The US Commerce Department has banned the sale of Kaspersky’s antivirus

The US Commerce Department has banned the sale of Kaspersky’s antivirus

The US authorities have banned the Russian company Kaspersky’s antivirus program. The decision was justified by Russia’s cyber attack capabilities and possible government influence on Kaspersky.

The US government is banning the Russian antivirus software Kaspersky. A detailed investigation has shown that this is the only way to allay national security concerns, a sub-agency of the US Department of Commerce said.

The sale of Kaspersky software to companies and consumers in the USA will be prohibited from July 20th. From September 29th, Kaspersky will no longer be allowed to install updates, making the software useless against new threats. From then on, resale will also be prohibited The transition period is intended to give customers time to switch to other providers, explained the Bureau of Industry and Security.

Kaspersky denies the allegations and wants to defend itself.

The Russian government’s cyberattack capabilities and ability to influence Kaspersky’s activities are the reason for the ban. The agency warned that the company’s software can collect information from US companies and citizens that could be misused by the Russian government. However, consumers and companies will not be penalized if they continue using Kaspersky software.

In an initial reaction, Kaspersky announced legal action to protect its business. It is assumed that the decision was made “based on the current geopolitical climate and theoretical concerns” – and not on an analysis of the company’s software and services. “Kaspersky does not engage in activities that threaten the national security of the USA,” it said on the online platform X.

In Germany, warnings about Kaspersky have also been issued.

Kaspersky, once an internationally respected specialist in PC security, has had a difficult time in the West for years. In the USA, installations on government devices have been banned since 2017.

In March 2022, the Federal Office for Information Security (BSI) in Germany warned against using Kaspersky software in connection with the Russian attack on Ukraine. The authority argued that a Russian IT manufacturer could either carry out offensive operations or be misused as a tool for cyber attacks without its knowledge. Kaspersky countered that the warning was politically motivated.

Research and documents at the time showed how difficult it was for the BSI to make decisions and how closely the Ministry of the Interior was involved.
New Russian malware discovered for Windows

Russia is increasingly gearing up for cyber attacks against the West. Now, Finnish experts have discovered a new dangerous backdoor for Windows systems that is apparently controlled by the Russian secret service.

The Finnish security company WithSecure says it has discovered a new type of malware used as a backdoor for attacks on specific Windows systems. The IT security experts dub the malware “Kapeka” can give attackers long-term access to the victim’s system.

The security company attributes the malware to the Russian cyber attack group “Sandworm,” which is operated by the Main Directorate of the Russian Military Intelligence Service (GRU). “Sandworm” is particularly notorious for its destructive attacks against Ukraine.

Microsoft confirms the existence of malware.

Microsoft confirmed WithSecure’s findings. The US software company lists the malware under the name “KnuckleTouch.” Rüdiger Trost, the security expert at WithSecure, described the discovery as a “major blow against Russia, which used this backdoor in Ukraine and Eastern Europe.”

“With the discovery, the Russian secret service now lacks an important back door because the loopholes that have now been created will now be found and closed in a short time.” Russia is thus losing its effectiveness in the cyber war that accompanies the conventional Russian-Ukraine war, said Trost.

Targeted and tailor-made tools

According to further information from WithSecure, the malware disguises itself as an extension (“add-in”) for the Microsoft word processing program Word. The backdoor is not distributed on a mass scale but in a very targeted manner. “The ‘Kapeka’ backdoor (…) is probably a tailor-made tool used in attacks with a limited scope,” said Mohammad Kazem Hassan Nejad, a security researcher at WithSecure Intelligence.

The attack tool has been used in Eastern Europe since mid-2022.

Russian spy network shut down.

Security authorities in Germany and the USA have shut down a global espionage network belonging to the hacker group APT28. Governments, military, authorities, and corporations were apparently spied on on behalf of Russia – including in Germany.

German security authorities have helped to disable a Russian computer espionage network in a US-led operation.

According to authorities, the hacker group APT28 had installed malware on hundreds of small routers in offices and private households on behalf of the Russian military intelligence service (GRU).

Federal Office for the Protection of the Constitution sees Russia behind hacker groups.

According to a statement from the US Federal Bureau of Investigation (FBI) and explanations from a spokesman for the Federal Ministry of the Interior, the network created in this way was used as a global cyber espionage platform.

“We know which instruments Putin’s criminal regime uses,” said Federal Interior Minister Nancy Faeser (SPD). “Our actions show how serious the threat posed by Russian cyber attacks is – but also how we are arming ourselves against these threats.” Affected devices can now no longer be misused for cyber espionage operations.

The hacker group APT 28 has been active worldwide since at least 2004. The Ministry of the Interior considers it one of the world’s most active and dangerous cyber actors.

The Federal Office for the Protection of the Constitution attributes it to the Russian military intelligence service GRU. According to the FBI, the hackers used the malware to attack routers that used publicly known standard administrator passwords.

Attacks in Germany, EU and NATO countries

The German ministry spokesman, citing the Federal Office for the Protection of the Constitution, said that the hacker group had also used the international infrastructure to attack German targets over the past two years. “The focus of the attacks was on information about Germany’s political and strategic orientation concerning Russia and the supply of military goods to Ukraine.”

In addition, targets in other EU and NATO countries were also attacked. According to the FBI, the targets of the espionage activities were governments, military, security agencies, and corporations in the USA and other countries.

“In this case, Russian intelligence services turned to criminal gangs for help,” the US statement continued. The owners of the affected devices were “very likely not the actual target of the attacks,” the ministry spokesman further explained. The hackers used the devices to conceal their own attack structure.

Cyberattacks from Russia and China are increasing.

Theft, industrial espionage, and sabotage are part of everyday life for companies. A study shows that nine out of ten companies are affected by such attacks. Many attacks take place virtually – and come from Russia or China.

Companies in Germany suffer annual losses of around 203 billion euros due to theft of IT equipment and data, espionage, and sabotage. This is the main result of a study commissioned by the digital association Bitkom, which surveyed more than 1,000 companies across all sectors.

The amount of damage is declining slightly again. A year ago, the figure was 223 billion euros. However, the damage is almost twice as high as in 2018 and 2019.

Almost every company is affected by the attacks. 84 percent of the companies surveyed said they had been victims of an attack, and another nine percent believe they have been.

Significantly more attacks from Russia and China

According to the study, attacks are increasingly shifting to the digital space: 79 percent complain about the theft of IT or telecommunications equipment, and 63 percent about the theft of sensitive data or information. 57 percent are confident or at least suspect that digital communications have been spied on. When it comes to digital sabotage of information and production systems or operational processes, this figure is 55 percent. In contrast, only 22 percent complain about analog sabotage.

The companies recorded a sharp increase in attacks from Russia and China. 43 percent of the affected companies identified an attacker from China at least once. A year ago, the figure was 30 percent. 36 percent located the origin of the attacks in Russia. In 2021, the figure was 23 percent.

With the Russian war against Ukraine and hybrid warfare in the digital space, the threat posed by cyberattacks to the economy has become the focus of companies and politicians, said Bitcom President Achim Berg. “But the threat level is high regardless of this.”

Criminal gangs or state-controlled?

“The attackers are becoming more and more professional and are more often found in organized crime,” said Berg. However, it is becoming increasingly difficult to distinguish between criminal gangs and state-controlled groups. This year’s study results also showed that attacks can be fended off with appropriate measures, or at least the damage can be limited.

The Vice President of the Federal Office for the Protection of the Constitution, Sinan Selen, said cyber criminals and state actors cooperate very closely, especially in China and Russia. The Office for the Protection of the Constitution is concerned that outsourcing skills and operations is taking place here. “If a cybercrime group has been tolerated up to now, then it can also be used by the state. That is also a factor that underlines the danger.”

Insight into Russian plans for cyber attacks

A whistleblower has leaked documents to several media outlets that prove preparations for large-scale cyber attacks by Russia. According to the report, the Kremlin’s secret services are developing sabotage software with a Moscow IT company.

According to media reports, Russian secret services and the Moscow IT company NTC Vulkan are planning worldwide hacking operations that will also enable attacks on critical infrastructure facilities.

This results from research by a team of journalists from “Spiegel,” ZDF, “Süddeutsche Zeitung” and other international media outlets based on leaked documents from the Russian security apparatus. According to the report, NTC Vulkan is developing software for all three primary Russian services, FSB, GRU, and SWR, intended for sabotage.

Western services are said to have confirmed the authenticity.

An anonymous source initially leaked the majority of the so-called “Vulkan Files” to the “Süddeutsche Zeitung” shortly after the start of the Russian war of aggression in Ukraine. It later made the data available to other media, reports “Spiegel.”

