Last Part of KAPE Tutorial Cover Topic in Current Issue of iX

In the current issue 10/2021 of iX magazine Gregor Wegberg, Head of Digital Forensics & Incident Response, completes his IT forensics tutorial series on “Kroll Artifact Parser and Extractor” (KAPE). In every cyberattack, software is executed at some point – this can be standard programs or malware. In any case, the execution leaves traces that can be used to analyse the course of an attack.
[more]

Oneconsult Deutschland GmbH Becomes AG

The former Oneconsult Deutschland GmbH becomes Oneconsult Deutschland AG. The conversion has already been completed.

With this step, the Oneconsult group is gearing up for further growth in line with its corporate strategy.
[more]

New iX With Part 3 of the IT Forensics Tutorial on KAPE

In the current issue 09/2021 of iX magazine, Gregor Wegberg, Head of Digital Forensics & Incident Response, presents further features of the “Kroll Artifact Parser and Extractor” (KAPE) in his IT forensics tutorial series: Cybercriminals often use manipulated malicious websites or files to gain initial access to a system for an attack. This leaves traces in the browsing history that can be analyzed using KAPE to determine where and when an attack began.
[more]

One Step Ahead of the Cybercriminals – Article for SMEs in “Applica” Magazine

Small and medium-sized enterprises (SMEs) are a popular target for cybercriminals. In the current isssue 07/2021 of Applica (available in German only), a magazine issued by the Swiss Painting and Plastering Contractor Association (SMGV), Tobias Ellenberger, COO Oneconsult AG & Vice Chairman Oneconsult International AG, provides an insight into the background and frequent attack methods and details protective measures for SMEs – as the impact of a successful cyber attack can be devastating.
[more]

New iX With Two Cover Topics From Oneconsult DFIR Team

The current issue 08/2021 of iX magazine features two cover topics from Oneconsult’s DFIR team (Digital Forensics & Incident Response): In part 10 of the Active Directory article series, Fabian Murer, Senior Digital Forensics & Incident Response Specialist, explains how logs efficiently complement hardening measures, which have already been implemented, to detect potential attacks in a timely manner. Moreover, Gregor Wegberg, Head of Digital Forensics & Incident Response, continues his IT forensics tutorial series and demonstrates how “Kroll Artifact Parser and Extractor” (KAPE), which has been introduced in the first article of the tutorial, can be used to analyse Autoruns artefacts in order to determine whether an attacker or malware has gained persistence on a system after a successful attack.
[more]

iX 07/2021 With New IT Forensics Tutorial

The current issue 07/2021 of iX magazine launches a new IT forensics tutorial series, in which Gregor Wegberg, Head of Digital Forensics & Incident Response, provides a detailed introduction to the Kroll Artifact Parser and Extractor (KAPE) in a total of four articles. KAPE is used in information security incidents to quickly gather relevant information for IT forensic analysis, which can then be used as the basis for assessing and managing the incident.
[more]

Case Study and Market Overview on Security Audits in Swiss IT Magazine

In the current issue 2021/06 of Swiss IT Magazine featuring security audits as central topic, a company for which Oneconsult performed such an audit shares its experiences. Moreover, the magazine contains a market overview with selected security audit providers, in which Oneconsult is also represented.
[more]

Remote Code Execution Vulnerability in Windows 10 and Windows Server – CVE-2021-31166

by Nadia Meichtry

On Patch Tuesday in May 2021, Microsoft fixed a total of 55 vulnerabilities in various Windows versions and applications. [1] Patch Tuesday occurs on the second Tuesday of each month. On this day, Microsoft releases patches or updates for their systems and products. [2]

Microsoft has classified CVE-2021-31166 as particularly dangerous. This remote code execution (RCE) vulnerability has a CVSS (Common Vulnerability Scoring System) score of 9.8 out of 10, affecting Windows 10 versions 2004 and 20H2 and Windows Server versions 2004 and 20H2. [3] A proof of concept for this vulnerability was published on 16 May 2021. [4]
[read the German article]

New Article From Active Directory Series in 05/2021 Issue of iX Magazine

The eigth part of the article series, which is available in the 05/2021 issue of iX magazine, looks at Active Directory (AD) security from a new perspective: While the previous articles of the series dealt with possible attacks on the AD, Marco Wohler, Head of IT, now describes hardening measures that system administrators can use to increase the security of the Active Directory and protect it against such attacks.
[more]

