News from KW36.2025, this time with a view beyond the horizon

From the noise the lights filtered, put for you in the news. Nine interesting contributions from week 1.9 – 7.9 (KW36-2025) Of course again two of them looked at in detail.

Article 1

Switzerland also chooses European IT security: Rethinking for strategic reasons

Swiss companies face an important decision: Who do you trust with your IT security? A recent survey shows a clear trend:

On Netzwoche.ch A dossier by Rainer Schwegler, Senior Territory Manager Switzerland, from the security company Eset read: The origin of software solutions is becoming increasingly important. An overwhelming majority of Swiss companies now prefer European or domestic suppliers -> for good reason.

Why Europe? The Search for Sovereignty

According to a representative study by analyst firm Techconsult, conducted on behalf of Eset, 72 % the Swiss Companies in the case of a new acquisition, specifically prefer a European provider. Already 44 % They rely on solutions from Europe or Switzerland, while U.S. suppliers only use 22 of them. % Respondents are used.

This strong rethinking has several causes that go beyond purely technical aspects:

Legal security: One of the main arguments is the clear legal framework in Europe. With the revised Swiss Data Protection Act (revDSG), the data protection regulations in Switzerland are largely compatible with European legislation. This creates trust and facilitates compliance requirements. In contrast, laws from third countries, such as the US Cloud Act, carry risks, as they may allow access to data without the consent of those affected.
Digital sovereignty: Companies want to stay in control of their data flows, systems and updates. They see the choice of the IT security provider as a strategic step towards strengthening their digital independence.
High willingness to change: Two-thirds of the companies surveyed are actively considering switching providers. This suggests that concerns about data protection and geopolitical dependence are growing.

Made in Europe as a promise of quality

Rainer Schwegler from Eset explained that ‘Made in Europe’ is more than just a label. It stands for a clear promise: digital sovereignty, legal transparency and technical trustworthiness. European providers often develop their solutions entirely in the EU, operate their data centres there and are subject to strict data protection laws, which also excludes the possibility of hidden backdoors.

For companies, this means not only legal certainty, but also greater transparency in product development. In view of the not-yet-old publication of a long-standing Affair with a Swiss intelligence service and the suspected transfer of data to a Russian IT provider, wins the topic Digital Sovereignty In addition to urgency.

For Swiss companies, the choice of a European provider is therefore a strategic decision, in order to be able to operate safely and transparently in the long term. It is no longer just about the functionality of a product, but about trustworthiness and reliability in an increasingly complex geopolitical landscape.

Article 2

Summer hole report? Reportedly 2.5 billion hacked Gmail accounts

A horror scenario haunts the net: 2.5 billion hacked Gmail accounts! Everywhere you read about it and wonder if you have to change all passwords quickly.

But stop it! Google itself has now made it clear that there is nothing wrong with these rumors.

Google said yesterday: ‘It's all nonsense!„

In recent days, reports of a huge data leak at Google, allegedly affecting billions of Gmail users, have spread rapidly. The recommendation: Change your passwords immediately! However, Google vehemently contradicts these rumors in its own blog post and calls them ‘completely wrong„.

Yes, there have been two recent security incidents at Google, but they had absolutely nothing to do with this alleged mass hack of Gmail accounts. Google also emphasizes how strong its security measures are. 99.9% of all phishing emails and malware attacks They are blocked before they even end up in the mailbox. This is an announcement!

What is really behind the rumors?

Where do these stories come from? Google has confirmed two real, but much smaller, security incidents:

Salesforce incident: (Already in July) Attackers gained access to a Salesforce instance of Google through social engineering. This mainly affected contact details of small and medium-sized enterprises, i.e. information that is often already public anyway.
Salesloft drift incident: (in August) Here, attackers with stolen OAuth tokens gained access to a ‘very small number of Google Workspace accounts’. However, Google immediately withdrew the tokens and informed the affected users.

Both incidents were far from a mass data leak at Gmail. So the panic that is spreading online is completely unfounded in this case.

The only thing that's striking about the whole thing is that Google had already warned about the problem in June, because at this point in time Already various companies Victims were made by fictitious calls, so-called vishing. It also does not exploit any vulnerabilities within the Salesforce instances.

Instead, the attackers would make phone calls to employees of the affected companies and pose as employees of IT support. They would then trick their victims into revealing credentials, granting remote access, or using a malicious application.

That being said, it is safe. How do you best protect yourself?

The rumors are thus false, but that does not mean that you should neglect your safety. In the counter pond! Take the opportunity to make your account even more secure. Best practices that Google recommends:

Use passkeys: They are the most secure alternative to the normal password and effectively protect against phishing attacks.
Strong password: If you want to stay with the password, use a unique per service, It is complex and not easy to guess..
Two-factor authentication (2FA): Be sure to activate 2FA. Even if your password falls into the wrong hands, no one can access your account.

Panic is inappropriate. Google has denied everything. Still, a little more security is always a good thing, isn't it? Let's stay with Salesforce:

Article 3

Salesforce Employee of the Month ‘Karl Klammer’ now provides IT support

Do you remember Karl Klammer, the annoying, but somehow also adorable Microsoft assistant from the 90s? Well, he's back:

Only this time he has a job in IT support and is pretty good at replacing people. According to Salesforce CEO Marc Benioff, the CRM giant 4000 Support Employees Replaced by AI.

Karl ‘Clippy’ bracket – here as spaceship Build in Starfield. Source: Reddit

AI instead of humans: A massive restructuring

In a podcast, Marc Benioff revealed that Salesforce relies heavily on AI to increase efficiency and reduce costs. The number of support staff has been reduced from 9000 to 5000 – a massive cut of over 40 percent.

Benioff explains that the AI wizards are able to take on a variety of standard tasks in support. This allows the remaining human employees to focus on more complex cases. According to Benioff, humans and AI are now working hand in hand. The system recognizes when AI reaches its limits and then automatically hands the customer over to a human employee. Should that work in practice, it would be a real added value.

The AI Sales Agent: Also found its way into the sales team

Change is not limited to support. Salesforce also relies heavily on AI in sales. The company had collected more than 100 million customer requests over the years, which were never processed due to staff shortages. Now come the so-called AI Sales Agents Take care of each of these leads.

According to Benioff, 50 percent of customer conversations today are conducted by AI, while the other half continues to be taken over by humans. This development shows that AI is not only seen as a tool, but as a full-fledged partner in everyday business.

Benioff's Change: From Critic to Advocate

It's interesting to see how Benioff positions himself. Not too long ago He called Microsoft's copilot the new Karl Klammer and denied him any benefit. Now he himself relies on a similar technology and justifies the drastic cuts with efficiency gains.

The question is whether this development is a blessing or a curse. Yes, it can increase productivity, but it also raises the question of the future of support and sales jobs.

What do you think? Is the use of AI to this extent the right way, or does customer service lose its human touch? Have a look at the episode itself:

Article 4

The Battle for Superheroes: Why Warner Bros. Discovery sues Midjourney

The Empire strikes back! After Disney and NBCUniversal filed suit against the AI image generator Midjourney, Warner Bros. Discovery (WBD).

The renowned media company accuses Midjourney of Theft of intellectual property. It's about nothing less than the most iconic figures in pop culture: Superman, Batman, Wonder Woman and even Scooby-Doo.

What is the core of the lawsuit?

Warner Bros. Discovery argues that Midjourney trained its artificial intelligence with illegal copies of copyrighted content. The lawsuit, filed in a U.S. court in Los Angeles, targets the central function of the service: Reproduction of famous characters.

WBD’s lawyers write in the application that Midjourney ‘believes that he is above the law’. They claim that users of the paid service can simply enter commands to create images of iconic figures like Superman in any scene imaginable. This is a clear violation of their rights, as these figures are reproduced and disseminated without their consent.

As evidence, WBD cites examples of Midjourney users being asked to generate images of Batman or Wonder Woman, and the AI delivers deceptively similar results. Even with generic requests such as ‘classic comic superhero battle’, WBD characters appear.

