Threat intelligence company Cisco Talos has published its quarterly threat intelligence analysis for the first quarter of 2023. According to the report, publicly available web applications were a major target of threat actors during this period. Nearly half of all attacks (45 %) use such applications as an initial vector to gain access to systems. Compared to the previous quarter, this represents an increase of 15 %. Many of these attacks used web shells that compromised servers accessible via the Internet. Generally speaking, a web shell is a malicious script that masquerades as a legitimate file, opening a backdoor to the web server. Web shells are usually "left behind" for further attacks after an already successful infiltration. According to the Talos researchers, attackers benefited from the fact that many web application user accounts were only protected with weak passwords or single-factor authentication.

Strengthened ransomware defenses thwarted greater successes

The threat from ransomware remains high. Even though Cisco Talos observed a general decline in successful extortion cases in the first quarter of 2023, ransomware activity remains high overall. So-called "pre-ransomware" activities accounted for approximately one-fifth of all attacks, so a rise in successful attacks can be expected again in the coming months. Cisco Talos was able to attribute many of the preparatory attack activities to well-known ransomware groups such as Vice Society. According to the researchers, the quick intervention of security teams at victim companies helped contain attacks before encryption could take place. In the first quarter of 2023, healthcare was the primary target for criminals, followed closely by retail, real estate and hospitality. 

OneNote documents as a weapon

So-called "commodity malware" was already on the rise last year. It is widespread and can be purchased or downloaded for free. Commodity malware is usually not customized and is used by threat actors at various stages of their activities. In the first quarter of 2023, previously sighted commodity loaders such as Qakbot now appeared again in greater numbers. Qakbot frequently made use of malicious OneNote documents in the process. The use of malicious OneNote attachments was also observed in other attack attempts. So, threat actors, according to Talos' analysis, continue to experiment with file types that do not rely on macros. Microsoft had begun disabling macros by default in its applications in July 2022. Other applications that carry and manage other files are also affected.

More results

The first quarter of 2023 brought further findings. For example, thirty percent of the observed attack cases either did not have multi-factor authentication (MFA) enabled or had it enabled for only a few accounts and critical services. Further, the open source toolkit Mimikatz was used in nearly 60 percent of ransomware and pre-ransomware deployments this quarter. Mimikatz is a widely used post-exploitation tool that steals login IDs, passwords, and authentication tokens from compromised Windows systems.

But there is also more encouraging news: Recent law enforcement successes in breaking up large ransomware gangs (e.g., Hive) are having an impact. However, this creates room for new families or the formation of new partnerships. For example, a new Ransomware-as-a-Service (RaaS) family appeared in Q1/2023 with Daixin Ransomware.

Source: Cisco

This article originally appeared on m-q.ch - https://www.m-q.ch/de/web-shell-angriffe-als-neue-top-bedrohung/

A new Fanta is now available throughout Switzerland that will put taste buds to the test and make them ponder - because the purple bottles reveal nothing about their contents. For the fourth year in a row, fans are being called upon to solve the mystery surrounding the mysterious flavors of the limited edition What The Fanta.

"Fabulous Flavour Hunt" Cooking Show

This year, the search will be accompanied by the "Fabulous Flavour Hunt" cooking show with host Gloria, who will help curious taste hunters decipher the clues. Presenter Gloria goes on a mission to help Fanta fans correctly guess the new flavors. In addition, clues are published on social media that need to be deciphered.

In the spirit of the Milan Declaration, all What The Fanta flavors come without sugar. The variety is available for a limited time only via the local website and nationwide at Coop, Migros and Spar.

The global animal welfare organization Vier Pfoten and the Fur Free Alliance, initiator of the European Fur Free Initiative, welcome Puma as a prominent partner in the circle of fur-free companies. Although the brand currently has no fur products in its range, the company reaffirms its rejection of fur products by joining the international Fur Free Retailer Program. As one of the largest sporting goods brands in the world, Puma thus aims to help raise awareness of animal welfare and exert a positive influence on the industry.

"Puma has been working in the field of sustainability for more than 20 years. In addition to focusing on human rights, climate protection and the circular economy, our biodiversity goals already included endangered species and their habitats. With the introduction of Puma's Animal Welfare Policy in 2021, we took an important step to ensure that animals are treated humanely along our supply chain. We are constantly developing new innovative materials that help us eliminate the use of animal skins. That's why we joined the Fur Free Retailer Program and stopped using kangaroo leather this year," says Stefan Seidel, Senior Head of Corporate Sustainability at Puma.

The Fur Free Retailer Program is a global initiative to connect fur-free businesses with customers looking for ethically made products.

Ad tech provider Adello is breaking new ground with the launch of #ChatWithMe: The AI-powered advertising format invites users to get in touch with a virtual assistant. The type of interaction is more natural thanks to "conversational AI",
simpler and at the same time more in-depth than is the case with common chatbots, Adello shares.

This would open up a new type of product and brand interaction directly in the advertising medium. By using ChatGPT capabilities in conjunction with specific product or company information for natural language processing, businesses can now
Build more natural, deeper, personal connections with their audiences.

The advertising format allows users to converse directly in the advertising banner with a virtual assistant who answers questions and provides detailed information about the advertised product or company. Adello filters the input, defines the roles and integrates customer-specific data. Brand safety is also a given.

The traditional Swiss company Ochsner Shoes is launching a new cooperation with the fashion label Nikin and is including the sustainable brand in its range. Both brands bring their strengths to the first joint spring and summer collection, which will be available from May 1.
2023 will be on sale in 61 stores and in the online store. A second collection is to follow in the fall. Nikin is known for planting a tree for every product sold,

In a first step, Ochsner Shoes expands the range with espadrilles, mules, flip flops and caps, which are made of sustainable and recycled materials and produced in Spain. In the fall, the collection will be complemented by a selection of different Nikin sneakers. To celebrate the campaign, an event will take place on Saturday at the Ochsner Shoes store in Aarau, with founder Nicholas Hänny in attendance.

Excited about new geomatics lab

Focus on digital and sustainable design and construction

Comprehensively equipped with pioneering technologies

This article originally appeared on m-q.ch - https://www.m-q.ch/de/fhnw-setzt-mit-neuem-geomatik-labor-neue-standards-in-lehre-und-forschung/

The CyberSeal is a result of the implementation plan of the National Strategy for the Protection of Switzerland against Cyber Risks (NCS) 2018 to 2022. So far, more than 30 IT service providers have received the CyberSeal.

CyberSeal as a seal of quality

A cyber attack on an SME can cause considerable material damage. The company's image can also be severely damaged. The majority of SMEs rely on external
IT service providers to be able to concentrate on their core business. But how does an SME recognize which IT service provider has the right competencies? When it comes to IT security, the differences between the individual service providers are very large and the risk of choosing the wrong one is correspondingly high. The National Cyber Security Center (NCSC) recognized this problem some time ago and supported the development of the "CyberSeal" seal of approval by private players.

30 audited IT service providers to date

The CyberSeal certifies an IT service provider's competence in implementing measures to adequately protect its SME customers from cyber risks. The CyberSeal serves as a guide for SMEs when choosing the right IT service provider. To date, over 30 IT service providers have received the CyberSeal, and 10 more are about to complete the CyberSeal audit. However, in order to make the digital space more secure for Swiss SMEs, the ADSS association would like to see significantly more participants. After all, IT service providers have a significant influence on the cyber resilience of the Swiss economy.

The list of service providers certified to date can be here can be viewed.

This article originally appeared on m-q.ch - https://www.m-q.ch/de/mehr-sicherheit-fuer-kmu-dank-cyberseal-geprueften-it-dienstleistern/

The BrandAsset ValuatorTM is the largest and most comprehensive brand study in Switzerland, in which 8,000 Swiss people are surveyed on more than 800 brands. The BAV has been surveyed since 1995 and in annual waves since 2022. In addition to a range of image attributes, it primarily measures brand strength and, most recently, brand love.