Article in “Zürichsee-Zeitung”: How a Company Is Turned Upside Down by a Cyber Attack

The number of cyber attacks is steadily increasing. Once again, this is proven in the current issue of Zürichsee-Zeitung (30 March 2021, available in German only) featuring a family business that has been targeted by cybercriminals: A ransomware attack temporarily shut down their entire operation. Tobias Ellenberger, COO Oneconsult AG & Vice Chairman Oneconsult International AG, explains from the perspective of an experienced expert in this field why such attacks have become very common, what needs to be taken into account in the event of such an attack, and how a cyber security service provider can help companies prevent the worst case.
[more]

Article on Underestimated Cyber Risks in AXA’s Customer Magazine “Meine Firma”

SMEs are increasingly targeted by cybercriminals. In the current issue of “Meine Firma”, AXA’s customer magazine for SMEs, the head of an architecture firm, that was exposed to a ransomware attack, shares his experience. Tobias Ellenberger, COO Oneconsult AG & Vice Chairman Oneconsult International AG, assesses the situation from the perspective of a cyber security expert and explains why such incidents are not uncommon.
[more]

Article Series on Active Directory Security Continues in Latest Issue of iX Magazine

In the current issue 04/2021 of iX magazine, Yves Kraft, Branch Manager Bern and Senior Penetration Tester & Security Consultant, and Frank Ully, CTO Oneconsult Deutschland GmbH, continue the series of articles on Active Directory security. The latest article in the series provides an insight into how attackers can exploit insecure configurations and generously assigned rights, among other things, to first spread and then also gain persistence beyond the top-level layer (forest) – the actual security boundary of an Active Directory environment.
[more]

Zero-Day Vulnerabilities in Microsoft Exchange Actively Exploited – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 & CVE-2021-27065

by Nadia Meichtry

Four zero-day vulnerabilities in Microsoft’s Exchange email solution have been fixed through updates released by Microsoft on 2 March 2021. This affects Microsoft Exchange Server, but not Exchange Online. [1]

The vulnerabilities, three of which have been classified as critical, are actively exploited, most notably by the Chinese hacker group “Hafnium”. The attackers gained access to the servers and were thus able to exfiltrate credentials and emails. [2]

[read the German article]

VMware vCenter Server Remote Code Execution Vulnerability – CVE-2021-21972

by Nadia Meichtry

On 23 February 2021, VMware published a Security Advisory. It indicates that VMware vCenter Server is vulnerable to an RCE (Remote Code Execution) vulnerability that has been rated critical.

[read the German article]

New Article From Active Directory Series in Current Issue 02/2021 of iX Magazine

In the latest issue of iX magazine (02/2021) you can find the next part of the series of articles about Active Directory security by Frank Ully, Chief Technical Officer of Oneconsult Deutschland GmbH. The sixth article picks up on the last (iX 12/2020) and penultimate (iX 11/2020) article of the series and describes further ways for attackers to gain higher privileges in the Active Directory beyond the possibilities explained so far.
[more]

Sunburst Hack: SolarWinds Orion Compromise

by Nadia Meichtry

Since the beginning of this week, one topic has been hitting the headlines: SolarWinds Orion IT monitoring and management software is currently being exploited by malicious attackers.

[read the German article]

Straight Into the Corporate Network

by Fabian Murer

In information security circles, one topic has again been very present since last week: A vulnerability (CVE-2018-13379) in Fortinet’s well-known VPN software from 2019 is being actively exploited by hackers.

[read the German article]

Active Directory Article Series Continued in New Issue 12/2020 of iX Magazine

In the current issue of iX magazine 12/2020 Frank Ully, Chief Technical Officer of Oneconsult Deutschland GmbH, continues the previous article of the series and explains further methods how attackers can use previously collected data to gain higher privileges in the Active Directory.
[more]

SMEs as Targets of Cyber Attacks

As part of the KMU Digital Webinar Yves Kraft, Branch Manager and Senior Penetration Tester & Security Consultant, in cooperation with AXA demonstrated various threat scenarios for SMEs using multiple live hackings and explained why cyber security is becoming increasingly important for SMEs. [more]