Why the big wave of lawsuits now?

WBD's lawsuit is part of a growing movement in the creative industry. Film studios, authors and artists are increasingly concerned about the unregulated use of their works for training AI models. They argue that their content is not only used for inspiration, but is directly looted, threatening their own business models.

Midjourney's argument: The AI company defends itself with the principle of Fair use. They claim that training AI models is a form of fair use. They also stress that the images generated are the result of users' creative instructions and that the platform is merely a tool for creating them.

The counter-arguments of the studios: Hollywood studios see it differently. They say that this is not a simple use for training purposes. They accuse Midjourney of deliberately advertising with the ability to generate protected characters to attract subscribers. A recently launched Midjourney TV streaming channel showing AI-generated videos is an attempt to compete directly with the studios.

What's at stake?

The outcome of this lawsuit could have far-reaching consequences for the entire AI industry. If the courts agree with the studios, AI companies may have to pay licensing fees for training data in the future. This would not only make the development of new AI models more expensive and slower, but could also create new business models for content licensing.

For the Hollywood giants, it's about protecting their most important assets: their characters and stories. The lawsuit is a clear signal that they are not willing to give up their intellectual property without a fight.

This is the beginning of a legal tug of war that could redefine the relationship between human creativity and artificial intelligence.

Article 5

The pound shock: When the cloud dreams burst and the supermarket complains

From one lawsuit to the next: Imagine you bought a new washing machine. The seller promises you a lifetime warranty and free service.

Two years later, the manufacturer is taken over by a large corporation, and suddenly everything is different. The lifetime warranty is no longer valid, and for every spare part you need, you'll need to purchase an expensive subscription. Sounds like a nightmare, right? This is exactly how many companies that rely on VMware products feel.

What happened? The Broadcom takeover and its consequences

At the end of 2023, the US company Broadcom acquired the virtualization specialist VMware. What at first looked like a normal fusion has really messed up the IT world. Broadcom has radically changed the entire licensing model: Away from the classic perpetual licenses, towards obligatory subscriptions. Expensive packages were put together from individual products.

This strategy has caused a massive shock to many companies. Cloud associations and users complain that prices have risen by up to 1500 percent. In Germany has the IT user association VOICE has already filed a complaint with the EU Commission. They accuse Broadcom of exploiting its dominant position.

Tesco v Broadcom: A battle for virtual infrastructure

The British supermarket chain Tesco is one of the largest IT users in the country and depends enormously on VMware software for its operation. Their systems, which host around 40,000 server workloads and inter alia connect the cash registers in the branches, are based on VMware virtualization technology.

Tesco acquired perpetual licenses for vSphere and Cloud Foundation in 2021, including a support contract until 2026. There was even the option to extend the support for another four years. Then came Broadcom.

Now Tesco is facing the problem of Broadcom linking support to the new subscription models. This means: Although Tesco has already paid for the licenses, they now have to buy expensive subscriptions to continue receiving support. Broadcom also refuses to allow Tesco to upgrade to the latest version of Cloud Foundation as promised in the old contracts. Even security updates are withheld if the company does not subscribe.

Tesco is not alone. Rebellion against this new company policy. Also Companies like AT+T the last year went to the barricades or This year, for example. Siemens, have already shown similar ‘pleasure’.

What's at stake?

For Tesco, the situation is serious. In the lawsuit, which involves a whopping £100 million in damages, the supermarket chain warns of potential disruptions to its digital infrastructure. This could even affect the food supply of stores across the UK and Ireland.

The Tesco case is just one example of many and clearly shows how risky dependence on a single provider can be. It highlights the need for companies to rethink their software strategies and protect themselves against such drastic changes. It remains to be seen how the court will decide. The lawsuit could become a precedent that has far-reaching implications for the entire tech industry.

