SpotON – our blog around digital compliance in enterprises
SpotON – Digital Compliance
Read here regularly on selected topics, developments and news from the areas:
SAM & Cloud – use software legally compliant and cost-effective
IT Security & Threat Intelligence – protect the IT landscape effectively
Data & Digitization – manage digital assets across the lifecycle
Complion Insights – look behind the scenes of digital compliance consultants
25/10/2022
Cybersecurity October Review: Zero-Day Vulnerabilities in Microsoft Exchange Servers
In early October, reports became public about two vulnerabilities in Microsoft Exchange Server 2019, 2016, 2013 - an email server software widely used in enterprises. To exploit them, malicious actors chain both vulnerabilities together. Thus, they can execute malware on Exchange Server to move further into the network, exfiltrate and/or encrypt data. In addition to the severity of the vulnerability, the problem is that malicious actors, presumably a state-sponsored organization, identified and exploited it before Microsoft did.
Security Operation Center – Realization and Implementation
In our past blog post, "SOC 101 – a brief introduction to Security Operation Centers," we talked about the mission and goals of a Security Operation Center. In this article, we will go into more detail about realization and implementation.
The People's Republic of China is commonly regarded (along with special cases like North Korea) as the most digitally regulated country in the world. The Great Firewall of China and laws such as the Personal Information Protection Law (PIPL) enable China to shape its internal software market. This is especially true for the provision of cloud services. We explain what sourcing such services looks like in the Microsoft environment in China in this blog post.
Half a Year of War: Interim Analysis of the VOICE Cyber Security Competence Center (CSCC)
On Feb. 24, 2022, when the first bombs hit Kyiv and Russian tanks rolled across the Ukrainian border, a turning point occurred. The global security situation had abruptly changed from "extremely tense" to "most critical point since 1945." It was clear to all experts, even before the invasion, that cyber activities would play a significant role in the Russian war of aggression. However, how Russian network operations are shaping up has been observed by the CSCC over the past six months and discussed with companies in the community. What we found out is described in this blog post.