Deanonymization of Lithuanian e-signature users

On 16. Sep 2020

In 2020, remote work and digital access to public services have become the new normal. Lithuanian citizens have multiple options for accessing different public services and signing documents online.

FIDO2 for Microsoft Online Accounts / Azure AD

On 17. Aug 2020

Nowadays a secure password doesn't necessarily mean your account is safe.

Code Injection in SAP Application Server ABAP – Solution Tools Plugin ST-PI

On 12. Aug 2020

As one of the largest business software providers, SAP SE products are widely used by companies in all industry sectors all over the world. Vulnerabilities in the core solutions from SAP SE can affect the heart of corporate IT infrastructures.

Ad-Hoc Log Management in case of Emergency (SEC Defence)

On 30. Jul 2020

High visibility on all company systems is essential to ensure the correct detection, analysis and handling of any unauthorized or malicious activities.

Security Requirements Engineering – Reaching Mastery

On 8. Jul 2020

If you are serious about secure software development, you must be eager to establish security requirements engineering as the backbone of you SSDLC. Once you have reached mastery in this discipline, many of the benefits will arise organically from the underlying process and continuous improvement is already built in. Are you ready to build upon the fundamentals?

Creating Active Directory Labs for Blue and Red Teams

On 1. Jul 2020

Nowadays most enterprises are using Active Directory for building their internal infrastructure. Therefore, it is important to understand common pitfalls and how to detect adversarial activities in the network.

Security Requirements Engineering – The backbone of your SSDLC

On 23. Jun 2020

In secure software development, not all security activities are born equal. That is especially true when it comes to security requirements engineering.

A deep dive into Secure Software Development based on OWASP SAMM

On 15. Jun 2020

Secure Software Development is one of the key processes that will have a lasting impact on software assurance. Investing in secure software development will help us create more resilient and robust systems in the long run, and that's a goal worth striving for.

Patch Immediately: Critical Vulnerability in SAP® ABAP systems (CVE-2020-6262)

On 13. May 2020

SEC Consult Vulnerability Lab discovered a critical code injection vulnerability (CVE-2020-6262) with a CVSSv3 Score of 9.9 in SAP® Service Data Download (a part of the SAP® Solution Manager Plugin ST-PI).

First Virtual OWASP Vienna Chapter Meeting: Secure Software Development with OWASP SAMM

On 23. Apr 2020

On 2020-04-20, the first virtual meeting of the OWASP Vienna chapter took place. I (Thomas Kerbl - SEC Consult) was invited to talk about my experiences with Secure Software Development based on OWASP SAMM, the Security Assurance Maturity Model.

Page 1 of 1112 3 ›»

Application & System security

Process & Organisation

Awareness & Training

Defense & Prevention

Cyber emergency? Call +49 30 398 2027 77

Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W

Multiple Vulnerabilities in ZTE mobile Hotspot MS910S (CVE-2019-3422)

Extensive file permissions on service executable in Eikon Thomson Reuters (CVE-2019-10679)