Browse through exciting articles, current news and helpful tips & tricks from our experts on all aspects of cybersecurity.
With the Digital Operational Resilience Act (DORA), the EU has created a sector-wide regulation regarding cybersecurity, ICT risks and digital operational resilience for the finance industry. It will come into force in January 2023 and must be complied with by January 17, 2025.
In 2023, Oneconsult has been added to the official list of qualified APT response service providers of the German Federal Office for Information Security (BSI). This list helps organizations select suitable providers for IT forensic services and cyber incidents.
In the ever-growing digital era, the security of company data is of paramount importance. Choosing the right password manager plays a crucial role.
In an increasingly digital world where the security of corporate data is a top priority, every organization faces the challenge of protecting sensitive information from cyber threats. We are all familiar with the dilemma of having to remember long and complex passwords.
Security headers are an important component of the security of any modern web application. Although this measure is relatively easy to implement, the security headers of many applications are incomplete or incorrectly configured.
So-called DDoS attacks (Distributed Denial of Service) on IT infrastructures are on the rise – even authorities and critical infrastructures are affected. Can the SCION technology developed in Switzerland prevent the shutdown of Internet services in the future?
SQL injections are a widespread type of vulnerability in websites, which have high damaging potential. This article is exactly about this type of injections and shows what they are, why they can occur and how they can be fixed.
Continous Integration (CI) and Continous Deployment (CD) have become important components of software engineering in recent years. Automation enables development teams to deploy new features and updates quickly and efficiently. However, the use of CI/CD also poses some security risks that must be considered. The OWASP Top 10 CI/CD Security Risks provide an overview of the most common risks and suggests ways to overcome them.
A bug bounty program and a penetration test are both important measures to improve the security level of a system. However, there are important differentiators between the two that need to be understood before deciding which one to use.
Do you like listening to podcasts? Get to know the best five cyber security podcasts.
Computers often have strange behavior that cannot always be explained right away. Just because a laptop worked flawlessly the night before does not mean that problems won’t pop up out of nowhere the next day. In most cases, these are minor problems that can be solved quickly. However, it can also happen that the computer suddenly does not boot up at all and hangs during startup.
From time to time, ships are blown off course, wrecked or, in the worst case, sink together with their cargo. The same can happen to the data that is sent over the Internet every day: It can deviate from its usual route and reach its destination in a big detour, but it can also end up with the wrong recipient altogether and thus be lost to the actual target – usually unintentionally, but in some cases also intentionally.
The main goal of Transport Layer Security (TLS) is to ensure confidentiality and integrity of communication channels. To meet this goal, servers should always be configured so that only cryptographic blocks recognized as “secure” can be used for TLS connections.
Data leaks – incidents where unauthorized people have gained access to data collections – happen again and again. To prevent user passwords from being compromised in such a case, it is important that they are not simply stored in plain text. Instead, they should always be stored only “hashed”. This article explains which hash functions are suitable for this purpose.
by Sandro Affentranger This is the second article on passwords. Recommendations for strong passwords have hardly changed over the years. Only recently it has become clear that the recommendations made so far have created certain patterns that can be exploited by attackers – this has led to a paradigm shift in password policies. This article presents the results of a Password Quality Audit carried out by Oneconsult at an international industrial company. [read the German article]
by Sandro Affentranger This is the first instalment in a two-part series about passwords. Passwords have become indispensable these days. For a long time the recommendation was to make passwords as complex as possible – but lately this has changed: “Long instead of complex” is the new motto. This article introduces the topic and explains why passwords play such an important role. It discusses the risks associated with having passwords fall into the wrong hands, and identifies possible measures to assess and mitigate these risks. [read the German article]
by Yves Kraft The webinar explains and simulates two popular attacks on domain controllers in Windows environments. Link to Webinar: https://www.netwrix.com/dcshadow
Article by Yves Kraft & Immanuel Willi Advanced Persistent Threats (APT) – Buzzword oder reale Bedrohung?
Article by Reto Vogt (PCtipp) Smarter Schutz: Sicherheits-Suiten für Android-Smartphones
Article by Dietmar Böhm (Phonak) Gesundheits-Check für die IT: Case Study Phonak/OneConsult
Article by Christoph Baumgartner & Jan Alsenz Die Reifeprüfung: Application Security Audit
Never miss the latest news about cybersecurity topics again? Subscribe to our Newsletter.
Don’t miss anything! Subscribe to our free newsletter.
Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).
Private individuals please contact your trusted IT service provider or the local police station.
For more information about our DFIR services here:
