Project execution still guaranteed despite COVID-19
Dear customers and interested parties,
Despite the current developments regarding COVID-19, Oneconsult is able to carry out all projects without any loss of quality and without delays. We have already taken the technical and organizational measures years ago to guarantee you the usual high service quality even in this exceptional situation.
Oneconsult adheres to the specifications of the governments of Switzerland and Germany. As in most companies with the corresponding possibilities, the majority of our employees have been working from their home office since the beginning of March. Video and telephone conferences take place via our own or your preferred system. If desired, we can also continue to conduct on-site tests. As always, the data is stored encrypted.
Our digital forensics & incident response team is also on duty for you in this situation around the clock. Thus you continue to receive the usual Oneconsult service.
We will be happy to answer your questions at: email@example.com or +41 43 377 22 22
Christoph Baumgartner (CEO), Tobias Ellenberger (COO), Tobias Castagna (CTO) and Jan Alsenz (CRO)
Oneconsult group is your renowned Swiss cyber security services partner since 2003 with offices in Switzerland and Germany and 2000+ completed security projects worldwide. Get expert advice from an owner-managed and vendor-independent consultancy with 40+ highly qualified cyber security experts, including certified ethical hackers / penetration testers (OPST, OPSA, OSCP, OSCE, GXPN), digital forensics specialists (GCFA, GCFE, GREM, GNFA), ISO security auditors (ISO 27001 Lead Auditor, ISO 27005 Risk Manager, ISO 27035 Incident Manager) and dedicated IT security researchers to solve even your most demanding information security challenges. Together we address your external and internal threats such as malware infections, hacker attacks and APT as well as digital fraud and data leakage with core services like penetration tests / ethical hacking, real-life APT tests and ISO 27001 security audits. In case of emergency, Oneconsult’s Digital Forensics & Incident Response (DFIR) team supports you with around-the-clock expert assistance (24 h x 365 days).
In the Digicomp webinar „Techniques and Tools That Cybercriminals Use for Attacks“ (in German only), Yves Kraft, Branch Manager Bern and Senior Penetration Tester & Security Consultant, will explain which strategies cybercriminals pursue and why SMEs and private individuals are also increasingly targeted by attackers.
The DigiSnack webinar will take place on Monday, 12 April 2021, from 14:00 to 14:45.
Please check the Digicomp website for further information and registration.
In the webinar “Explained by a hacker: MS Teams and Office 365 as new targets for cyber criminals” (in German) by Yves Kraft, Branch Manager und Senior Penetration Tester & Security Consultant, you can learn more about possible attacks against MS Teams and Office 365 and how to protect yourself and your company against such attacks.
Click here to watch a recording of the webinar from 09 December 2020.
by Nadia Meichtry
On 23 February 2021, VMware published a Security Advisory. It indicates that VMware vCenter Server is vulnerable to an RCE (Remote Code Execution) vulnerability that has been rated critical.
In the latest issue of iX magazine (02/2021) you can find the next part of the series of articles about Active Directory security by Frank Ully, Chief Technical Officer of Oneconsult Deutschland GmbH. The sixth article picks up on the last (iX 12/2020) and penultimate (iX 11/2020) article of the series and describes further ways for attackers to gain higher privileges in the Active Directory beyond the possibilities explained so far.
by Lena Reitzle
You could say that the OWASP Top 10 Proactive Controls is a bit different from other better-known OWASP top ten lists – for example, the ten most critical risks for web applications (“OWASP Top 10”) or APIs (“OWASP API Security Top 10”) – because it goes beyond simply describing potential risks: The Proactive Controls are primarily aimed at developers and provide them with specific measures for developing secure applications. They also serve to raise awareness among developers of the immense importance of application security.
This first part of the two-part article describes Proactive Controls C1 through C5. The following second part will take a closer look at C6 through C10.
by Marco Wohler
Hardening systems is always an issue. Many who are only starting to deal with it are affected by a security incident. Oneconsult helps companies to manage such incidents. In various incidents as well as in customer projects, a variety of problems with hardening could be identified. On the one hand, there is often a shortage of resources to review and adapt the many guides, tips and standards. On the other hand, the infrastructure has often already grown without hardening playing a role. This makes it difficult to implement hardening measures “just quickly”, since afterwards – almost guaranteed – a service will no longer run properly.
Our customers value our expertise and vast project experience of over
Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.
Security audits, e.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls
Methods and Standards
Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.
Oneconsult International AG
+41 43 377 22 22
Oneconsult Deutschland GmbH
+49 89 248820 600