Blog
Informative, up-to-date and exciting – the Oneconsult Cybersecurity Blog.

Cybersecurity Blog

Browse through exciting articles, current news and helpful tips & tricks from our experts on all aspects of cybersecurity.

swiss-national-flag-above-federal-palace-bern

The EU Cyber Resilience Act (CRA): What Swiss Companies Need to Know

02/06/2026

It’s Tuesday morning. Your robot vacuum is quietly doing its rounds while you’re in a meeting – a perfectly ordinary situation that you don’t give a second thought to. After all, it’s just a device, a little convenience. To an attacker, however, this very robot vacuum isn’t just an everyday helper – it’s a gateway into your network. It is precisely this scenario that has EU lawmakers concerned, which is why they drafted the Cyber Resilience Act (CRA). This law also applies to Swiss companies that sell, import, or distribute products with digital elements throughout the EU.

MORE
abstract-ai-agent-illustration

AI Agent Security: Threats and Attack Vectors

20/05/2026

Artificial intelligence (AI) has advanced rapidly in recent years. While in 2023 it still consisted mainly of simple chatbots – with OpenAI’s ChatGPT being the prime example – it has evolved into an ecosystem of highly complex, autonomous systems. Today, companies are deploying AI applications across various business areas: from intelligent customer support chatbots and retrieval augmented generation (RAG) systems to fully autonomous AI agents that independently plan tasks, access tools, and make decisions.

MORE
mobile-application-cybersecurity-pentest

Improving the Security of Mobile Applications With Pentests According to MASVS

09/04/2026

Mobile applications have become an integral part of our daily lives and are growing increasingly important for businesses, especially in industries that handle highly sensitive data. A recent example from the banking sector illustrates this clearly: Over 10 % of the Swiss population now uses neo banks (linked page in German) – banks that typically interact with their customers exclusively through a single mobile application.

MORE
business-woman-in-office-data-center

Security Operations Center (SOC): Planning, Setup, and Operation

10/03/2026

The IT systems of modern companies are highly connected, distributed, and dynamic. Cloud services, SaaS applications, home office, different locations, and external partners expand digital value creation – but also increase the attack surface. Consequently, the number and complexity of cyberattacks are increasing, as are regulatory requirements and expectations for rapid response capabilities.

MORE
digital-success-graphic

Implementing Incident Response Management Successfully: 6 Decisive Success Factors

24/02/2026

Cyberattacks are on the rise – and they no longer only affect large corporations. Small and medium-sized enterprises (SMEs) are also increasingly becoming the target of cybercriminals. In the event of an emergency, a lack of processes, unclear responsibilities, or insufficient preparation often lead to delays, unnecessarily high costs, and considerable reputational damage.

MORE
incident-response-management

Incident Response Management: Why it Will Become Mandatory in 2026

24/02/2026

What was considered unlikely just a few years ago is a reality today: the majority of companies have already been affected by cyberattacks, many of them successfully. The question is therefore no longer whether a security incident will occur, but when it will happen and how resilient your company will be in responding to it through professional incident response management (IRM).

MORE
hacking-access-granted

Kerberoasting Made Easy – Efficient Methods for Hash Cracking

11/12/2025

It has now been over ten years since Tim Medin introduced the so-called Kerberoasting attacks. And even today, Kerberoasting remains a reliable attack technique against Microsoft Active Directory, which is often exploited by penetration testers and red teamers. With a valid domain account, the attack can be carried out in an Active Directory environment without extended privileges. Afterwards, an attempt can calmly be made to crack the passwords of service accounts offline.

MORE

Windows 11 Hardening With Intune: Methods and Recommendations for a Secure Environment

28/10/2025

The end of support for Windows 10 on 14 October 2025 has (hopefully) prompted many companies to migrate to Windows 11. In this context, it would also make sense to switch the device management to Microsoft Intune and manage the Windows 11 hardening policies there as well. With a properly configured hardening baseline, the attack surface of Windows systems can be significantly reduced.

MORE
username-password-access

Password Spraying: Procedure, Risks, and Protective Measures

09/09/2025

Password spraying and credential stuffing are among the most common methods used by attackers to gain unauthorized access to company systems. Compared to classical brute-force attacks, password spraying attacks are more difficult to detect. They deliberately exploit the human weakness for easy-to-remember passwords. In this article, we explain how these attacks work, what risks they pose, and what measures companies can take to protect themselves effectively.

MORE
Erhöhen Sie Ihre Cyber-Resilienz durch Purple Teaming

Purple Teaming: How to Strengthen Your Organization’s Cyber Resilience With Attack Simulations

11/08/2025

Purple teaming refers to the close cooperation between attacking (red team) and defending (blue team) security forces. Instead of acting independently, they jointly develop targeted attack scenarios, carry them out together, and analyze the results in direct exchange. This collaborative approach not only allows for vulnerabilities to be uncovered more efficiently but also addresses them directly with appropriate defensive measures.

MORE

PDF Phishing: How To Protect Yourself Effectively

12/06/2025

Did you know that PDF files often serve as a gateway for cyberattacks? These seemingly harmless documents can be infected with dangerous viruses that damage to your computer without you realizing it. Viruses often hide in PDF files to exploit security vulnerabilities and steal your sensitive data.

MORE

Perfect 10: Discovery of Critical IBM AIX NIM Vulnerabilities (CVE-2024-56346 & CVE-2024-56347)

05/05/2025

During a recent penetration test of an IBM AIX environment, I uncovered two critical vulnerabilities, including one that had gone unnoticed for almost 30 years. The identified flaws in the AIX Network Installation Manager (NIM) allow for remote command execution with root privileges — potentially compromising entire AIX infrastructures. In this blog post, I will walk you through the discovery of CVE-2024-56346 and CVE-2024-56347, the impact of these vulnerabilities, and the steps you should take to secure your systems.

MORE
tiber-dora-eu-regulation-oneconsult-cybersecurity

Enhancing Cyber Resilience Through Attack Simulations According to DORA and TIBER

05/05/2025

The Digital Operational Resilience Act (DORA) and the TIBER-EU framework work hand in hand to strengthen the cybersecurity and resilience of financial institutions in the EU—DORA sets the regulatory foundation, while TIBER-EU enables realistic, threat-led testing. Together, they promote a proactive approach to identifying and mitigating cyber risks. We spoke with two of our TIBER-experienced experts to explore what makes these tests unique, the challenges they pose, and why elements like social engineering and physical security are key factors.

MORE
cybersecurity-awareness-als-wichtiger-teil-des-isms-oneconsult

Cybersecurity Awareness as an Essential Part of Information Security

14/04/2025

In today’s cybersecurity threat landscape, it is no longer sufficient to rely on technical measures alone to ensure a company’s information security. From an organizational point of view, clear responsibilities and processes, as well as continuous testing of all these activities, are also required. Yet for cybersecurity, people are often the most vulnerable to attacks and this is precisely where cybersecurity awareness comes in: to train employees to recognize cyberattacks at an early stage and therefore to minimize the risks they pose to the company. This article explains why cybersecurity awareness is a central component of any Information Security Management System (ISMS), how organizations can benefit from appropriate awareness measures, and how important the engagement of top management is in this regard.

MORE
passkeys-warum passwoerter ausgedient haben

Passkeys: Why Passwords Have Probably Become Outdated

12/03/2025

An analysis of the most frequently lists of the most frequently used passwords shows that even today, passwords tend not to be very complex. This suggests that password managers, which would make it easier to create secure passwords, are rarely being used. As a consequence, many service providers rely on the addition of a second factor during the login process in order to reduce the dependency on the password. However, this solution is not an optimal measure as it does not fully address the problem of password security. A promising approach that could offer an alternative to passwords is the use of passkeys.

MORE
vulnerability management effizientes schwachstellenmanagement

Vulnerability Management: Efficient Management for Maximum Security

12/02/2025

Vulnerability Management is making waves again. Successful attacks requiring no user interaction are becoming more frequent once again. At the same time, the number of publicly known vulnerabilities is increasing from year to year. This raises the question of how these vulnerabilities can be detected and remedied as early as possible.

MORE
network penetration test

Network Penetration Test

15/01/2025

In an increasingly digitalized world, companies of all sizes and in all industries are at risk of cyberattacks. It is therefore crucial for businesses to prioritize network security in order to protect sensitive information and business processes. Every year, thousands of attacks on corporate networks are recorded, whether by hackers, insiders, or automated malware. The consequences of such attacks can be severe, including data loss, business interruptions, significant financial losses, and a loss of customer trust.

MORE
header-das-informationssicherheitsgesetz-isg-des-bundes-schweiz

Overview of the Federal Information Security Act

11/12/2024

With the Information Security Act* (Informationssicherheitsgesetz, ISG) coming into force on January 1, 2024, new standards for securing information and infrastructure were set in Switzerland. The law brings comprehensive innovation in the field of cybersecurity and strengthens the security of information and infrastructure at various levels, as well as cyber resilience in general. The ISG applies to both government authorities and private companies that are significant for the security of the federation. A particular focus is on operators of critical infrastructure. This article provides an overview of the main changes and requirements that the ISG brings.

MORE

All Categories
Active Directory / Entra ID
Attack Simulation / Red Teaming
Cybersecurity
Cybersecurity Awareness
Digital Forensics
Incident Response
IoT/OT-Security
News & Advisories
Penetration Testing

Vulnerability Management

Never miss the latest news about cybersecurity topics again? Subscribe to our Newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

  • What and who is affected?
  • Who discovered and reported the incident?
  • How and when was the incident noticed?
  • What did you observe?
  • What are you concerned about in connection with the incident?
  • What actions have already been taken?

For more information about our DFIR services here:

QR_CSIRT_2022_EN@2x
Add CSIRT to contacts

Don’t miss anything! Subscribe to our free newsletter.