One more Podcast – Security Awareness Insider

There are more than 2.6 million podcasts available on Spotify. For every possible topic you can find experts, famous people or entertainers talking about it. Among podcasts evolving around politics, sports, psychology, crime or history there are also some putting the topic of information security in the spotlight.

_{“Back then: plant a tree, build a house, father a son. Today: have a podcast.”}

A lot of security, but no awareness

If you are working in security awareness there is not much in it for you though. Most podcasts on security cover the topic by inviting one phishing simulation provider. But as you know, there is so much more to it!

This is why Marcus Beyer (Security Awareness Officer at Swisscom) and I decided to start our own podcast on security awareness only: Security Awareness Insider (in German).

GÉANT and Cyber Security Month with Security awareness at the Paul Scherrer Institute

Cyber Security Month with GÉANT – “Become a cyber hero”

The European data network for the research and education community GÉANT interconnects national research and education networks (NRENs) like SWITCH across Europe, enabling collaboration virtually and accelerate research, drive innovation and enrich education.

Also this year GÉANT joins the European Cyber Security Month, an initiative launched by ENISA, EC DG CONNECT and a variety of partners, to raise security awareness within the European community. With the tagline «Become a cyber hero» GÉANT publishes practical tips, case studies and articles on social engineering, phishing, password security and ransomware throughout October. The content is provided by experts within the community.

SWITCH-CERT is proud to share with you one of the interesting contributions from the Swiss NREN. Read about Björn Abt, IT Security Officer at the Paul Scherrer Institut (PSI), talking about their approach to security awareness:

Growing support for open security standards in Switzerland

Open security standards are essential for a secure and resilient Internet in Switzerland and protect the privacy of Swiss Internet users. The adoption rate for Internet security standards like DNSSEC, DANE and DMARC in Switzerland is still low compared to the leading countries in Europe, but there is more and more support from the Internet industry, authorities and not for profit organizations in Switzerland.

Why are open security standards so important?

The implementation of open security standards that come out of the Internet Engineering Task Force (IETF), reduce the attack surface of the domain/service owner. But even more important, a growing implementation rate reduces the attack surface of the internet as a whole and makes the life of cyber criminals and state actors more challenging. Open security standards provide different mechanisms to secure our communication on the internet, most important encryption and authentication. Encryption keeps our communication on the internet confidential and prevents third parties from reading our emails and tracking on which web sites users spend their time. Authentication allows us to identify and authenticate our communications partners, it makes sure that we are not on a fake website or send emails or our login credentials to a rogue email server. Continue reading “Growing support for open security standards in Switzerland”

The Jan/Feb 2020 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

When backdoors become trapdoors: ‘Crypto Leaks’ hits Switzerland, Crypto Valley – and the entire ecosystem
I, Robot, ZigBee and IoT
Sure, it’s secure! Are you sure?
A different kind of virus: China launches its Close Contact Detector app for smartphones

The Security Report is available in both English and German.

»» Download the English report. »» Download the German report.

Attacks on DNS continue, targets are also in Switzerland

Attacks on the domain name system continue

Talos, the intelligence group of CISCO reported in their blog that their monitoring shows that attacks on the domain name system (DNS) by “Sea Turtle” continue. The attack technique used is similar than before, the actors compromise name server records to take ownership of the domain. They then provide false information to selected parties (e.g certificate authorities, mail users) which leads to the disclosure of email credentials of the targeted organisations. These credentials give initial access to the victims E-mails accounts and other resources and are a starting point for further attacks.

Victims in Switzerland

For the first time, Talos also reported victims in Switzerland.

While Talos didn’t disclose the targeted organizations they identified these groups as primary targets:

Government organizations
Energy companies
Think tanks
International non-governmental organizations
At least one airport

Continue reading “Attacks on DNS continue, targets are also in Switzerland”

The May/June 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

Brought to light: Federal Crime Office closes down the world’s second largest illegal dark web marketplace
WhatsApp, state trojans? Or, why the city of San Francisco protects privacy better than Mark Zuckerberg’s messenger app
Privacy at Facebook, part two: when the lawyer contradicts the boss
Symmetry as a fundamental principle: now that we have software as a service, it is only a matter of time before we have cybercrime as a service

The Security Report is available in both English and German.

»» Download the English report. »» Download the German report.

The March/April 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

Lenin and the detectives: Mobiispy stalkerware can make highly personal data collected while monitoring children and partners publicly accessible
Ransomware trojan LockerGoga brings companies to their knees
Straight talk at Facebook: when tech giants fail to meet even minimal security requirements
Malware straight from the factory: when Shadow Hammer strikes the supply chain

The Security Report is available in both English and German.

»» Download the English report. »» Download the German report.

Did you miss our previous Security Report? Click here to go to the archive.

The Sep/Oct 2018 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our SWITCH Security Report has just been released.

The topics covered in this report are:

Turning Good instead of Breaking Bad? Hacking to fend off other hackers
What do a firefighter and Google Chrome 69 have in common?
15 months later: new attacks, same old vulnerability
Peekaboo exploits vulnerability in surveillance cameras in a major way

The Security Report is available in both English and German.

»» Download the english report. »» Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

An own goal and serious foul: Spanish football league’s app turns 10 million users into involuntarily spies
Amazon Rekognition – useful security and convenience tool or total surveillance for pennies?
An underestimated risk: the number of malware attacks on smartphones and tablets is exploding
Phishing with the stars: scammers take advantage of our celebrity obsession and the crypto craze to cause harm to users

The Security Report is available in both English and German.

»» Download the english report. »» Download the german report.

The May/June 2018 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report has just been released.

The topics covered in this report are:

Microsoft will never contact you by phone: support scam continues to gain momentum
«Efail» between hype and disaster: the security world needs to learn how to communicate
Sonic waves on the attack, recent incidents are reason to prick up your ears
Waterholing attacks: infrastructure is and remains a target

The Security Report is available in both English and German.

»» Download the English report. »» Download the German report.

Did you miss our previous Security Report? Click here to go to the archive.

The March/April 2018 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report has just been released.

The topics covered in this report are:

The dark side of the Data Force: Facebook, Cambridge Analytica, and the pressing question of who is using whose data for what
News from the world of state trojans: Microsoft’s analysis of FinFisher
Russian APT28 hackers’ month-long infiltration of the computer network of Germany’s federal government
Bitcoin bounty or close encounter: bizarre side-effects of cryptomining

The Security Report is available in both English and German.

»» Download the english report. »» Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

Dresscode for apps in the Google Play Store: malicious
Quad9 – does it offer a data protection-friendly alternative to Google DNS?
Uber’s customer and driver data on a highway to the Dark Net
An earful of espionage: when headphones become listening devices

The Security Report is available in both English and German.

»» Download the english report. »» Download the german report.

A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

Attack of the digital dolphins: hacking Alexa, Siri and their friends via ultrasound
The anti-antivirus programme: US government bans agencies from installing Kaspersky software on their computers
A hack of ‘epic proportions’ at Equifax
Science fiction 4.0 – how to hack a computer with a drop of saliva

The Security Report is available in both English and German.

»» Download the english report. »» Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

Family business: Petya and its derivatives sweep over half the world as a new wave of ransomware
Pay a ransom for your privacy: new «extortionware» exposes its victims
Positive use of metadata – Cisco can detect malware activity even in encrypted network traffic
Successful strike against the darknet drug and weapons trade – security services bust AlphaBay and Hansa

The Security Report is available in both English and German.

»» Download the english report. »» Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.