Election manipulation possible – SPÖ member survey vulnerable to hackers
This article is only available in ...
Read MoreArticles
Increase in Online-Fraud against Accounting
Certitude has noticed an increase in online fraud against the accounting departments of companies in Germany and Austria in the recent weeks. Attackers make customers ...
Read More
The dangers from across browser-windows
While browsing the web, your browser does its best to protect you along the way, but sometimes fails to do so, if not instructed properly by the website you ...
Read More
A Guide to Embedding Threat Modeling into Risk Management (Part 1)
Overview Showing the benefits of threat modeling to management less invested in cyber security topics is notoriously hard as the added value of security, in ...
Read More
Bypassing Web Application Firewalls
Web Application Firewalls (WAFs) are the go-to infrastructure components used to hinder attacks against web applications. What is it that WAFs really offer – can they ...
Read More
Certitude @ DeepSec 2022
Last week, November 17th and 18th, the DeepSec security conference took place in the Renaissance hotel in Vienna. With more than 50 talks and workshops content was ...
Read More
Bypass phishing detections with Google Translate
A new wave of phishing is currently circulating (a related story from derstandard.at newspaper can be found here). Documents are said to have been sent to you from a ...
Read More
Kubernetes Security @ WeAreDevelopers
The WeAreDevelopers World Congress is considered by many as Europe's flagship event for developers, bringing together an amazing community from software and ...
Read More
Novelties of NIS2
The Network and Information Security (NIS) Directive is the first EU-wide piece of cybersecurity legislation, whose primary objective is to achieve a high common ...
Read More
Kubernetes Security @ DeepSec Vienna 2021
On 18th and 19th of November 2021, the DeepSec security conference took place in Vienna to bring together the world's most renowned security professionals from ...
Read MoreRansomware Actor May Have Leaked Their Previous Victims
Recently we were tasked with investigating a ransomware attack case. We were able to reconstruct the likely attack vector and identify the data that was likely stolen ...
Read More
HTTP Header Injection in Citrix ADC and Citrix Gateway (CVE-2020-8300, CVE-2021-22927)
We have discovered a vulnerability in Citrix products (Citrix ADC and Citrix Gateway) that allows an attacker to conduct header injection attacks. This would have ...
Read More
Unpatched Exchange servers distribute phishing links (squirrelwaffle)
Beginning of November a customer reached out to us. Internal and external users reported suspicious mails sent from their mail accounts, which included suspicious ...
Read More
The Invisible JavaScript Backdoor
A few months ago we saw a post on the r/programminghorror subreddit: A developer describes the struggle of identifying a syntax error resulting from an invisible ...
Read More
RCE in GridPro Request Management for Windows Azure Pack (CVE-2021-40371)
We recently discovered a vulnerability in GridPro Request Management versions <=2.0.7905 for Windows Azure Pack by GridPro Software. The vulnerability was ...
Read More
Citrix ADC & Citrix Gateway Vulnerability CVE-2020-8300
Update: Details regarding this vulnerability can be found here: https://certitude.consulting/blog/en/citrix-header-injection-2/ We have identified an issue in ...
Read More
DP API encryption ineffective in Windows containers: Publicly Available Cryptographic Keys (CVE-2021-1645)
We recently discovered a vulnerability in the DP API key management of Windows containers. This vulnerability was assigned CVE-2021-1645 by Microsoft [1] and ...
Read More
CSRF in JSF 2.0: Predicting CSRF Tokens for Apache MyFaces
JavaServer Faces (JSF) is a commonly used server-side web framework. Developers appreciate its relative ease of use while security engineers appreciate its ready-made ...
Read More
trend PREMIUM – May 12th, 2023
In the current issue of Trend Magazin, Marc Nimmerrichter, Managing Partner of Certitude Consulting, reports on current cases of fraud that have resulted in damage of ...
Read MoreORF III – May 11th, 2023
Election manipulation in SPÖ member survey possible. Certitude uncovers possibilities for manipulation of the SPÖ member survey. Ulrich Kallausch, Managing Partner of C ...
Read MorederStandard.at – May 11th, 2023
Election manipulation in SPÖ member survey possible. Certitude uncovers possibilities for manipulation of the SPÖ member survey. derStandard.at has reported. This a ...
Read Morefuturzone – May 11th, 2023
Election manipulation in SPÖ member survey possible. Certitude reveals possibilities for manipulation of the SPÖ member survey. The online news portal Futurezone r ...
Read More