The German BSI (Federal Office for Information Security) and TÜV-Verband conducted a survey among German companies to assess the status of cybersecurity in the private sector. Some worrying results from my point of view are: 🌐 Link to the study: BSI – Presse – TÜV-Studie zur Cybersicherheit der deutschen Wirtschaft: Bedrohungslage steigt, Unternehmen wiegen sich…
😬 MITRE CVE list might go offline today! This would be catastrophic for global vulnerability management. What I’ve described as a scenario theoretically possible in How Trump 2.0 could affect the IT industry in Europe might become reality more quickly than I’ve thought and not on the NIST-NVD level, but on the MITRE level including…
The shifting political landscape in the United States may significantly impact the global IT industry, especially in Europe. This blog post explores three aspects of how Trump 2.0 could impact the IT sector in Europe, offering insights into the near future and potential developments ahead. Data Transfer to the US The foundation for the legal…
Critical infrastructure faces a growing number of security threats.. Critical infrastructure typically relies on Industrial Automation and Control Systems (IACS) and other non-IT components, often referred to as “Operational Technology.” To effectively assess cybersecurity risks within operational technology (OT) systems, adhering to the internationally recognized IEC 62443 standard is best practice. IEC 62443-3-2, part of…
In this post, I delve into the most relevant standards that secure our railway systems. Using Europe and Germany as a case study for the local and national level of standards, the following infographics provides a comprehensive overview of the most relevant standards helping to increase security on the tracks. 📄 Download infographics as pdf:…
Since February 2022, cybersecurity threats to railways in the European Union have changed fundamentally: nation-state actors are no longer a theoretical possibility, but a dangerous reality. Russia is trying to sabotage European railways, warns Prague 💡 We therefore need to increase the resilience of the railway system against attacks by very capable attackers with access…
Despite the Easter holidays, a lot of incredible work was done over the weekend by many researchers analysing the details of the xz-utils backdoor. Some examples are: As the situation unfolds, it is becoming clear that this was not just one of the most sophisticated technical (perhaps the most sophisticated) attempts to introduce a backdoor…
The newly discovered xz-utils backdoor, which was published yesterday (NVD – CVE-2024-3094 (nist.gov)) also affects one of the Linux distributions most used by penetration testers: Kali Linux. ❗Make sure, that you are updating your Kali installations as fast as possible, especially when you updated them before in the time frame between 26.03.2024 and 29.03.2024. 💡For…
Today I’ve registered for attending the “CNA Forum Bahn+BahnTechnik 2024” conference with the title “Unlocking the opportunities of railtech” CNA Forum Bahntechnik | CNA – Center for transportation & logistics Neuer Adler e.V. (c-na.de) My personal focus for the conference will be the topics around the digitalisation of the railways and how to develop the…
Since the onset of the COVID-19 pandemic, the world has seen a significant shift towards remote working. This shift has led to an increase in virtual meetings and, as a result, the use of Bluetooth headsets for convenience. But one question arises – are these Bluetooth headsets secure? To understand the security of a typical…