If you're building or selling digital products in the EU, now’s the time to act. As we covered in our previous article “Cyber Resilience Act Passed – What’s Coming for ...
Read MoreCertitude carried out the technical security testing of smart radiator thermostats on behalf of the Federal Ministry for Information Security (BSI). The study that ...
Read MoreThis article is a commentary on the assessment of current political developments and their impact on cyber security and Europe by Florian Schweitzer and Marc ...
Read MoreOn October 26, 2024, our colleague Wolfgang Ettlinger presented an eye-opening talk at BSides Berlin titled, "Can an Attacker with Full Control Over a UPS's ...
Read MoreThe Cyber Resilience Act (CRA) is an EU regulation for security in hardware and software products with digital elements, which was adopted by the Council of the Eur ...
Read MoreWe are extremely pleased to announce that our employee Yvonne was recently elected to the board of Women4Cyber Austria! Women4Cyber is a non-profit organis ...
Read MoreWe were very pleased with the good exchange at the 26th OpenShift user meeting on September 10, 2024! Together with Michael Hauenschild and Edvin Seferovic from the ...
Read MoreIn this post we will explore some of the anti-phishing measures employed by Microsoft 365 (formally Office 365) as well as their weaknesses. Certitude was able to ...
Read MoreLastPass was susceptible to a clickjacking attack. By intercepting traffic, an attacker would have been able to harvest login credentials of LastPass users. LastPass ...
Read MoreSource: https://commons.wikimedia.org/wiki/File:Blue_screen_of_death_on_a_Dell_laptop.jpg (cropped) Last Friday, a faulty software update to the anti-malware ...
Read MoreCompanies that work with US health data must be “HIPAA compliant.” This is not limited to those based in the USA, but to all companies and subcontractors that come ...
Read MoreAs in previous years, the "Austrian Platform Engineering Community" event took place on May 16, 2024, at the BRZ. The one-day event, organized in cooperation with ...
Read MoreSummary of the Austrian national NIS2 draft law from 03.04.2024 This article is only available in ...
Read MoreRequirements from NIS2 (critical infrastructures) for manufacturing companies and operators of essential services as well as specific requirements for information ...
Read MoreThis second installment in our series takes a fresh look at defenses against social engineering that leverage AI technology. As we delve into strategies for both ...
Read MoreOn the 8 of December 2023 the second batch of RTS (Regulatory Technical Standards) & ITS (Implementation Technical Standards) was released. These documents ...
Read MoreAlexander Hurbean and Wolfgang Ettlinger @ Deepsec 2023© DeepSec - Joanna Pianka The latest DeepSec security conference brought great minds together again from the ...
Read MoreCloudflare customer-configured protection mechanisms (e.g., Firewall, DDoS prevention) for websites can be bypassed due to gaps in cross-tenant security controls ...
Read MoreOn September 21st 2023, Certitude and Red Hat jointly held a webinar on the topic of OpenShift security. In the webinar titled "Wie OpenShift die häufigsten ...
Read MoreSubdomain Hijacking presents a concerning scenario where attackers take control of websites hosted on subdomains owned by reputable organizations, enabling them to ...
Read MoreAs we explore the capabilities of modern AI in assisting us across both our personal and professional lives, malicious actors too are investigating its potential uses ...
Read MoreDuring a very short security test, Certitude identified two vulnerabilities in the firmware of IBM Spectrum Virtualize, a storage solution by IBM. One of these ...
Read MoreThe WeAreDevelopers World Congress is regarded by many as Europe's flagship conference for developers and brings together an impressive community of software and ...
Read MoreThis article is only available in ...
Read MoreCertitude has noticed an increase in online fraud against the accounting departments of companies in Germany and Austria in the recent weeks. Attackers make customers ...
Read MoreWhile browsing the web, your browser does its best to protect you along the way, but sometimes fails to do so, if not instructed properly by the website you ...
Read MoreOverview Showing the benefits of threat modeling to management less invested in cyber security topics is notoriously hard as the added value of security, in ...
Read MoreWeb Application Firewalls (WAFs) are the go-to infrastructure components used to hinder attacks against web applications. What is it that WAFs really offer – can they ...
Read MoreLast week, November 17th and 18th, the DeepSec security conference took place in the Renaissance hotel in Vienna. With more than 50 talks and workshops content was ...
Read MoreA new wave of phishing is currently circulating (a related story from derstandard.at newspaper can be found here). Documents are said to have been sent to you from a ...
Read MoreThe WeAreDevelopers World Congress is considered by many as Europe's flagship event for developers, bringing together an amazing community from software and ...
Read MoreThe Network and Information Security (NIS) Directive is the first EU-wide piece of cybersecurity legislation, whose primary objective is to achieve a high common ...
Read MoreOn 18th and 19th of November 2021, the DeepSec security conference took place in Vienna to bring together the world's most renowned security professionals from ...
Read MoreRecently we were tasked with investigating a ransomware attack case. We were able to reconstruct the likely attack vector and identify the data that was likely stolen ...
Read MoreWe have discovered a vulnerability in Citrix products (Citrix ADC and Citrix Gateway) that allows an attacker to conduct header injection attacks. This would have ...
Read MoreBeginning of November a customer reached out to us. Internal and external users reported suspicious mails sent from their mail accounts, which included suspicious ...
Read MoreA few months ago we saw a post on the r/programminghorror subreddit: A developer describes the struggle of identifying a syntax error resulting from an invisible ...
Read MoreWe recently discovered a vulnerability in GridPro Request Management versions <=2.0.7905 for Windows Azure Pack by GridPro Software. The vulnerability was ...
Read MoreUpdate: Details regarding this vulnerability can be found here: https://certitude.consulting/blog/en/citrix-header-injection-2/ We have identified an issue in ...
Read MoreWe recently discovered a vulnerability in the DP API key management of Windows containers. This vulnerability was assigned CVE-2021-1645 by Microsoft [1] and ...
Read MoreJavaServer Faces (JSF) is a commonly used server-side web framework. Developers appreciate its relative ease of use while security engineers appreciate its ready-made ...
Read MoreDuring a security assessment of Bolt, an open-source content management system, it was discovered that temporary files are used insecurely when uploading an avatar ...
Read MoreMarc Nimmerrichter, Managing Partner at Certitude, warns in an article by "Die Presse" of March 13, 2025, against Europe's excessive dependence on the US cloud ...
Read MoreA commentary by Managing Partner Marc Nimmerrichter on the dangerous dependence of European organizations from US clouds in the Börsianer magazine. This article is ...
Read More
