News & Advisories

With the Digital Operational Resilience Act (DORA), the EU has created a sector-wide regulation regarding cybersecurity, ICT risks and digital operational resilience for the finance industry. It will come into force in January 2023 and must be complied with by January 17, 2025.

In 2023, Oneconsult has been added to the official list of qualified APT response service providers of the German Federal Office for Information Security (BSI). This list helps organizations select suitable providers for IT forensic services and cyber incidents.

In the ever-growing digital era, the security of company data is of paramount importance. Choosing the right password manager plays a crucial role.

In an increasingly digital world where the security of corporate data is a top priority, every organization faces the challenge of protecting sensitive information from cyber threats. We are all familiar with the dilemma of having to remember long and complex passwords.

Security headers are an important component of the security of any modern web application. Although this measure is relatively easy to implement, the security headers of many applications are incomplete or incorrectly configured.

So-called DDoS attacks (Distributed Denial of Service) on IT infrastructures are on the rise – even authorities and critical infrastructures are affected. Can the SCION technology developed in Switzerland prevent the shutdown of Internet services in the future?

SQL injections are a widespread type of vulnerability in websites, which have high damaging potential. This article is exactly about this type of injections and shows what they are, why they can occur and how they can be fixed.

Continous Integration (CI) and Continous Deployment (CD) have become important components of software engineering in recent years. Automation enables development teams to deploy new features and updates quickly and efficiently. However, the use of CI/CD also poses some security risks that must be considered. The OWASP Top 10 CI/CD Security Risks provide an overview of the most common risks and suggests ways to overcome them.

Do you like listening to podcasts? Get to know the best five cyber security podcasts.

Computers often have strange behavior that cannot always be explained right away. Just because a laptop worked flawlessly the night before does not mean that problems won’t pop up out of nowhere the next day. In most cases, these are minor problems that can be solved quickly. However, it can also happen that the computer suddenly does not boot up at all and hangs during startup.

The main goal of Transport Layer Security (TLS) is to ensure confidentiality and integrity of communication channels. To meet this goal, servers should always be configured so that only cryptographic blocks recognized as “secure” can be used for TLS connections.

Data leaks – incidents where unauthorized people have gained access to data collections – happen again and again. To prevent user passwords from being compromised in such a case, it is important that they are not simply stored in plain text. Instead, they should always be stored only “hashed”. This article explains which hash functions are suitable for this purpose.

APTs have a lot of media coverage, especially when a well-known organization became its victim and the resulting damage is huge. However, the threats most companies face on a daily basis were not deployed by powerful organizations but by common cyber criminals that are mostly interested in earning money not knowledge. This article gives advice on effective countermeasures.