Browse through our selection of IT security news, as well as presentations, television broadcasts, articles and press releases by or about Oneconsult.

We gladly support journalists and other media professionals free of charge in the field of information and IT security. Please contact Christoph Baumgartner (CEO) by phone +41 43 377 22 22 or by email We look forward to hearing from you!

Below you find a selection of presentations, television broadcasts, newspaper and magazine articles, as well as press releases by or about Oneconsult.

12 April 2021: Webinar on Techniques and Tools Used by Cybercriminals

In the Digicomp webinar „Techniques and Tools That Cybercriminals Use for Attacks“ (in German only), Yves Kraft, Branch Manager Bern and Senior Penetration Tester & Security Consultant, will explain which strategies cybercriminals pursue and why SMEs and private individuals are also increasingly targeted by attackers.

The DigiSnack webinar will take place on Monday, 12 April 2021, from 14:00 to 14:45.

Please check the Digicomp website for further information and registration.

OWASP Top 10 Proactive Controls – Part 1

by Lena Reitzle

You could say that the OWASP Top 10 Proactive Controls is a bit different from other better-known OWASP top ten lists – for example, the ten most critical risks for web applications (“OWASP Top 10”) or APIs (“OWASP API Security Top 10”) – because it goes beyond simply describing potential risks: The Proactive Controls are primarily aimed at developers and provide them with specific measures for developing secure applications. They also serve to raise awareness among developers of the immense importance of application security.

This first part of the two-part article describes Proactive Controls C1 through C5. The following second part will take a closer look at C6 through C10.

[read the German article]

New Article From Active Directory Series in Current Issue 02/2021 of iX Magazine

In the latest issue of iX magazine (02/2021) you can find the next part of the series of articles about Active Directory security by Frank Ully, Chief Technical Officer of Oneconsult Deutschland GmbH. The sixth article picks up on the last (iX 12/2020) and penultimate (iX 11/2020) article of the series and describes further ways for attackers to gain higher privileges in the Active Directory beyond the possibilities explained so far.

GPO Hardening Baseline: The Most Important GPO Settings for Hardening

by Marco Wohler

Hardening systems is always an issue. Many who are only starting to deal with it are affected by a security incident. Oneconsult helps companies to manage such incidents. In various incidents as well as in customer projects, a variety of problems with hardening could be identified. On the one hand, there is often a shortage of resources to review and adapt the many guides, tips and standards. On the other hand, the infrastructure has often already grown without hardening playing a role. This makes it difficult to implement hardening measures “just quickly”, since afterwards – almost guaranteed – a service will no longer run properly.

[read the German article]

Sunburst Hack: SolarWinds Orion Compromise

by Nadia Meichtry

Since the beginning of this week, one topic has been hitting the headlines: SolarWinds Orion IT monitoring and management software is currently being exploited by malicious attackers.

[read the German article]

09 December 2020: Recording of Netwrix Webinar “Explained by a Hacker”

In the webinar “Explained by a hacker: MS Teams and Office 365 as new targets for cyber criminals” (in German) by Yves Kraft, Branch Manager und Senior Penetration Tester & Security Consultant, you can learn more about possible attacks against MS Teams and Office 365 and how to protect yourself and your company against such attacks.

Click here to watch a recording of the webinar from 09 December 2020.

09 December 2020: Expert Talks at IT-Tage 2020 Conference

At this year’s IT-Tage conference, two of our cyber security experts will give talks. In his talk “Cyber Incidents: Preparing for an Emergency” (in German), Gregor Wegberg, Head of Digital Forensics & Incident Response, will explain how organizations can best prepare for cyber incidents and what they can learn from past incidents that other companies faced.

Gregor Wegberg’s talk will take place on 09 December 2020 from 13:00 to 13:45. Click here for further details.

Moreover, Frank Ully, CTO Oneconsult Deutschland GmbH, will present possible attacks on interfaces and measures against such attacks in his talk “OWASP API Security Top 10 – How APIs Are Attacked and How to Develop Securely” (in German).

Frank Ully’s talk is scheduled for 09 December 2020 from 15:00 to 15:45. For more information, click here.

The IT-Tage 2020 conference will be held as a remote conference from 07 to 10 December 2020.
Please see the IT-Tage 2020 website for further information and registration.

Straight Into the Corporate Network

by Fabian Murer

In information security circles, one topic has again been very present since last week: A vulnerability (CVE-2018-13379) in Fortinet’s well-known VPN software from 2019 is being actively exploited by hackers.

[read the German article]

24 November 2020: Web Seminar on Penetration Testing

On 24 November, the “ZD.B Themenplattform Cybersecurity” will host a web seminar on penetration testing together with the “Sicherheitsnetzwerk München”. Together with three other experts from the industry, Frank Ully, CTO of Oneconsult Deutschland GmbH, will explain for which organisations such tests are useful, what is the current technical standard of testing and what needs to be considered when selecting the right testers. Following the short talks, you will have the chance to direct your questions to the experts.

The web seminar will take place on 24 November from 16:00 to 17:30.

Click here for further information and registration.

Active Directory Article Series Continued in New Issue 12/2020 of iX Magazine

In the current issue of iX magazine 12/2020 Frank Ully, Chief Technical Officer of Oneconsult Deutschland GmbH, continues the previous article of the series and explains further methods how attackers can use previously collected data to gain higher privileges in the Active Directory.