The source said the motive was Russia’s war of aggression and NTC Vulkan’s close ties with secret services. Several Western intelligence services confirmed that the documents were authentic to the international research team.

According to “Spiegel,” Google analysts discovered a connection between NTC Vulkan and the “Cozy Bear” hacker group years ago. “Cozy Bear” has penetrated the US Department of Defense systems in the past.

Carrying out global hacking operations

The data leak involves thousands of pages of internal documents from NTC Vulkan. These include project plans, software descriptions, instructions, internal emails, and the company’s transfer documents. According to Spiegel, ZDF, and Süddeutsche Zeitung, the records show how Russian secret services plan and carry out global hacking operations with the help of private companies.

For example, the offensive cyber program is described under the code name “Amezit,” which is also intended to enable attacks on critical infrastructure facilities, according to “Spiegel.” According to the documents, the program’s goals include using special software to derail trains or paralyze airport computers. However, it is still being determined whether the program is being used against Ukraine, for example.

According to research, another Vulkan project is called “Skan-V.” The program searches the network for vulnerabilities that can be used to penetrate other people’s servers and cause damage.

New study on cybersecurity
German publishers are increasingly targeted by hackers.

The German media industry invests heavily in the security of its IT systems. For good reason: According to a new study, half of the publishers surveyed have recently fallen victim to attacks on the Internet.

Media companies in Germany are increasingly falling victim to Internet criminals and are responding with increased security measures. According to a study by the Media Association of the Free Press (MVFP), the consulting firm KPMG, and the Institute for Digital Management and New Media at the University of Munich, every second publisher surveyed has been the target of at least one cyber attack in the past twelve months. A total of 118 German publishers were surveyed.

In the survey, around 75 percent of companies said cyber security was a high priority. And that costs money: 45 percent of media companies say that investments in IT security amount to around one percent of annual sales.

Despite all efforts, the number of attacks is increasing: almost 40 percent of those attacked had at least one successful attack. “The effects of the attacks are serious,” warned Institute Director Thomas Hess of the University of Munich.

Business is restricted by attacks.

Despite precautions such as data backup, access controls, and staff training, cases of phishing (42 percent), the use of ransomware (38 percent), or data leaks (31 percent) are prevalent. Phishing is the covert extraction of access data or other protected information.

What is ransomware?

Ransomware is the name given to malicious programs that restrict or prevent victims from accessing data and systems by encrypting all hard drives. The attackers demand a ransom for decryption; the English term is “ransom.”

Half of those who fell victim to cybercriminals reported a noticeable impact on their business activities. Almost a quarter suffered data loss and financial losses, and twelve percent said they suffered damage to their reputation when an attack became known.

Almost all media companies have to deal with the issue: In response to cyber attacks, 81 percent of the publishers surveyed have reviewed their security measures and strengthened protective mechanisms, and the clear majority also expect the risks to increase in the next two to three years.

That’s why publishers are attractive targets.

“Publishing houses are a desirable target for cybercrime,” explained the MVFP. They have a large stock of extensive user data, and the blackmail potential for stealing identity data from areas such as politics and celebrities is high. Furthermore, the credibility of media brands is suitable for misuse in spreading fake news and political propaganda.

Protection for federal ministries
Many IT security positions in ministries remain vacant.

Experts consider the threat in cyberspace to be worrying. However, various federal ministries need help to fill vacant security positions. On average, one in six positions is vacant.

Many cities and districts have learned how quickly a hacker attack can paralyze authorities for months. For example, more than 70 municipalities were affected by a cyberattack in North Rhine-Westphalia last October. Even months after the attack, the authorities are still not back to normal operations.

The Federal Office for Information Security (BSI) continues to classify the threat situation in Germany as “worrying.” Cybercriminals are becoming increasingly professional. Hackers have also repeatedly targeted federal authorities, the Bundestag, and ministries. However, the federal government has needed help finding staff to defend against cyber threats for years. On average, one in six ministry IT security positions is vacant. This resulted from a request to the federal government that the ARD capital studio received.

There are significant differences between the ministries. Some, including the Foreign Office and the Ministry for Digital Affairs and Transport, have doubled their staff in the last five years. Other ministries have not increased their staff or significantly improved their staffing rates for years.

Domscheit-Berg: There is no uniform strategy

Anke Domscheit-Berg, the digital politician for the Left Party, accuses the federal government of not having a uniform strategy. “Some ministries have apparently not heard anything about the sharp increase in the threat situation,” says Domscheit-Berg. The ministries give the issue significantly different priorities.