With its placement as the "most loved brand" in the automotive sector, Audi is continuing the trend of recent years. The dedicated harmonization of TV, print, digital and social media enables the emotionalization of Swiss customers, the company says.

Katharina Momani Head of Marketing Audi Switzerland explains: "We convey an attitude to life and appeal to our customers on an emotional, meaningful level. The goal is to create a strong brand identity. In addition to classic advertising and concept studies, we focus on brand experiences. For example, we create product proximity with the popular Audi Driving Experiences, whether on the race track or on ice, and arouse strong emotions with the "money can't buy" experiences."

At the brand congress on June 14, interested parties can learn more about Audi's brand strategy and its implementation. To register go to here.

The Neni dishes come from the kitchen of Haya Molcho and her four sons. Together with Migros Daily, the small dishes have now been designed for the Migros fresh food counter. New and familiar ready-to-eat dishes such as Jerusalem Chicken, Baba Ganoush or Hummus are now available in bowls at Migros.

Because the eye also eats, Process has developed its own branding for the market launch, which will be used at the Migros PoS, in Migros' own media and in various awareness measures.

Responsible at the Federation of Migros Cooperatives: Franziska Coninx, Simone Döbelin, Martina Fäh, Christian Keller, Thomas Blumer. Fotography and moving image: Bruno Rubatscher, Oliver Roth, Christian Küng. Food styling: Claudia Stalder. Production: Tina Aich, Peter Kuhn (casting), Marie Dami (styling), Linda Belkahla (hair & make-up). Agency: Process.

As a subsidiary of Amag Leasing, Movon offers leasing transactions for fleet customers as well as fleet services from a single source. "We optimize the mobility of our business customers through sustainable as well as innovative solutions and at the same time support them in achieving their corporate goals," says Managing Director Sergio Calabrese, explaining Movon's mission.

The dynamism and progressiveness suggested in the name, derived from the English term "move on," is also reflected in the design. The accent arc in the logo is intended to signal movement and underscore the significant pronunciation. With a warm, energetic visual aesthetic, Movon also wants to present itself as a holistic, innovative partner in the fleet leasing business for SMEs and large companies. The bright blue as the brand color rounds off the dynamic appearance.

Responsible at Movon: Sergio Calabrese (Managing Director), Giovanni Luca Carta (Head of Sales & Communication), Jamilla Allaoui (Manager Marketing Communications). Responsible at Heads Corporate Branding: Ralph Hermann, Dominique Banschbach, Sina Frank (Consulting/Strategy), Marco Simonetti (Design/Graphics).

Assessing what the inside of materials looks like from the outside? This is technically possible in principle, for example with X-ray technology. Or if damage is not an issue, you can simply cut the material open. A new method based on AI now makes use of the fact that much of what happens inside a material also has an influence on the surface. A team of researchers at MIT used deep learning to compare a large set of simulated data on the external force fields of materials with the corresponding internal structure to develop a system that can make reliable predictions about the interior based on the surface data. The results were published by PhD student Zhenze Yang and Professor of Civil and Environmental Engineering Markus Bühler in the journal "Advanced Materials".

When surface structures refer to the interior

According to Markus Bühler, this is a common problem in engineering: "If you have a piece of material - perhaps a car door or a part of an airplane - and you want to know what is inside the material, you can measure the strains on the surface by taking pictures and calculating how much deformation you have. But you can't really look inside the material. You can only do that by cutting it up and then looking inside to see if there's any damage." X-ray technology, on the other hand, is expensive and requires bulky equipment. "So we basically asked ourselves the question: Can we develop an AI algorithm that looks at what's going on on the surface, which we can easily see with either a microscope or a photograph, or just measures things on the surface of the material, and then tries to figure out what's going on inside?" This internal information could include damage, cracks or stresses in the material or details of the internal microstructure. The same kind of questions can also apply to biological tissue, adds Markus Bühler. "Is there a disease there, some kind of growth or changes in the tissue?" The aim was to develop a system that can answer these kinds of questions in a completely non-invasive way.