Article 6

The big stream trap: How Police Are Hunting Illegal Football Pirates

The exciting Sunday evening in front of the TV is part of the festive ritual for many of you. Do you feel addressed? Then prepare beer and chips and ...then go there:

What if the game suddenly stops, the connection breaks and a message appears on the screen that points you to legal streaming providers? This is exactly what has happened to thousands of users of illegal sports streaming sites. I read about it on Golem.de. A large-scale police operation has unearthed a seemingly gigantic network. But did it really catch the big fish?

What happened? The big blow to Streameast

The anti-piracy organization Alliance for Creativity and Entertainment (ACE) Together with the Egyptian police, it was a great success. They announce that they have dismantled the ‘world’s largest illegal sports streaming network’. Specifically, it is about the so-called Streameast network. With over 136 million monthly views, it was one of the biggest points of contact for sports fans who wanted to watch their favorite games for free.

The illegal streams covered pretty much everything the athlete's heart desires:

Football: Bundesliga, Premier League, La Liga, Serie A, Champions League
Sports in the US: NBA, NFL, NHL, MLB
Other events: Boxing, MMA and Motorsport

If you call one of the 80 affected domains, you will no longer be greeted with a game, but with a warning message that points to legal streaming opportunities. This network was also very popular in Germany, which shows how great the demand for free content is.

The surprising twist: Was it just a copy?

While the ACE celebrates success, there is a surprising and somewhat confusing turnaround. Reports from platforms such as Torrent freak According to the action, it appears that the original operators of Streameast were not caught in the action, but only so-called ‘streameast’ operators. "Copycat pages". These are free-riders who have recreated the original page to benefit from the high number of visitors.

The operator of the real Streameast site is said to have even confirmed through his own communication channels that his service is still online and that he has nothing to do with the arrests in Egypt. He even warns his users not to visit the fake websites.

Why the whole thing?

The actions of the police and anti-piracy organizations have a clear goal: They want to destroy the business model behind the illegal streams. These sites are often ad-funded, making millions. The operators behind the illegal sites and their partners make money, while the rights holders (such as the Bundesliga) and the legal streaming services run out of money.

Although only part of the network may have been cut in this action, it sends a clear message to anyone who offers or uses illegal streams. The investigative authorities are cracking down and making it increasingly difficult for pirates to run their business.
For us users, this means: If you do not want to run the risk of getting targeted, you probably prefer to stay with the legal providers.

Article 7

EUR 1000 for ‘one disc’ of the Death Star: Has Lego lost his mind?

A thriller for the weekend: Lego fans and Star Wars enthusiasts, hold on. There is news that leaves us all speechless.

Lego officially has the first set with a price tag of 999.99 euros announced. It is the fourth version of the Death Star to appear under the set number. 75419 Appears. But before you scream for joy, look closely. This thing is not what you expect. Gamestar shows you A few insights.

The Death Star that only exists from the beginning

Lego had the chance to build the ultimate Death Star. A huge, detailed, completely walkable ball. What did they do instead? A flat disc death star. Yes, you heard it right. Instead of a 360-degree space station, which can be admired from all sides, we get a cross-section with a depth of only 27 centimeters. The set is designed to fit better in a showcase.

Honestly, isn't that the climax of madness? The Death Star is an iconic spherical symbol. Now we should spend 1000 euros on a kind of backdrop that you can only look at from the front, because the back is a chaos of technical stones and axes? Sorry, but that's just disappointing.

A price record – with fewer stones

For this dizzying price of 1000 euros you get the most expensive, but not even the biggest legoset in history. With his 9,023 building blocks It lies behind the Titanic and the Colosseum, which have more parts and were still significantly cheaper. The price per stone is a whopping 11 cents.

The 38 minifigures, including some rare characters, are a nice gimmick, but do they justify this price? I don't think so, Tim.

Fans hoping for a full bullet were already upset when the first rumors surfaced. Now that the price is known, the anger is likely to be even greater. Instead of fulfilling the dreams of the fans, Lego relies on a compromise that is only visually worthwhile if you put the set on a wall.

The question remains: Did Lego do itself a big favor with this price and this design? Or is it the moment when the brand annoys its most loyal fans for seemingly losing touch with reality? That's a thrill that will at least keep me busy in my Lego & StarWars circle of friends over the weekend.