The poor figures are partly because the federal government is trying to strengthen cyber defense personnel, which means it needs a lot of new employees. However, IT specialists are in demand, and private companies urgently seek reinforcements.

Ministry of Health at the bottom

While the Ministry of Construction has filled all four newly created positions, almost 80 percent of the positions in the Ministry of Health remain vacant. Federal Health Minister Karl Lauterbach wants to start a digital catch-up race for the healthcare system. He has launched the digital prescription and the electronic patient file. In his ministry, however, there is no sign of catching up in IT security. The Ministry of Health has yet to fill three positions in this area.

Domscheit-Berg believes there need to be more digital skills at the Ministry of Health’s top. ” Leaving three-quarters of all IT security positions vacant for several years, while there is new bad news about successful cyber attacks almost every day, is unjustified,” says Domscheit-Berg. The Ministry of Health points to the shortage of IT specialists. There is an extraordinary competitive situation between the private and public sectors.

Plattner calls for more awareness.

Lack of digital competence shouldn’t really be the problem of the Federal Ministry for Digital Affairs and Transport (BMDV). But here, too, one in three IT security positions is vacant.

As the request to the federal government reveals, almost 750 IT security positions are vacant across all ministries. Almost two-thirds of these, nearly 450, are in the Ministry of the Interior (BMI) area. There are various reasons for this. New positions are constantly being created here; for example, the Federal Police and the Federal Office for Information Security are assigned to the Ministry of the Interior.

BSI boss Claudia Plattner repeatedly calls for a much greater awareness of cyber security. “It must get through to the top management that we need to pay more attention to the issue,” demands Plattner.

Is there a right to compensation for data theft?

Under what circumstances can those affected claim damages if their personal data has been misused? The European Court of Justice has ruled on this again today.
Hacker attacks and data theft have increased significantly in recent years. According to the Federal Office for Information Security, many companies are not well-positioned to defend against cyber criminals. Companies repeatedly fail to adequately protect their customers’ personal data.

If criminals fish out data or if it reaches unauthorized recipients, those affected can generally demand compensation. This is regulated by the European General Data Protection Regulation. In two rulings today, the European Court of Justice (ECJ) in Luxembourg has again defined criteria under which those affected can claim compensation.

Complaints from investors

In one of the two cases, two investors who had used a trading app from a Munich asset manager filed a lawsuit. Unknown third parties had gained access to their data, so they sued the app provider for damages at the Munich District Court. According to the district court, tens of thousands of people were affected by data loss.

Since the two investors’ claims for damages are based on EU law and the European Court of Justice is responsible for interpreting this law, the district court asked the ECJ to clarify various legal questions – for example, what is essential when a national court has to determine the amount of damages.

Incorrectly sent tax returns.

In the other case, a tax consultancy firm accidentally sent tax returns from two clients to the wrong addresses, namely to their old addresses—even though both had informed the firm of the new address. The mail was opened by the new residents of the old address. The clients sued the firm for damages before the Wesel District Court, claiming it violated the EU General Data Protection Regulation.

The district court could not determine whether the new residents had reviewed the tax documents and data. It, therefore, wanted to know from the ECJ, among other things, whether it was sufficient for a claim for damages if there was a fear that data would be viewed by unauthorized persons.

ECJ: Damages already in cases of risk of abuse

The ECJ has decided that, in the case of a justified claim, it is only a matter of compensating for the damage caused. Only this compensation must be taken into account when determining the amount. In previous decisions, the ECJ had already ruled that the purpose of compensation is not to deter future violations. In its most recent ruling, the ECJ formulated a specific rule of thumb: the less the damage, the less money a person affected can claim.

What strengthens the position of those affected: According to the ECJ’s rulings, it is not necessary that the data has actually been misused, for example, if criminals have emptied accounts using bank details. Even the justified fear that the data could be misused can lead to a claim for damages. The ECJ has now reaffirmed this. Based on these Luxembourg criteria, the district courts in Munich and Wesel must now decide on the plaintiffs’ claims for damages.

The amount of awarded sums is relatively low.

Since the General Data Protection Regulation came into force, many court decisions have been made on compensation in Germany alone. It is clear from the decisions that the amount of compensation set by the courts is minimal. “In most cases, they are now in the three-digit range, i.e., a few hundred euros,” says Reemt Matthiesen, a lawyer at the CMS Hasche Sigle law firm and an expert in data protection law. In far fewer cases, German courts would award plaintiffs four-digit sums.