Tracking down the inner life of materials with deep learning system

"To achieve this goal, we had to deal with complex issues, including the fact that there are multiple solutions to many of these problems," says Bühler. For example, many different internal configurations can have the same surface properties. To deal with this ambiguity, "we developed methods that show us all the possibilities, basically all the options that could lead to this particular [surface] scenario".

In the technique they developed, an AI model was trained using large amounts of data on surface measurements and the associated internal properties. This included not only uniform materials, but also those containing different materials in combination. "Some new aircraft are made from composite materials, so they are deliberately made up of different phases," says Bühler. "And of course, in biology too, every type of biological material is made from several components that have very different properties, such as bones, where there are very soft proteins and very rigid minerals."

Widely applicable method

The technology even works with materials whose complexity is not yet fully understood, says Markus Bühler. "With complex biological tissue, we don't understand exactly how it behaves, but we can measure the behavior. We don't have a theory for this, but once we have collected enough data, we can train the model."

Zhenze Yang says that the method they have developed is broadly applicable. "It is not limited to problems in solid mechanics, but can also be used in other technical disciplines such as fluid dynamics and other fields." Bühler adds that it can be used to determine a wide range of properties, not just stress and strain, but also fluid or magnetic fields, for example the magnetic fields in a fusion reactor. It is "very universal, not only for different materials, but also for different disciplines".

Yang says he first thought about this approach when he was examining data on a material where part of the images he was using were blurred, and he wondered how it might be possible to "fill in" the missing data in the blurred area. "How can we recover this missing information?" he asked himself. As he read on, he realized that this was an example of a common problem known as the inverse problem, which attempts to recover missing information.

How the deep learning system for material properties was developed

The development of the method was an iterative process in which the model made preliminary predictions, compared them to actual data about the material in question, and then further refined the model to incorporate this information. The resulting model was tested on cases where the materials were known well enough to calculate the actual internal properties, and the predictions of the new method matched well with the calculated properties.

Training data included images of the surfaces, as well as various other measurements of surface properties, including stresses and electric and magnetic fields. In many cases, the researchers used simulated data based on an understanding of the underlying structure of a particular material. And even if a new material has many unknown properties, the method can produce an approximation good enough to give engineers a general direction for further measurements.

The two researchers assume that this method, which is available via the website GitHub is freely accessible to everyone, will initially be applied primarily in laboratory environments, for example when testing materials for soft robotics applications.

Source: Techexplore.com

This article originally appeared on m-q.ch - https://www.m-q.ch/de/deep-learning-system-erforscht-das-innere-von-materialien-von-ausserhalb/

A strong password must be at least twelve characters long and contain both lowercase and uppercase letters, special characters as well as numbers. In addition, the password must not appear in any dictionary. Such passwords are difficult to remember. Especially if, as recommended, a separate password is used for each application. Therefore, passwords like "hello" or "123456" are still among the most commonly used passwords in Switzerland. Weak passwords like these make it easy for cybercriminals to hack user data and misuse it for illegal purposes. With the current campaign, the security authorities and their partner organizations point out the dangers of weak passwords and show how you can optimally protect your access.

Technical means support cybersecurity

In order to create a strong password for every access and to manage the passwords securely, so-called password managers serve as helpful support. Users only have to remember one strong password, namely the password manager password. Security is supported by 2-factor or multifactor authentication. Here, in addition to the password, the knowledge factor, other factors such as biometric data, e.g., fingerprint or Face ID, are added. 

National password security awareness campaign

Since May 1, the NCSC, the SKP and the cantonal and municipal police corps, with the support of iBarry and EBAS, have been raising awareness among the Swiss population about the importance of strong passwords. With tongue in cheek, it is made clear that simple passwords, moreover pinned on Post-its, are very tempting for cyber criminals. On the campaign website S-U-P-E-R.ch, learning videos provide further information. With the acquired knowledge and a little luck, one not only wins more cyber security, but also a competition prize. The campaign will run until May 31, 2023. 

Source: Swiss Crime Prevention (www.skppsc.ch)

More information

This article originally appeared on m-q.ch - https://www.m-q.ch/de/nationale-sensibilisierungskampagne-zur-passwortsicherheit/