Information security

The Cyber Gangsta's Paradise

As a preventive measure, cyber security is rarely an attractive topic in household budgets. After all, it is expenditure that initially "disappears" and offers no immediately visible added value - unlike, for example, the opening of a new data center or the construction of a sports field. Nevertheless, cyber security is of enormous importance - this is demonstrated not least by the increasing regulatory requirements at federal and EU level, such as NIS-2 or the Cyber Resilience Act (CRA). A professor of IT security at Augsburg University of Applied Sciences (THA) is now promoting the topic in an unusual way - with a catchy tune.

Prof. Dr.-Ing. Dominik Merli, Professor of IT Security at Augsburg University of Applied Sciences, presented a music video entitled Cyber Gangsta's Paradise at the annual forum for innovative security "Auxinnos" - which this year was dedicated to the CRA. He wants to use the song to draw manufacturers' attention to the new EU regulation, which stipulates a minimum level of cyber security for networked products.

Merli explains: "Cyber security is boring and just annoying? I see it differently. Cybersecurity needs creativity! Because security has to be on everyone's mind - as a catchy tune if necessary."

Once educational, once as an evil hacker

The song is a cover version of the well-known Gangsta's Paradise by US rapper Coolio. The music video begins with a scene in which two supposed managing directors of a fictitious company ask the professor to explain to them how they can circumvent the CRA regulations. Merli then raps about the damage that can be caused by a lack of protective measures - and that cybercrime is a lucrative business area for attackers. In another scene, he slips into the role of a black-hat hacker and raps:

"Why don't you leave security alone, 'cause nobody really wants it."

However, his awareness campaign goes beyond the music video. Merli provides comprehensive information about the requirements of the CRA on the LinkedIn professional network. He also explains on his YouTube channel how the requirements can be easily understood and implemented.

In the chorus, he gets to the heart of the message:

"IoT at any cost leads to Cyber Gangsta's Paradise."

By this he means: Not every product necessarily has to be internet-enabled. However, this is a development that can hardly be stopped, especially with the boom in the smart home sector. And if it does have to be networked, Merli sums up:

"Then it just needs a minimum level of cyber security."

Merli thus makes a contribution that some people would also like to see from politicians: a creative and appealing campaign that raises awareness of cyber threats among companies and authorities.

The music video by Prof. Dr.-Ing. Dominik Merli and his team can be viewed here.

Found on https://www.behoerden-spiegel.de/2025/05/15/das-cyber-gangstas-paradise/

URGENT MESSAGE: Warning about the new Microsoft Outlook

We strongly advise against using the new Outlook for data protection and security reasons!

Microsoft is currently advertising its new Outlook, which is provided free of charge by Microsoft and is intended to replace "Mail for Windows", especially in Windows 11. By using this new Outlook version, the access data from the mail accounts set up, here the RPTU account including password, as well as all mails from a mailbox, are transferred to Microsoft servers. This is very questionable in terms of data protection and security. Microsoft is thus able to analyze and evaluate the email content, attachments and contact data. We strongly advise against using the new Outlook! Data protection authorities have already taken action and also advise against using the new Outlook.

If you have any questions, please contact the RZ Service Center: https: //rz.rptu.de/support

Sources:

https://www.heise.de/news/Microsoft-krallt-sich-Zugangsdaten-Achtung-vorm-neuen-Outlook-9357691.htmlhttps://www.tlfdi.de/fileadmin/tlfdi/presse/Pressemitteilungen_2023/231117_PM_Outlook.pdf

IT emergency card

The IT emergency card "Behavior in case of IT emergencies" is the new information sign, analogous to the familiar format "Behavior in case of fire". Employees at RPTU are provided with important instructions on what to do in the event of an IT emergency, see below.

The measures listed enable RPTU to make the right decisions from the very first moment. The emergency card should be placed in central locations (e.g. in building 47, on the pinboard by the elevator on each floor and in the copy room) and makes a direct contribution to security awareness in your organization.

The information on the IT emergency card focuses on three messages:

  1. Knowing who to contact for IT emergencies in the organization and how to reach them.
  2. Immediate dissemination of crucial information on IT emergencies.
  3. Countermeasures only after consultation/instruction with the contact persons responsible for IT emergencies.

Not every IT emergency is easy to recognize. It is even more difficult to assess whether it is a malfunction or a cyber attack.

Examples of IT emergencies:

  • Data carrier (USB, hard disk, etc.) stolen or lost
  • Burglary on premises
  • End device (laptop, phone, tablet, etc.) stolen or lost
  • Hacker attack, malware (Trojans, malware, etc.)
  • Misuse of access rights
  • Personal data sent to the wrong recipient
  • Mail item was lost
  • Unintentional publication of data
  • Documents stolen or lost
  • Other etc. pp.

Training and awareness-raising measures within the organization provide a good framework for drawing attention to the IT emergency card. In this way, the workforce can become an important part of an organization's cyber security. Everyone should feel encouraged to report suspicious behavior patterns of IT systems.

Please let Ms. Anefeld know approximately how many copies you need for your (specialist) area, she will bring the emergency cards to you or send them by internal mail.

The Information Security team will be happy to answer any questions you may have.

Emergency brake for the surveillance catalog in the coalition agreement

Chaos Computer Club "CCC" calls for emergency brake for the

surveillance catalog in the coalition agreement

CDU, CSU and SPD drop all inhibitions. They are planning mass surveillance on three levels at once: Telecommunications, license plate and biometric data. The old and new huge piles of data are to be combed through with "automated data research and analysis". State hacking is also to be expanded.

The coalition agreement that the black-black-red government wants to conclude is so full of surveillance plans that every individual will be affected. Whether you communicate online, drive a car or post photos of faces online: All of this is to be recorded on a massive scale and analyzed if necessary.