In contrast, the fines imposed by the supervisory authorities on companies to punish violations of the EU General Data Protection Regulation are considerably higher. According to lawyer Matthiesen, the penalties are not uncommon to be in the five-figure range or higher.

Hacker attacks on clinics
“Only a matter of time.”

Hospitals and care facilities are increasingly becoming targets of cyberattacks. A large-scale attack with many outages is conceivable, and many facilities need to prepare better.

Just one keyword is enough to bubble out of Thomas Meißner. It was in June 2022. The memories of that week are still immediately present. Meißner still remembers all the details: “We felt in good hands, everything was wonderful. We thought. And then suddenly, strange symbols appeared on the screen. And after that, our data gradually disappeared.”

Meißner has run an outpatient care business in the north of Berlin with almost 60 employees for almost 33 years. He quickly realized that something was wrong: “We had obviously been attacked days or weeks ago. With a so-called silent Trojan, which then spread and gradually paralyzed the individual areas.”

“Everything stood still.”

At some point, nothing worked anymore. Their own data was encrypted, and everything was paralyzed. Like many in the industry, Meißner had already converted his operations to digital: “The number of missions we carry out per day is around 170 to 200. We could no longer coordinate them. Normally, they are available on smartphones and tabloids—everything works electronically. Suddenly, we could no longer access the information. Everything came to a standstill.”

When his company was barely able to function anymore, the demand came—digitally, of course: 100,000 euros; only then would the attackers rerelease his data. The pressure on Meißner grew ever more significant because the protection of data and the care of his patients was critical to him. The hackers know this, too.

The criminal business model

Many of those affected are paying to get back to work quickly, which is a lucrative business for the attackers. According to the Federal Office for Information Security (BSI), this is one reason why the threat level in the healthcare sector is currently higher than ever before.

The danger warning applies to care facilities and all hospitals in Germany. According to a spokesperson, the assessment results “from a general threat situation and the increasing digitization in the healthcare system,” automatically creating a larger attack surface.

“Hospitals must do much more.”

During the pandemic, most companies digitized their processes. Operators of critical infrastructures, i.e., all clinics, must demonstrate adequate IT security measures and implement them every two years. This fundamentally increases the IT security level of critical infrastructures.

However, from the BSI’s perspective, this is not enough: “Hospitals must do much more.” The topic is so sensitive for many large clinics that they prefer not to comment. For example, the Charité in Berlin generally does not want to comment on digital security.

Trojans in the intensive care unit

Andrea Albrecht has experienced what can happen when an entire hospital is paralyzed. In 2016, she was the nursing director at the Lukaskrankenhaus in Neuss when a hacker attack occurred.

“The first report came from the laboratory. The results could no longer be transmitted correctly, and the laboratory equipment was no longer working properly,” says Albrecht. “The laboratory then informed the IT department, and we quickly received the information: something is definitely not right here.”

The hospital decided to shut down the entire system to protect patient data. “At the time, we didn’t even realize what the ultimate consequences of this would be,” says Albrecht. “For a long time, nothing worked, from medication information to radiological findings. We couldn’t access anything. We couldn’t work anymore.”

The Lukas Hospital was the first large-scale clinic to publicly disclose a cyberattack and the attackers’ demands for money. Today, Albrecht is sure: “An attack can paralyze a clinic.”

“No tattooed ex-cons”

The question remains as to who is behind such attacks. Marcus Berger deals with this professionally. He trained as a system IT electronics engineer 20 years ago and now helps when companies are attacked digitally.

“Fundamentally, there are hacker groups that are not just based in Russia, but all over the world,” says Berger. “They are criminals who don’t use clubs or guns to carry out the attack, but rather say: we know our way around the Internet. Let’s do it on the way. So the idea of ​​the attack and blackmail is no longer physical, but psychological.”

In Thomas Meißner’s case, it took Berger more than a week to get everything up and running again and for the outpatient care facility to operate normally again. However, like the Lukas Hospital, Meißner did not pay.

“Today, I can say, even if it sounds strange, I am grateful that it happened to us like that and that we got off lightly,” said Meißner. “We did not give in to the demand; we learned a lot and became cautious. Today, I would say that we are a company prepared for such things. Even if there is no such thing as 100 percent security.”

Internet users complain about cybercrime.

According to a survey by the digital association Bitkom, most Internet users in Germany will be victims of criminals on the Internet in 2023. It is often made too easy for perpetrators to spy on passwords.

According to a survey conducted by the digital association Bitkom, more than two-thirds (67 percent) of German Internet users had bad experiences last year.
The most common report by respondents was phishing (35 percent), i.e., attempts to obtain personal information such as passwords via email, text messages, or telephone. 30 percent were cheated when shopping online, and around a quarter of respondents said they had been insulted or verbally attacked online. One-fifth of users had their computers infected with malware such as viruses.

Perpetrators have it too easy.

The excellent news is that slightly fewer people were affected than in the previous year. In 2022, 75 percent said they had been victims of cybercrime. Bitkom President Ralf Wintergerst says it is often still too easy for criminals.

Most attacks can be fended off with just a few measures, and all users must take action. “This includes choosing secure passwords or passkeys, installing updates promptly, and being skeptical of unusual messages from supposed family members or work colleagues,” recommends Wintergest.

The average damage amount is 262 euros.

A third of those affected suffered no financial loss, while 14 percent did not want to provide any information. The rest suffered an average loss of 262 euros.
A successful attack by cyber criminals can, in individual cases, be expensive for the victims. “But it is often not just the material damage that hurts, for example, in the case of personal attacks or threats,” says Wintergerst.

Only 14 percent contacted the police.

Three out of 10 people affected did nothing after a criminal incident. Around half (54 percent) tried to talk to family or friends or contacted a company whose platform was used for criminal activities, such as a social network, online shop, or bank (48 percent). Only 14 percent reported the incident to the police, and 9 percent contacted other authorities, such as the Federal Office for Information Security (BSI).

The experiences with the police were predominantly negative. According to the respondents, no offender was identified or convicted. Almost half would not report the crime the next time because of the effort involved. At the same time, 23 percent said that the police provided competent advice and support.

Bitkom President calls for better equipment for police.

The perpetrators often come from abroad, and the countries sometimes do not cooperate with the German authorities. “This makes it more difficult to prosecute and punish the perpetrators. Nevertheless, victims should not refrain from reporting the crime because publicity and the pressure to prosecute can at least prevent further crimes,” says Wintergerst. He calls for the police and security authorities to be better equipped regarding personnel and technology to take more decisive action against criminals.

Security on the Internet

“123456789” instead of secure password

A good password should be long and cryptic. However, as the Hasso Plattner Institute has now announced, Germans still prefer particularly short and simple passwords. This makes it easy for cybercriminals.

Germans will continue to use simple but insecure passwords in 2023. As the Hasso Plattner Institute (HPI) in Potsdam announced, many people in Germany prefer to use simple sequences of numbers instead of long and complicated combinations of numbers and letters.

The most popular password in 2023 was “123456789,” and thus had at least three digits more than the previous year. The situation is similar for the top five most used passwords – they all consist of weak sequences of numbers. An exception is a password “hello,” which is in third place but is also easy to trick.

Increasing number of online services

The HPI cites the increasing number of online services as one reason why passwords often need to be simplified. Users have to register online and create user accounts more often, for example, when shopping or banking online. This tempts people to choose simple and always the same passwords, making it easy for cybercriminals to obtain necessary personal information.

The institute’s analysis also shows that Internet users have not really become more creative in choosing their passwords in recent years: “password,” “password1,” and “I love you” are in sixth to tenth place in the ranking. The results also indicate that cyber criminals themselves use the most straightforward passwords. According to the HPI, this explains why passwords such as “target123” and “gwerty123” were used noticeably often (eighth and tenth place).

Key to the digital world

Christian Dörr, head of the “Cybersecurity – Enterprise Security” department, says of the results of the analysis: The evaluation shows how important it is to protect your own digital identity:

The password is the key to the digital world. Understanding this should be learned as early as possible. Safe behavior on the Internet should be part of the school curriculum – just as children learn how to move safely in traffic early.

Christian Dörr, Head of the Department of Cybersecurity – Enterprise Security at HPI
The Hasso Plattner Institute publishes Germany’s most commonly used passwords every year. The data is based on millions of login details from the HPI’s “Identity Leak Checker” database, which users can use to check whether their email address was part of a data leak and whether associated personal data is circulating on the Internet.

Choose secure passwords

The HPI recommends using long passwords with more than 15 characters and different passwords for different services. Using password managers can also increase security.

According to a survey conducted last week by the digital association Bitkom, people in Germany needed to be more careful when choosing passwords last year than in the previous year. According to their own statements, 74 percent of users paid attention to complex passwords with a mix of letters, numbers, and special characters. A year ago, the figure was 83 percent.

USA bans TikTok on government phones

More authorities worldwide are banning TikTok on company cell phones. The USA passed a corresponding law in December—now, employees of federal agencies have 30 days to delete the app.

The US government has asked employees of all federal agencies to delete the short video app TikTok from their work phones. The Office of Management and Budget announced that the authorities have 30 days to ensure that the app is removed from all federal agency mobile devices. This is in response to risks “to sensitive government data” posed by the app, which is owned by a Chinese company.

With this move, the US government is implementing a law recently signed by President Joe Biden and passed by Congress in December that also bans using TikTok in the House of Representatives and the Senate due to espionage concerns. The White House has already ordered its employees to stop using the app on work phones – as have the Departments of Defense, Homeland Security and State. A bill is currently being introduced in the US Congress that could make an even more far-reaching ban on the app possible in the US.

Criticism from Beijing

The US government criticized the Chinese state and party leadership. Foreign Ministry spokeswoman Mao Ning said in Beijing that the world’s number one power was afraid of an app that young people liked.

Mao continued that the US side needed more self-confidence and overstretched the concept of national security. The US government should respect the principles of fair competition and create an open environment for companies of all kinds.

TikTok is already blocked in China.

However, the spokeswoman should have mentioned that TikTok is already blocked for the 1.4 billion people in China. There is only the censored Chinese version of Douyin. In addition, almost all major foreign apps and websites in China can only be used with further ado, including Twitter, WhatsApp, Facebook, Instagram, and Google offerings. Market access for companies in other sectors is also severely restricted in the People’s Republic.

Criticism also came from TikTok itself. Brooke Oberwetter of TikTok told the AP news agency that the US approach would influence other governments worldwide. “These bans are little more than political theater.”

More and more authorities are banning TikTok.

More and more authorities worldwide are banning their employees from using TikTok on work cell phones: Denmark also announced a ban today, as the news agency AP reported. Canadian Prime Minister Justin Trudeau announced yesterday that the app would be removed from government phones by today. The EU Commission also banned this last week. According to the news agency dpa, the German federal government does not install TikTok on work cell phones, nor can it be downloaded.

The short video app belongs to the Chinese ByteDance group. It is trendy among young people. However, critics fear that the data could be more secure and that the Chinese state could have access to it. TikTok denies this.

Canada bans TikTok on government phones.

The Canadian government has banned TikTok from its company cell phones, following a step previously taken by the EU Commission out of concern about Chinese espionage.
According to a newspaper report, Canada is banning the Chinese short video app TikTok from government cell phones for security reasons.

The National Post reported, citing an official notice to government employees, that the ban will apply to all government-issued devices starting Tuesday. This is intended to ensure the security of government information.

An internal review has found that TikTok’s data collection methods could make users vulnerable to cyberattacks.

EU has also imposed a ban on cell phone use by companies.

TikTok expressed disappointment with the ban. A spokesperson said the government has not contacted TikTok to address its concerns, and the government itself has not yet commented.

On Thursday, the EU Commission imposed a similar TikTok ban on its employees’ work phones.

Accusation of espionage

TikTok has been criticized worldwide because of its proximity to the Chinese government and its control of user data. In the USA, some authorities and states have also banned its use on company devices for security reasons, fearing that it will become a gateway for espionage.

TikTok is owned by Chinese company ByteDance, and the Chinese government denies the allegations.

TikTok admits data misuse.

The Chinese parent company of the video app TikTok has admitted to gaining access to users’ personal data, which is strictly protected. Several journalists are also affected.

TikTok’s Chinese parent company, ByteDance, has admitted that employees gained unauthorized access to user data. According to the company, four employees have since been fired because of the incident. This was confirmed by a spokeswoman for the ByteDance-owned platform Tiktok in the USA. They are said to have accessed the personal data of at least two journalists.

Internal investigation against journalists

The four dismissed employees were involved in an internal investigation at Bytedance: They were supposed to find out how secret company information could have been passed on to the press.

As part of this investigation, they illegally accessed the personal data of two US journalists. This is a severe violation of Bytedance’s code of conduct.

Accusation: too close to China’s government

The Bytedance app TikTok is being criticized worldwide: There are accusations of censorship, and many also see Bytedance’s political proximity to the communist government in Beijing as a problem. Data protection problems have also been reported several times.

US states: TikTok banned on company cell phones.

In the US, politicians from the Democratic and Republican parties consider the app a potential security risk. They fear that the Chinese government could gain access to data from US users, but TikTok denies this.

Employees in several US states are prohibited from downloading TikTok onto their work phones and repeated attempts to ban the app entirely in the US.

Concert ticket seller Ticketmaster

560 million customers affected by hacker attack

US concert ticket seller Ticketmaster has confirmed reports of a hacker attack on the company. A hacker group is said to have stolen millions of customer data, including credit card details.

The world’s largest concert ticket seller, Ticketmaster, has confirmed a cyberattack. According to reports, the data of 560 million customers could be compromised. The parent company, Live Nation Entertainment, informed the US Securities and Exchange Commission about the data leak on Friday. The US company said it had noticed the hacker attack on May 20 and had commissioned specialist companies to investigate.

The hacker group ShinyHunters claimed responsibility for the attack. The group announced this on the dark web and offered the data of millions of customers, including their names, addresses, and credit card information, for sale. The group demanded a ransom of $500,000 (€ 460,000).

“We are working to minimize the risk to our users and the company. We have notified them and cooperate with law enforcement authorities,” Live Nation said. The incident will “not have a material impact on our overall business or financial condition.”

FBI offered assistance in the investigation

The Australian government announced on Thursday that it had launched an investigation into the hacker attack. The US Federal Bureau of Investigation (FBI) offered its assistance. Ticketmaster customers are advised to change their passwords.

The hacker group ShinyHunters had already made headlines before. According to the US Department of Justice, in 2020, they posted vast amounts of customer data from more than 60 companies online.

Kaspersky users in the US have discovered that their antivirus software has been unexpectedly replaced with a new solution named UltraAV.

Recently, the US government enacted a law prohibiting the sale of Kaspersky security software and its subsequent updates, leading to the company’s departure from the US market.

Customers expressed their concerns on social media about the update being imposed without any option to accept or decline UltraAV, despite receiving notification emails allegedly sent several weeks before the update.

The US has consistently claimed that Kaspersky software could be exploited by the Russian government to access sensitive information and control the computers on which it is installed. This concern was initially addressed by banning Kaspersky products from federal agencies, which was followed by an overall sales ban starting July 20, and subsequently a ban by the Federal Communications Commission (FCC) on using Kaspersky software in telecommunications equipment starting in early September 2024.

Around the same time as the FCC ban, Axios reported that Kaspersky had transferred its antivirus customers to the Pango Group, which owns UltraAV.

Kaspersky acknowledged this transition in a post by Vadim M. on their forum, explaining, “Kaspersky has partnered with UltraAV to ensure the switch to their product is as seamless as possible, which is why on 9/19, U.S. Kaspersky antivirus customers received a software update to facilitate the transition to UltraAV. This update guaranteed that users would not face a lapse in protection upon Kaspersky’s departure from the market.”

Rob Joyce, the former National Security Agency director of cybersecurity, addressed the transition on X (formerly Twitter), stating, “This demonstrates why granting root-level access to Kaspersky posed a significant risk. Users were ‘migrated’ – the software was uninstalled and an entirely different product was installed automatically. They had full control of your device.” It should be noted that many antivirus solutions and anti-cheat software typically utilize root-level access to scan for harmful files or cheating software in games.

A representative from UltraAV informed TechRadar Pro that Kaspersky customers were notified several times through the Kaspersky app, emails, and the Kaspersky website, both by Kaspersky and UltraAV. Furthermore, “The migration of Kaspersky users to UltraAV was managed entirely by Kaspersky; UltraAV could only reach out to customers after they were officially transitioned and became UltraAV customers,” the representative stated.

“After receiving notifications from Kaspersky, customers had the option to cancel their accounts directly with Kaspersky customer service and therefore would not be transitioned. If customers had already enrolled with another antivirus provider and did not cancel their accounts, they can opt out of UltraAV and coordinate with the customer service team to cancel and remove their account if they choose not to proceed with the service,” the spokesperson said.

The notification email from Kaspersky indicates that customers who have retained their antivirus subscription and moved to UltraAV will gain access to a password manager, VPN, and identity theft protection.

FredMT Admin Avatar