There are more than 2.6 million podcasts available on Spotify. For every possible topic you can find experts, famous people or entertainers talking about it. Among podcasts evolving around politics, sports, psychology, crime or history there are also some putting the topic of information security in the spotlight.
A lot of security, but no awareness
If you are working in security awareness there is not much in it for you though. Most podcasts on security cover the topic by inviting one phishing simulation provider. But as you know, there is so much more to it!
This is why Marcus Beyer (Security Awareness Officer at Swisscom) and I decided to start our own podcast on security awareness only: Security Awareness Insider (in German).
Cyber Security Month with GÉANT – “Become a cyber hero”
The European data network for the research and education community GÉANT interconnects national research and education networks (NRENs) like SWITCH across Europe, enabling collaboration virtually and accelerate research, drive innovation and enrich education.
Also this year GÉANT joins the European Cyber Security Month, an initiative launched by ENISA, EC DG CONNECT and a variety of partners, to raise security awareness within the European community. With the tagline «Become a cyber hero» GÉANT publishes practical tips, case studies and articles on social engineering, phishing, password security and ransomware throughout October. The content is provided by experts within the community.
SWITCH-CERT is proud to share with you one of the interesting contributions from the Swiss NREN. Read about Björn Abt, IT Security Officer at the Paul Scherrer Institut (PSI), talking about their approach to security awareness:
Open security standards are essential for a secure and resilient Internet in Switzerland and protect the privacy of Swiss Internet users. The adoption rate for Internet security standards like DNSSEC, DANE and DMARC in Switzerland is still low compared to the leading countries in Europe, but there is more and more support from the Internet industry, authorities and not for profit organizations in Switzerland.
Why are open security standards so important?
The implementation of open security standards that come out of the Internet Engineering Task Force (IETF), reduce the attack surface of the domain/service owner. But even more important, a growing implementation rate reduces the attack surface of the internet as a whole and makes the life of cyber criminals and state actors more challenging. Open security standards provide different mechanisms to secure our communication on the internet, most important encryption and authentication. Encryption keeps our communication on the internet confidential and prevents third parties from reading our emails and tracking on which web sites users spend their time. Authentication allows us to identify and authenticate our communications partners, it makes sure that we are not on a fake website or send emails or our login credentials to a rogue email server. Continue reading “Growing support for open security standards in Switzerland”
Talos, the intelligence group of CISCO reported in their blog that their monitoring shows that attacks on the domain name system (DNS) by “Sea Turtle” continue. The attack technique used is similar than before, the actors compromise name server records to take ownership of the domain. They then provide false information to selected parties (e.g certificate authorities, mail users) which leads to the disclosure of email credentials of the targeted organisations. These credentials give initial access to the victims E-mails accounts and other resources and are a starting point for further attacks.
Victims in Switzerland
For the first time, Talos also reported victims in Switzerland.
While Talos didn’t disclose the targeted organizations they identified these groups as primary targets: