SEC Business Breakfast: Rapid help after a cyber attack

On 13. May 2019

Cybercrime has been a bitter reality and part of the everyday business life for some time. Stefan Prinz, head of SEC Defence, shed light on the world of hackers and their methods at the SEC Consult Business Breakfast in April 2019.

Unsung Heroes: What it really means to be successful in IT security

On 2. May 2019

Johannes Greil, Principal Security Consultant and head of the SEC Consult Vulnerability Lab gives an insight into the exciting world of security research.

Windows Privilege Escalation – an approach for penetration testers

On 18. Apr 2019

A pentesting expert reveals the necessary knowledge about Windows components and appropriate security mechanisms to perform attacks on the rights extension.

Pentesting: Benefits, Legal Compliance and Costs

On 8. Apr 2019

Vulnerabilities in everyday products such as smart appliances, routers and other connected devices often make the news and users start to question the underlying procedures (or lack thereof) to secure their private information. Learn how pentesting can be an important and efficient method to improve the security level of networks and various applications.

Reverse Engineering Architecture and Pinout of Custom ASICs

On 26. Feb 2019

Learn about the process of initial reverse engineering the pinout of unknown ASICs by using moderate methods. The two described ICs are good examples out of many industry-solutions and have been chosen to demonstrate how design decisions from vendors are made. The exploited potential leak of the supply-chain can be leveraged by a hardware reverse engineer to extract internal information about such systems.

One Hack of a Valentine: when IoT gets under your skin

On 14. Feb 2019

Smart sex toys are really no fun if hacked...

Cryptographic Vulnerabilities in German e-Government Library

On 5. Feb 2019

The OSCI-Transport Library is a software component used by many German government agencies to securely exchange data via the OSCI-Transport protocol. This Java library was susceptible to two attacks that could potentially allow an attacker to bypass some of the OSCI-Transport protocol's core security promises.

My name is Johann Wolfgang von Goethe – I can prove it

On 20. Nov 2018

The German government-issued identity card (nPA) allows German citizens to not only prove their identity in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications

Kitten of Doom – Why you should patch Skype for Business immediately

On 13. Nov 2018

Vulnerability in Skype for Business might lead to DoS attack (using a few hundred emojis) in unpatched clients. Update now!

Millions of Xiongmai Video Surveillance Devices Can be Hacked via Cloud Feature (XMEye P2P Cloud)

On 9. Oct 2018

All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud. This feature contains serious vulnerabilities that allow attacks on millions of devices, even ones that are behind firewalls.

Page 1 of 812 3 ›»

Application & System security

Process & Organisation

Awareness & Training

Defense & Prevention

Cyber emergency? Call +49 30 398 2027 77

Authorization Bypass Vulnerability in RSA NetWitness (CVE-2019-3724)

Cleartext message spoofing in Go Cryptography Libraries (CVE-2019-11841)

Unauthenticated SQL Injection vulnerability in OpenProject (CVE-2019-11600)