The German BSI (Federal Office for Information Security) and TÜV-Verband conducted a survey among German companies to assess the status of cybersecurity in the private sector. Some worrying results from my point of view are: 🌐 Link to the study: BSI – Presse – TÜV-Studie zur Cybersicherheit der deutschen Wirtschaft: Bedrohungslage steigt, Unternehmen wiegen sich…
Frank Karlitschek, the founder and CEO of Nextcloud, gave an inspiring talk at 2025 re:publica conference in Berlin about how to establish a sustainable, enterprise-ready open-source project. 🌐 Link [DE]: re:publica 25: Frank Karlitschek – So baut man ein nachhaltiges Open Source Unternehmen In his talk he highlights the factors making an open-source project successful….
Critical infrastructure faces a growing number of security threats.. Critical infrastructure typically relies on Industrial Automation and Control Systems (IACS) and other non-IT components, often referred to as “Operational Technology.” To effectively assess cybersecurity risks within operational technology (OT) systems, adhering to the internationally recognized IEC 62443 standard is best practice. IEC 62443-3-2, part of…
In this post, I delve into the most relevant standards that secure our railway systems. Using Europe and Germany as a case study for the local and national level of standards, the following infographics provides a comprehensive overview of the most relevant standards helping to increase security on the tracks. 📄 Download infographics as pdf:…
Today I attended the CNA e.V. railway technology forum 2024 in Nuremberg for ICS GmbH. The title of the conference was “Unlocking the opportunities of railtech”, which is both necessary and possible with the help of digital systems such as ETCS, ATO and CTMS – if it’s done in the right way. Cybersecurity plays a vital role in…
Since February 2022, cybersecurity threats to railways in the European Union have changed fundamentally: nation-state actors are no longer a theoretical possibility, but a dangerous reality. Russia is trying to sabotage European railways, warns Prague 💡 We therefore need to increase the resilience of the railway system against attacks by very capable attackers with access…
Despite the Easter holidays, a lot of incredible work was done over the weekend by many researchers analysing the details of the xz-utils backdoor. Some examples are: As the situation unfolds, it is becoming clear that this was not just one of the most sophisticated technical (perhaps the most sophisticated) attempts to introduce a backdoor…
The newly discovered xz-utils backdoor, which was published yesterday (NVD – CVE-2024-3094 (nist.gov)) also affects one of the Linux distributions most used by penetration testers: Kali Linux. ❗Make sure, that you are updating your Kali installations as fast as possible, especially when you updated them before in the time frame between 26.03.2024 and 29.03.2024. 💡For…
Today I’ve registered for attending the “CNA Forum Bahn+BahnTechnik 2024” conference with the title “Unlocking the opportunities of railtech” CNA Forum Bahntechnik | CNA – Center for transportation & logistics Neuer Adler e.V. (c-na.de) My personal focus for the conference will be the topics around the digitalisation of the railways and how to develop the…
Since the onset of the COVID-19 pandemic, the world has seen a significant shift towards remote working. This shift has led to an increase in virtual meetings and, as a result, the use of Bluetooth headsets for convenience. But one question arises – are these Bluetooth headsets secure? To understand the security of a typical…