One Hack of a Valentine: when IoT gets under your skin
- On 14. Feb
Smart sex toys are really no fun if hacked...
Read More
Cryptographic Vulnerabilities in German e-Government Library
- On 5. Feb
The OSCI-Transport Library is a software component used by many German government agencies to securely exchange data via the OSCI-Transport protocol. This Java library was susceptible to two attacks that could potentially allow an attacker to bypass some of the OSCI-Transport protocol's core security promises.
Read More
My name is Johann Wolfgang von Goethe – I can prove it
- On 20. Nov
The German government-issued identity card (nPA) allows German citizens to not only prove their identity in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications
Read More
Kitten of Doom – Why you should patch Skype for Business immediately
- On 13. Nov
Vulnerability in Skype for Business might lead to DoS attack (using a few hundred emojis) in unpatched clients. Update now!
Read More
Millions of Xiongmai Video Surveillance Devices Can be Hacked via Cloud Feature (XMEye P2P Cloud)
- On 9. Oct
All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud. This feature contains serious vulnerabilities that allow attacks on millions of devices, even ones that are behind firewalls.
Read More
GovWare 2018: The Internet was built to outlast nuclear war but fails at smart toasters
- On 24. Sep
SEC Consult, CyberTrap and IoT Inspector showcased their consulting services around information security, reaching from penetration testing, source code review, red teaming, and ISO27001 ISMS implementation to security awareness trainings by the SEC Academy
Read More
Solutions for the Google CTF 2018 Hacking Contest
- On 10. Sep
Google CTF is a hacking competition in the style of Capture-the-Flag, which has been going on for many years. Here are a few inputs on how to master it.
Read More
IT Project Assistant for Cyber Security (f/m)
- On 13. Jul
Vienna - Munich - from 20 hours per week (or full time)
Read More
Application Security Monitoring: The one thing companies claim not to have a budget for
- On 25. Jun
Time is money and money obviously is what keeps a company running. Up until the very moment it doesn’t: product releases get postponed, stakeholders leave and so does your window of opportunity to conquer the market. If you can’t think of a way to fix it, it is time to start over.
Read More
True Story: The Case of a Hacked Baby Monitor (Gwelltimes P2P Cloud)
- On 21. Jun
Some time ago, a case about a hacked baby monitor made the news in the US. A mother claimed someone had taken control over the device and surveilled her baby. SEC Consult investigated the issue at a technical level. How it all started Earlier this month, news articles surfaced (Daily Mail, ABC News, NPR) on a case […]
Read More