And it's not just the mass surveillance and expansion of the use of state Trojans that is to come, the Christian Democrats and Social Democrats want a paradigm shift: informational self-determination is to be put to the stake, data use and all the "AI" nonsense is to be given priority.

The government-to-be is throwing overboard a concept that has so far been able to offer us some protection from the most disgusting effects of surveillance capitalism. But informational self-determination is a fundamental right and is not even up for discussion for free-wheeling surveillance believers who are oblivious to history. We must remind them of this.

The planned surveillance list

  • Data retention: All IP addresses and port numbers of all people are to be stored for three months without cause.
  • "Source tapping" is being expanded: This is the state trojan that monitors communications. The federal police will now also be allowed to hack.
  • Mass biometrics: A "biometric comparison with publicly accessible internet data" is planned, also "using artificial intelligence" (WTF?). The type of body data is undefined; face, voice, DNA are conceivable. In addition, "remote biometric identification" is permitted.
  • Grid search: An "automated data search and analysis" is to be created for the data dumps of police forces and secret services. Hesse, North Rhine-Westphalia and Bavaria use software from the US company Palantir for this purpose.
  • People "with psychological abnormalities" are to be screened for their potential risk of violence and are to be subject to "inter-agency risk management". CDU-Linnemann called it the register for the mentally ill.
  • Even more surveillance capitalism: we are to be handed a "culture of data use and data sharing that establishes a data economy". The right to informational self-determination would become a joke.
  • Automated license plate reading systems are to record vehicle license plates.
  • More video surveillance, wherever crime is to be combated with lots of cameras instead of sensible measures.
  • Even more secret service data exchange with even less control.
  • The government wants to expand what it misleadingly calls "active cyber defense ". Hacking back is not a defense, but an attack.

If this list doesn't put you in a bad mood, you can't be helped. The CDU, CSU and SPD seem to have learned nothing from decades of established supreme court case law. They are not only sticking to their stubborn insistence on data retention, but are also planning further mass data collection of innocent people without cause.

This draft coalition agreement shows that the waffling phrases about "sovereignty" in the context of "digitalization" are mere window dressing. This is obviously only supposed to exist for US tech companies: With the mantra of mutating us into an "AI nation", the coalition is already sinking to its knees before the new machine landlords as a precaution, with shadow intelligence services such as Palantir included.

As a result, the paper delivers a dictatorship cutlery set, turnkey and tailor-made. The successor government is already licking its repressive claws.

The members of the SPD still have the chance to pull the emergency brake and prevent the dismantling of important basic rights. We therefore appeal to the Social Democrats: Do not vote for this watch list!

Left:

Draft of the coalition agreement between the CDU, CSU and SPD in the 21st legislative period: https: //fragdenstaat.de/dokumente/258046-koalitionsvertrag-cdu-csu-spd-2025-entwurf/

Found on https://www.ccc.de/de/updates/2025/ueberwachungshoelle

Information security at universities

Science Minister Clemens Hoch: We are expanding information security at universities in the state

The university presidents and Science Minister Clemens Hoch have signed a new joint state strategy in Mainz to increase information security at universities in Rhineland-Palatinate.

"Universities are also increasingly being targeted by cyber criminals. With their sensitive data, they must therefore be better prepared for cyber attacks in the future. I am delighted that we have found a joint response to the increasing threat to universities in the state with the new state strategy to increase information security. Our universities will work together even more closely on this topic in future in order to share experiences, learn from each other and join forces. The state is supporting them in this process and is providing a total of around five million euros in the upcoming double budget to strengthen information security," said Science Minister Clemens Hoch at the signing ceremony.

"The universities in Rhineland-Palatinate greatly appreciate the efforts made by the state to increase their information security. We are aware that these are indispensable investments that we as universities can only meet together with the support of the state. In view of the vulnerability of our digital infrastructures, it is extremely necessary and wise to pool the expertise of our universities and make efficient use of synergies in order to jointly develop solutions for greater cyber security," added Prof. Dr. Susanne Weissman, Chairwoman of the State Conference of University Presidents (LHPK) and President of Mainz University of Applied Sciences.

With the new state strategy to increase information security at universities, a series of measures have been agreed to make universities more resistant to security threats in the future. If security incidents do occur, they should also be able to react in a structured and planned manner. To this end, measures at the individual universities and central measures have been closely coordinated. Clear responsibilities and processes with regard to information security are to be created locally. At the same time, exchange and cooperation are to be strengthened in order to pool existing expertise and learn from the experiences of other universities.

Among other things, information security officers are to be established at all universities to further promote information security in an advisory and coordinating capacity on site and in exchange with the information security officers of other universities. Where full-time information security officers have already been established, the additional personnel resources can be used for a specific purpose in the area of information security - for example to set up a deputy.
In addition, the universities want to gradually implement the requirements of the IT baseline protection methodology of the Federal Office for Information Security (BSI) by 2030 if possible. A new Information Security Service Center ("RARP SIS") is also to be set up at the University of Kaiserslautern-Landau as another service of the Rhineland-Palatinate Data Center Alliance (RARP), which will advise and support the universities in the introduction of BSI baseline protection, bundle relevant information on information security and build up a university-wide pool of training and awareness measures. The individual universities have limited IT resources to deal with serious incidents such as cyber attacks. In a cooperative structure such as the RARP SIS, the expertise and information available locally can be pooled more effectively in future.

Regular monitoring of the implementation status of the national strategy by the information security officers should ensure implementation progress, identify obstacles at an early stage and ensure a solution-oriented exchange of information.

Found on https://mwg.rlp.de/service/pressemitteilungen/detail/wissenschaftsminister-clemens-hoch-wir-bauen-die-informationssicherheit-der-hochschulen-im-land-aus

Information and downloads