The only bright spot on the number? Soon there will be a very entertaining Video of the Hero of Stones.

Article 8

BSI (and virtually all international partners) warn of Chinese hacking group Salt Typhoon

The focus of global espionage is that Simultaneously with published PDF the BSI provides insights into procedures and avoidance strategies.

In a joint statement, the German Federal Office for Information Security (BSI) and the US authorities NSA, CISA, FBI (and the Who-Is-Who of the remaining international security agencies) warn of the state-backed Chinese hacking group. Salt Typhoon. The group is targeting critical infrastructure such as telecommunications, government, transportation and military networks around the world for espionage.

The Joint Safety Note, published by all the above-mentioned authorities, contains both indicators of compromise (IOCs) and the exact tactics, techniques and procedures (TTPs) of the actors.

Attacks based on known vulnerabilities

The research shows that Salt Typhoon exploits primarily publicly known vulnerabilities for initial access to its victims' systems and no so-called zero-day gaps. The group uses infrastructures such as virtual private servers (VPS) and already compromised routers to penetrate the networks of telecommunications and network service providers.

The warning also lists, among other things, specific CVE numbers that are exploited by the hacker group:

CVE-2024-21887: A vulnerability in Ivanti Connect Secure and Ivanti Policy Secure web components.
CVE-2024-3400: A vulnerability in Palo Alto Networks PAN-OS GlobalProtect that could lead to remote code execution (RCE).
CVE-2023-20273 and CVE-2023-20198: Two vulnerabilities in the Cisco IOS XE software web interface that can be used to execute code with root privileges.

Caution is required!

Let's take a closer look at the PDF together, because this document provides detailed information on how to detect and prevent the activities of Salt Typhoon.

Strategies can be divided into two main categories: Proactive measures (avoidance) and reactive measures (detection).

Point 1: Strategies to avoid

To prevent the hacker group from invading networks, the report recommends a number of best practices:

Address vulnerabilities: Instantly patches known vulnerabilities such as the listed CVE numbers (CVE-2024-21887, CVE-2024-3400, CVE-2023-20273 and CVE-2023-20198). Since the attackers mainly rely on known, publicly accessible gaps, this is the most important step.
Hardening of systems:
- Disables unnecessary ports and protocols, such as Cisco Smart Install or Cisco Guest Shell.
- Rely on strong credentials and secure cryptographic algorithms.
- Uses multi-factor authentication (MFA) and blocks brute force attacks through lockouts.
- Used SNMPv3 Instead of older, insecure versions.
Network hardening:
- Isolates the management layer from traffic (Control-Plane Policing, CoPP) to prevent attackers from entering the management layer from the data layer.
- Ensures that no unusual tunnels or VPNs exceed network security limits.

Item 2: Strategies for detection

To identify ongoing or past compromises, you should also monitor the following:

Checks file directories (e.g. flash memory) for non-standard or unexpected files.

Configuration changes: Continuously monitors network device configuration for unexpected changes, especially in ACLs, routing tables, local user accounts, and authentication logs.

Logs and log files:

Monitors the logs of routers and other network devices for signs of deletion, disabling logging, or starting packet records (PCAP).

Pay attention to the creation of packet recording sessions (e.g. with names such as mycap or tac.pcap).

Suspicious network activities:

Monitors traffic on non-standard ports used for management services such as SSH or HTTPS. Salt Typhoon often uses port numbers such as 22x22 for SSH or 18xxx for HTTPS.

Watch out for FTP/TFTP transfers from network devices to unauthorized destinations.

Searches for unexpected tunnels (GRE, IPsec) between autonomous systems (ASNs).

Analyzes traffic for unusual TACACS+ connections (TCP/49) to unauthorized IPs.

Integrity check:

Performs hash verifications of firmware and software and compares them to the manufacturer's original values.

TL:DR – General recommendations: Detection & Reaction

Log and configuration check: Regularly check the logs and configurations of your network devices, especially routers, for unexpected or unauthorized activity.
- Searches specifically for unexpected GRE or other tunneling protocols, Especially foreign infrastructure.
- Verifies that unexpected external IPs have been set as TACACS+ or RADIUS servers or that other authentication services have been changed.
- Controls ACLs for unexpected external IPs.
- Searches for unexpected settings for Package recordings or Network mirroring.
- Checks if unexpected virtual containers are running on network devices.
Robust change management process: Introduce as strict a process as possible for changes to your infrastructure.
- Stores, tracks and checks all network configurations on a regular basis.
- Compares the approvals for changes to the actual configurations.
- Monitors the creation and modification of firewall rules.
- Sets alarms for unusual administrative access or commands on routers.
Comprehensive study: In the event of a suspected burglary, try to identify the full scope of the incident before taking any countermeasures. If the entire scope is not recognized, the attackers could retain access and cause further damage. The goal is to completely clean up the network to minimize the damage. Also pay attention to Large-scale data exfiltration.

Conclusion:

Although no successful activities of Salt Typhoon are known in Germany, the BSI calls for vigilance. The alert contains best practices for securing VPNs and routers, as well as specific recommendations for the mentioned products. I picked out a few, the whole 37 pages would have been here for the news ‘bissl arg’!

Article 9

Blood moon on Sunday night: The last total lunar eclipse until 2028!

Sky-watchers and night owls, watch out! This Sunday a rare spectacle awaits us in the night sky: A total lunar eclipse.

And the best thing about it? It takes place at a family-friendly time in the early evening. So grab the kids, a blanket and binoculars, because it's your last chance to experience this phenomenon in this form until 2028.

What happens on Sunday and when can you see it?

On Sunday evening, 7 September, Our earth moves exactly between the sun and the moon. This puts the moon in the shadows of our Earth.. Don't worry, it won't be completely invisible. Sunlight is refracted by the Earth’s atmosphere and directed towards the moon, which makes it shine in impressive shades of red – hence the name ‘blood moon’.

Blood moon image source: Kai Stachowiak on publicdomainpictures.net under CC0 — Image source: Kai Stachowiak publicdomainpictures.net under CC0

The first contact with the Earth's shadow already takes place at 18:27. However, the sun has not yet set and the moon has not yet risen, so unfortunately you will not see any of it. The crucial phase that totality, It starts at 7:31 p.m. From this point on, the moon is completely eclipsed.

Depending on where you live in Germany, Austria or Switzerland, you have to be patient a little. The further you live in the West, the later the Moon rises and the longer you have to wait for the start of the total eclipse. But don't panic: From 8:53 p.m., the moon emerges from the shadows and can then be seen everywhere in this country.

A rare sight – influenced by dust and clouds

This time the totality lasts 82 minutes, i.e. almost an hour and a half. How intense the red color of the moon will be depends on various factors, such as volcanic ash, Sahara dust or exhaust gases in the Earth's atmosphere.

One important thing you should not forget: Visibility also depends on the weather. Let's hope for a clear sky! Since the sky is still relatively bright at dusk, it can be difficult to find the eclipsed moon at first. But the higher it rises, the better the view.

If the clouds disturb your observation, don't panic! Many observatories and planetariums offer special events with professional telescopes on Sunday. Thanks to the star friends for the great compilation! Your corner isn't there? The search term could be ‘Volkssternwarte RegionXY’. Certainly some will also serve Youtube or Twitch live tonight.

This is a great opportunity for a trip to see the blood moon ‘up close’ and learn more about the celestial phenomenon. Alternatively, I can offer you the upcoming livestream as Plan B:

Take advantage of the opportunity, because the next clearly visible total lunar eclipse in the DACH space is only available again on the 31. December 2028. So it's worth taking a look at the sky this Sunday evening.

Sun-Tsu, COO in an international corporation must not be missing this week, of course, with his global wisdom.
The best IT strategy is flexible: Rigid strategies based only on one-off assumptions are certainly doomed to failure. Be prepared to adapt your plans as new information emerges and stay agile in an ever-changing technological environment.