Blog
We are happy to share our knowledge!
Latest posts
Can an external party infiltrate a bank’s headquarters? A test report
In an increasingly digitalized and networked world, the security of banking institutions is constantly being put to the test. But what about physical security? Can outsiders really break into a bank's headquarters? We tested exactly that and examined five German banks...
Penetration test assignment: What to consider?
What to look for when commissioning Penetration test should pay attention The threat posed by cybercriminals is steadily increasing in Germany. According to the annually published so-called Bundeslagebild Cybercrime of the Federal Criminal Police Office (BKA), the...
Follina Zero-Day Vulnerability (CVE-2022-30190)
On 05/27/2022, security researchers from the group nao_sec warned about a vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT). The vulnerability, named "Follina". CVE-2022-30190 , allows attackers to execute arbitrary Powershell commands and thus,...
Insight into the economics of information security from the perspective of Ross Anderson, Tyler Moore et al.
Does information security still make sense at all or is it enough to comply with the legal requirements? What is behind the concept of ISMS?We look behind the facades and into the reasons why companies are so reluctant to approach security concepts pragmatically and...
Why NIST’s Risk Management Framework and Cybersecurity Framework also offer potential for Germany
The information security landscape around the world is relatively diverse with different approaches and standards, but one country in particular stands out: Germany. While other countries rely on the American standards published by NIST (National Institute for...
Marriott – The Starwood Hack and Rapid Recovery
Last week, CEO Arne Sorensen had issued a statement and described new details about the leak at Marriott: On Nov. 30, 2018, investigators had found that 383 million customer records, 18.5 million passwords, 5.25 million passport numbers, 9.1 million encrypted credit...
The Overlooked Danger: Selection of Security Controls
There are so many fast routes to establish security management as well as controls that the risks of going by the book might be overlooked. It is easy to use frameworks, standards like ISO 27001 or other regulatory requirements and never get into the habit of...