projects regarding the CRA are on-going. These standardization projects aim to develop harmonized European standards for the fundamental cybersecurity requirements of the CRA and the requirements regarding vulnerability management (horizontal standards) as well as different product categories (vertical standards). You can find an overview over the currently active standardization projects…

Read More CRA: Standardization projects

Similar Posts