OWASP Top 10:2021 – Nothing Really New?
18/03/2022
The Top 10 by OWASP (Open Web Application Security Project) show the ten most critical security vulnerabilities of web applications.
Browse through exciting articles, current news and helpful tips & tricks from our experts on all aspects of cybersecurity.
The Top 10 by OWASP (Open Web Application Security Project) show the ten most critical security vulnerabilities of web applications.
Ransomware has long been on everyone’s mind and part of daily news coverage. Oneconsult’s Digital Forensics and Incident Response specialists are regularly asked to present background information on such cyber attacks, discuss them and address the current threat situation. A central element is to show that all industries, company sizes and private individuals are affected by ransomware attacks and the associated risks.
From time to time, ships are blown off course, wrecked or, in the worst case, sink together with their cargo. The same can happen to the data that is sent over the Internet every day: It can deviate from its usual route and reach its destination in a big detour, but it can also end up with the wrong recipient altogether and thus be lost to the actual target – usually unintentionally, but in some cases also intentionally.
Alert fatigue refers to the phenomenon of cyber analysts being overloaded by the high number of alerts issued by security tools. This can lead to analysts overlooking or even ignoring alerts that indicate real attacks in the flood of false positives. This puts the security of the company in question at risk. Find out what the exact risks are and what measures you can take against them here.
Black Friday and Cyber Monday are not only popular with shoppers, but also with fraudsters. Here are 10 tips on how to protect yourself from such scams.
The main goal of Transport Layer Security (TLS) is to ensure confidentiality and integrity of communication channels. To meet this goal, servers should always be configured so that only cryptographic blocks recognized as “secure” can be used for TLS connections.
Is your company protected against cyberattacks? Have you implemented protective measures, but can’t determine exactly whether they are sufficient and also achieve the desired effect, or where there may still be a need?
IoTGoat is intentionally vulnerable software, like that found on routers for example.
Data leaks – incidents where unauthorized people have gained access to data collections – happen again and again. To prevent user passwords from being compromised in such a case, it is important that they are not simply stored in plain text. Instead, they should always be stored only “hashed”. This article explains which hash functions are suitable for this purpose.
Hardening IT systems is an important topic in cybersecurity. Many companies that are new to it are confronted with security incidents. Oneconsult’s Incident Response Team is dedicated to helping organizations manage such incidents.
Unwanted emails, SMS and other digital messages, also known as “spam”, are tiresome and unpleasant but also part of our everyday digital life. Nowadays, we all regularly receive unwanted messages (spam) that are not just advertising, but deliberately try to trick us into an action that can have far-reaching consequences.
by Sandro Affentranger This is the second article on passwords. Recommendations for strong passwords have hardly changed over the years. Only recently it has become clear that the recommendations made so far have created certain patterns that can be exploited by attackers – this has led to a paradigm shift in password policies. This article presents the results of a Password Quality Audit carried out by Oneconsult at an international industrial company. [read the German article]
by Sandro Affentranger This is the first instalment in a two-part series about passwords. Passwords have become indispensable these days. For a long time the recommendation was to make passwords as complex as possible – but lately this has changed: “Long instead of complex” is the new motto. This article introduces the topic and explains why passwords play such an important role. It discusses the risks associated with having passwords fall into the wrong hands, and identifies possible measures to assess and mitigate these risks. [read the German article]
by Yves Kraft The webinar explains and simulates two popular attacks on domain controllers in Windows environments. Link to Webinar: https://www.netwrix.com/dcshadow
Malware has become a common word understood by the average person. Whether it’s in the media, through fellow users, or because one’s own anti-virus software sets off an alarm, the term is regularly brought back into consciousness.
by Gregor Wegberg With the introduction of Certification Authority Authorization (CAA) domain holders can specify the Certificate Authorities authorized to issue certificates for the domain. This article in German explains CAA and its use.
Despite many known weaknesses and problems, passwords are ubiquitous. A new service, normally intended for geo-addressing, can be used to generate (reasonable) secure, easy to remember passwords. This article covers the mathematical basics as well as the pros and cons of this approach.
Article by Yves Kraft & Immanuel Willi Advanced Persistent Threats (APT) – Buzzword oder reale Bedrohung?
Article by Reto Vogt (PCtipp) Smarter Schutz: Sicherheits-Suiten für Android-Smartphones
Article by Dietmar Böhm (Phonak) Gesundheits-Check für die IT: Case Study Phonak/OneConsult
Article by Christoph Baumgartner & Jan Alsenz Die Reifeprüfung: Application Security Audit
Never miss the latest news about cybersecurity topics again? Subscribe to our Newsletter.
Don’t miss anything! Subscribe to our free newsletter.
Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).
Private individuals please contact your trusted IT service provider or the local police station.
For more information about our DFIR services here:
