Browse through exciting articles, current news and helpful tips & tricks from our experts on all aspects of cybersecurity.
Security headers are an important component of the security of any modern web application. Although this measure is relatively easy to implement, the security headers of many applications are incomplete or incorrectly configured.
In the digital world, we are exposed to various threats every day. One of the most sophisticated and effective attacks is spear phishing. Unlike regular phishing attacks, where cybercriminals send mass emails hoping to deceive a few users, spear phishing targets specific individuals or organizations.
Purple teaming results from the merging of the red (team) and the blue (team) and illustrates how the two teams work together to improve the cyber security of an organization. This is achieved through a cooperation between the two teams, where attack scenarios are discussed, carried out, and analyzed jointly by both teams.
The Internet of Things (IoT) is omnipresent, connecting more and more physical devices with the digital world. Nevertheless, the topic of IT security is neglected in the process. Weak passwords are “hardcoded”, data is transmitted unencrypted, and many devices are accessible from the Internet.
The vast majority of companies nowadays use Windows and therefore Active Directory. The default settings are often designed for functionality rather than security. Also, when an environment has grown over the years, misconfigurations can easily creep in. In addition, weak passwords also compromise its security. All this can make it easy for attackers once initial access to the Active Directory is gained.
Preparation with a comprehensive checklist is central to managing a cyber incident. To ensure that nothing is forgotten during the stressful situation, all departments of a company must be informed about their tasks and duties in advance.
So-called DDoS attacks (Distributed Denial of Service) on IT infrastructures are on the rise – even authorities and critical infrastructures are affected. Can the SCION technology developed in Switzerland prevent the shutdown of Internet services in the future?
Cloud security remains a hot topic as the trend towards cloud services continues to grow. This article presents the key findings of three cloud security reports.
SQL injections are a widespread type of vulnerability in websites, which have high damaging potential. This article is exactly about this type of injections and shows what they are, why they can occur and how they can be fixed.
Continous Integration (CI) and Continous Deployment (CD) have become important components of software engineering in recent years. Automation enables development teams to deploy new features and updates quickly and efficiently. However, the use of CI/CD also poses some security risks that must be considered. The OWASP Top 10 CI/CD Security Risks provide an overview of the most common risks and suggests ways to overcome them.
It’s hard to imagine today’s business world without LinkedIn as a social platform. Whether it’s sharing posts, networking with business partners, or acquiring new talent, LinkedIn is often the tool of choice. True to the idea of see and be seen. Anyone who wants to be successful strives for attention, recognition, and reach. This phenomenon also attracts scammers who take advantage of members’ open disclosure. Such fake profiles can have unpleasant consequences for companies. Find out what these consequences are and how you can protect yourself from them in this article.
Attackers use batch files to automate and speed up their work because they allow the execution of multiple commands. This way, the attacker does not need to provide any manual input but just needs to execute the malicious script on the victim’s system.
Batch files are an essential tool many users and administrators use to perform automated tasks. However, attackers also use these batch files to execute malicious commands on a system. To avoid detection by antivirus software, batch files are obfuscated.
May 4, 2023 is World Password Day. This day takes place every year on the first Thursday in May and aims to raise awareness about the importance of secure passwords. The aim is to educate about best practices in password management and encourage people to take steps to improve the security of their online accounts.
Ransomware is currently what everybody is talking about. Everyone fears becoming a victim and bearing the consequences for their reputation as well as the financial impact of it.
As Microsoft services move to the cloud, Azure Active Directory (Azure AD) and Microsoft 365 (M365) are becoming popular targets for attackers. Threat hunting can help uncover signs of compromise early on.
The international standard ISO/IEC 27001 is a fundamental standard for information security. It defines requirements for establishing, implementing, and maintaining an information security management system (ISMS) and serves as the basis for certification.
When you think of going on holiday, the first thing that comes to mind is relaxation. You leave the stress of everyday life behind and just want to enjoy the days off. Unfortunately, even on holiday you are not safe from scammers, and awareness is key in protecting yourself.
Vulnerability scanners are often used during security audits. The goal: to be one step ahead of the cybercriminals!
A bug bounty program and a penetration test are both important measures to improve the security level of a system. However, there are important differentiators between the two that need to be understood before deciding which one to use.
Learn about the most common initial attack vectors and their protection recommendations.
Never miss the latest news about cybersecurity topics again? Subscribe to our Newsletter.
Don’t miss anything! Subscribe to our free newsletter.
Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).
Private individuals please contact your trusted IT service provider or the local police station.
For more information about our DFIR services here:
