Cybersecurity Blog

Security in CI and CD: How to Master the OWASP Top 10 Risks

28/06/2023

Continous Integration (CI) and Continous Deployment (CD) have become important components of software engineering in recent years. Automation enables development teams to deploy new features and updates quickly and efficiently. However, the use of CI/CD also poses some security risks that must be considered. The OWASP Top 10 CI/CD Security Risks provide an overview of the most common risks and suggests ways to overcome them.

Fake Profiles on LinkedIn

07/06/2023

It’s hard to imagine today’s business world without LinkedIn as a social platform. Whether it’s sharing posts, networking with business partners, or acquiring new talent, LinkedIn is often the tool of choice. True to the idea of see and be seen. Anyone who wants to be successful strives for attention, recognition, and reach. This phenomenon also attracts scammers who take advantage of members’ open disclosure. Such fake profiles can have unpleasant consequences for companies. Find out what these consequences are and how you can protect yourself from them in this article.

Batch File Obfuscation Incident

24/05/2023

Attackers use batch files to automate and speed up their work because they allow the execution of multiple commands. This way, the attacker does not need to provide any manual input but just needs to execute the malicious script on the victim’s system.

An Introduction to Batch File Obfuscation

12/05/2023

Batch files are an essential tool many users and administrators use to perform automated tasks. However, attackers also use these batch files to execute malicious commands on a system. To avoid detection by antivirus software, batch files are obfuscated.

Passwords: Common Mistakes, Best Practices & Tips

04/05/2023

May 4, 2023 is World Password Day. This day takes place every year on the first Thursday in May and aims to raise awareness about the importance of secure passwords. The aim is to educate about best practices in password management and encourage people to take steps to improve the security of their online accounts.

“Your Site Has Been Hacked” – Fraud Attempt or Reality?

26/04/2023

Ransomware is currently what everybody is talking about. Everyone fears becoming a victim and bearing the consequences for their reputation as well as the financial impact of it.

Threat Hunting in Azure Active Directory and Microsoft 365

12/04/2023

As Microsoft services move to the cloud, Azure Active Directory (Azure AD) and Microsoft 365 (M365) are becoming popular targets for attackers. Threat hunting can help uncover signs of compromise early on.

ISO/IEC 27001: What Has Changed and What Does It Mean for Your Company?

28/02/2023

The international standard ISO/IEC 27001 is a fundamental standard for information security. It defines requirements for establishing, implementing, and maintaining an information security management system (ISMS) and serves as the basis for certification.

Vulnerability Scanners and How to Protect Your Company From and With Them

01/02/2023

Vulnerability scanners are often used during security audits. The goal: to be one step ahead of the cybercriminals!

Penetration Testing vs. Bug Bounty Programs – What Are the Differences?

19/01/2023

A bug bounty program and a penetration test are both important measures to improve the security level of a system. However, there are important differentiators between the two that need to be understood before deciding which one to use.

Cybersecurity: Guarding Against Unauthorized Access

03/01/2023

Learn about the most common initial attack vectors and their protection recommendations.

Emails are a Popular Entry Point for Attackers

22/12/2022

Emails are a Popular Entry Point for Attackers

Schützende Windows-Firewall konfigurieren

Configuring a Protective Windows Firewall

09/12/2022

Configuration of a local Windows firewall and what and how it can protect against.

The Five Best Cybersecurity Podcasts

30/11/2022

Do you like listening to podcasts? Get to know the best five cyber security podcasts.

The Differences Between Penetration Test and Red Teaming

01/06/2022

Penetration test and red teaming are cybersecurity terms. But what exactly is red teaming? And what is a penetration test all about? What are the differences between the two terms?

BloodHound – Tracking Down Vulnerabilities in Active Directory

12/05/2022

A modern Active Directory environment consists of many different components. There are clients, servers, databases, users, applications and much more. It is easy to lose track of everything (especially as a Red Team). The BloodHound tool can help here.

Live Operating Systems – Useful Helpers

25/04/2022

Computers often have strange behavior that cannot always be explained right away. Just because a laptop worked flawlessly the night before does not mean that problems won’t pop up out of nowhere the next day. In most cases, these are minor problems that can be solved quickly. However, it can also happen that the computer suddenly does not boot up at all and hangs during startup.

Become a Proven Web App Penetration Tester With the Web Security Academy

11/04/2022

What are the most common security vulnerabilities in web applications? What does an attacker need to do to find and exploit them? And how can developers protect their web applications against them? Answers to these questions as well as practical hands-on examples are provided by PortSwigger’s Web Security Academy.

DFIR, Simple: Track Ransomware Attacks

03/03/2022

Ransomware has long been on everyone’s mind and part of daily news coverage. Oneconsult’s Digital Forensics and Incident Response specialists are regularly asked to present background information on such cyber attacks, discuss them and address the current threat situation. A central element is to show that all industries, company sizes and private individuals are affected by ransomware attacks and the associated risks.

BGP Hijacking – Data on the Run

16/02/2022

From time to time, ships are blown off course, wrecked or, in the worst case, sink together with their cargo. The same can happen to the data that is sent over the Internet every day: It can deviate from its usual route and reach its destination in a big detour, but it can also end up with the wrong recipient altogether and thus be lost to the actual target – usually unintentionally, but in some cases also intentionally.

Security in CI and CD: How to Master the OWASP Top 10 Risks

Fake Profiles on LinkedIn

Batch File Obfuscation Incident

An Introduction to Batch File Obfuscation

Passwords: Common Mistakes, Best Practices & Tips

“Your Site Has Been Hacked” – Fraud Attempt or Reality?

Threat Hunting in Azure Active Directory and Microsoft 365

ISO/IEC 27001: What Has Changed and What Does It Mean for Your Company?

Vulnerability Scanners and How to Protect Your Company From and With Them

Penetration Testing vs. Bug Bounty Programs – What Are the Differences?

Cybersecurity: Guarding Against Unauthorized Access

Emails are a Popular Entry Point for Attackers

Configuring a Protective Windows Firewall

The Five Best Cybersecurity Podcasts

The Differences Between Penetration Test and Red Teaming

BloodHound – Tracking Down Vulnerabilities in Active Directory

Live Operating Systems – Useful Helpers

Become a Proven Web App Penetration Tester With the Web Security Academy

DFIR, Simple: Track Ransomware Attacks

BGP Hijacking – Data on the Run

Your contact for cyber emergencies

Your security is our top priority – our specialists provide you with professional support.