Browse through our selection of IT security news, as well as presentations, television broadcasts, articles and press releases by or about Oneconsult.

We gladly support journalists and other media professionals free of charge in the field of information and IT security. Please contact Christoph Baumgartner (CEO) by phone +41 43 377 22 22 or by email info@oneconsult.com. We look forward to hearing from you!

Below you find a selection of presentations, television broadcasts, newspaper and magazine articles, as well as press releases by or about Oneconsult.

How to Store Passwords Securely

by Sandro Affentranger

Data leaks – incidents in which unauthorized persons have gained access to data collections – occur from time to time. To prevent user passwords from being compromised in such a case, it is important that they are not simply stored in plain text. Instead, they should always be stored “hashed”. This article looks at which hash functions are suitable for this purpose.
[read the German article]

04 & 27 May 2021: Webinar “Explained by a Hacker – The Hunt for Privileged Accounts”

In the Netwrix webinar “Explained by a Hacker: The Hunt for Privileged Accounts (On-Prem & Cloud)”, Yves Kraft, Branch Manager Bern and Senior Penetration Tester & Security Consultant, uses exciting live hacking demos to demonstrate the methods attackers use to gain access to privileged accounts – both for classic on-premise services and cloud environments, which are becoming more and more popular.
[more]

New Article From Active Directory Series in 05/2021 Issue of iX Magazine

The eigth part of the article series, which is available in the 05/2021 issue of iX magazine, looks at Active Directory (AD) security from a new perspective: While the previous articles of the series dealt with possible attacks on the AD, Marco Wohler, Head of IT, now describes hardening measures that system administrators can use to increase the security of the Active Directory and protect it against such attacks.
[more]

DFIR, Simple: Who to Call in a Cyber Emergency?

by Gregor Wegberg

With so many various forms of IT incidents around, it is essential to know the right people and partners and to be able to contact them promptly when the first IT systems do not behave as expected. We regularly experience the positive impact that a simple contact list of key persons and partners which has been prepared in advance has on the course of information security incidents.
[read the German article]

Article in “Zürichsee-Zeitung”: How a Company Is Turned Upside Down by a Cyber Attack

The number of cyber attacks is steadily increasing. Once again, this is proven in the current issue of Zürichsee-Zeitung (30 March 2021, available in German only) featuring a family business that has been targeted by cybercriminals: A ransomware attack temporarily shut down their entire operation. Tobias Ellenberger, COO Oneconsult AG & Vice Chairman Oneconsult International AG, explains from the perspective of an experienced expert in this field why such attacks have become very common, what needs to be taken into account in the event of such an attack, and how a cyber security service provider can help companies prevent the worst case.
[more]

Article on Underestimated Cyber Risks in AXA’s Customer Magazine “Meine Firma”

SMEs are increasingly targeted by cybercriminals. In the current issue of “Meine Firma”, AXA’s customer magazine for SMEs, the head of an architecture firm, that was exposed to a ransomware attack, shares his experience. Tobias Ellenberger, COO Oneconsult AG & Vice Chairman Oneconsult International AG, assesses the situation from the perspective of a cyber security expert and explains why such incidents are not uncommon.
[more]

22 April 2021: betterCode API – Expert Talk on OWASP API Security Top 10

At the betterCode API 2021, Frank Ully, CTO Oneconsult Deutschland GmbH and Senior Penetration Tester & Security Consultant, will talk about possible attacks on APIs based on the OWASP API Security Top 10 and will explain which measures developers can take to protect against such attacks.
[more]

Article Series on Active Directory Security Continues in Latest Issue of iX Magazine

In the current issue 04/2021 of iX magazine, Yves Kraft, Branch Manager Bern and Senior Penetration Tester & Security Consultant, and Frank Ully, CTO Oneconsult Deutschland GmbH, continue the series of articles on Active Directory security. The latest article in the series provides an insight into how attackers can exploit insecure configurations and generously assigned rights, among other things, to first spread and then also gain persistence beyond the top-level layer (forest) – the actual security boundary of an Active Directory environment.
[more]

Zero-Day Vulnerabilities in Microsoft Exchange Actively Exploited – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 & CVE-2021-27065

by Nadia Meichtry

Four zero-day vulnerabilities in Microsoft’s Exchange email solution have been fixed through updates released by Microsoft on 2 March 2021. This affects Microsoft Exchange Server, but not Exchange Online. [1]

The vulnerabilities, three of which have been classified as critical, are actively exploited, most notably by the Chinese hacker group “Hafnium”. The attackers gained access to the servers and were thus able to exfiltrate credentials and emails. [2]

[read the German article]