by Nadia Meichtry
On 23 February 2021, VMware published a Security Advisory. It indicates that VMware vCenter Server is vulnerable to an RCE (Remote Code Execution) vulnerability that has been rated critical.
In the latest issue of iX magazine (02/2021) you can find the next part of the series of articles about Active Directory security by Frank Ully, Chief Technical Officer of Oneconsult Deutschland GmbH. The sixth article picks up on the last (iX 12/2020) and penultimate (iX 11/2020) article of the series and describes further ways for attackers to gain higher privileges in the Active Directory beyond the possibilities explained so far.
[more]
by Nadia Meichtry
Since the beginning of this week, one topic has been hitting the headlines: SolarWinds Orion IT monitoring and management software is currently being exploited by malicious attackers.
by Fabian Murer
In information security circles, one topic has again been very present since last week: A vulnerability (CVE-2018-13379) in Fortinet’s well-known VPN software from 2019 is being actively exploited by hackers.
In the current issue of iX magazine 12/2020 Frank Ully, Chief Technical Officer of Oneconsult Deutschland GmbH, continues the previous article of the series and explains further methods how attackers can use previously collected data to gain higher privileges in the Active Directory.
[more]
Learn more about how attackers use Active Directory to compromise the domain in a new article by Frank Ully, Chief Technical Officer of Oneconsult Deutschland GmbH, which has been published in the current issue (11/2020) of iX magazine.
[more]
As part of the KMU Digital Webinar Yves Kraft, Branch Manager and Senior Penetration Tester & Security Consultant, in cooperation with AXA demonstrated various threat scenarios for SMEs using multiple live hackings and explained why cyber security is becoming increasingly important for SMEs. [more]
Even if fundamental security risks such as cross-site scripting (XSS) or SQL injections are mitigated during application development, web applications and interfaces are susceptible to vulnerabilities.
In Java aktuell 01/2020, Senior Penetration Tester & Security Consultant Frank Ully writes about lesser known types of vulnerabilties in web applications and APIs (PDF; in German).
by Christoph Baumgartner & Tobias Ellenberger
Unfortunately, security incidents cannot always be avoided. To make sure you don’t get caught in the cold, this article published in the German magazine
Our IT security experts Jan Alsenz & Adrian von Arx have conducted an exciting hacking experiment: Attack on contactless cards. The experiment was broadcasted in the program “Kassensturz”. Click here to see the article: https://www.srf.ch/play/tv/sendung/kassensturz?id=78a6014e-8058-4bdd-88aa-824f846ca6f0 (1:16 min – 9:00 min)
Tobias Ellenberger, COO of Oneconsult AG speaks about “Cyber Risks and Incident Response – With Compliance to Responsiveness” at this year’s Excellence in Compliance event on June 6, 2019 in Zurich.
More information: https://www.zhaw.ch/de/sml/institute-zentren/zwh/tagungen/excellence-in-compliance/
(f/m, 100%): Your exciting new job at Oneconsult? If you are a native German speaker, we are looking for you to strengthen our top-flight cyber security team.
by Yves Kraft
The webinar explains and simulates two popular attacks on domain controllers in Windows environments. Link to Webinar: https://www.netwrix.com/dcshadow
FIRST is a global network of incident response and security teams dedicated to promoting collaboration and coordination in this area and actively sharing information among members to respond more effectively to security incidents. FIRST has actually more than 550 members in 95 countries.
Further information about FIRST can be found here: https://www.first.org/
You will find information about our services in this area under the following link: https://www.oneconsult.com/de/incident-response-it-forensics/
by Yves Kraft
Hacker explains how attackers can get into corporate networks unnoticed
“Company XYZ has been hacked!” – Why it can hit everyone and what to do against it
You can find the link to the Netwrix Webinar here: https://www.midrange.de/webcast/wie-angreifer-unbemerkt-in-unternehmensnetze-kommen/
(held in German)
They are the Studers and Sherlock Holmes watchmen of the digital age: after attacks, IT forensic experts collect evidence and try to find out what the attackers are up to.
IT forensics article in Computerworld by Jens Stark, based on an interview with Tobias Ellenberger, Chief Operating Officer at Oneconsult. The article has also been published by com! magazine.
Read the article in German
Thank you for the many visits to our booth at the it-sa Nuremberg!
The curiosity and the fun to hack our chocolate safe were great. Congratulations to all who succeeded!
According to CIO Bulletin, Oneconsult provides world-class cyber security services in the areas of Penetration Testing / Ethical Hacking, ISO 27001 Security Audits and Incident Response & IT Forensics.
Overview and here to the detailed report
Cyberattacks are now part of our daily lives. SMEs must therefore have a way to quickly determine whether their technical, organisational and staff-related measures can protect them adequately against cyber-risks. A high-calibre group of specialists has therefore developed a quick-check for this purpose. Oneconsult supports this useful quick check. Further information
And here is your direct link to the
Cybersecurity quick check for SME
OSSTMM – or in words – Open Source Security Testing Methodology Manual
Your advantages when using a de-facto standard for IT security assessments: OSSTMM trainer Yves Kraft’s (Oneconsult Bern) presentation on this topic
[more]
© ONECONSULT INTERNATIONAL AG. ALL RIGHTS RESERVED.