Certitude Blog – Certitude Consulting Blog

Kubernetes Security @ DeepSec Vienna 2021

Written by Anita Lukic on 07.02.202224.02.2022

On 18th and 19th of November 2021, the DeepSec security conference took place in Vienna to bring together the world's most renowned security professionals from ...

Ransomware Actor May Have Leaked Their Previous Victims

Written by Roman Ferdigg on 12.01.202212.01.2022

Recently we were tasked with investigating a ransomware attack case. We were able to reconstruct the likely attack vector and identify the data that was likely stolen ...

HTTP Header Injection in Citrix ADC and Citrix Gateway (CVE-2020-8300, CVE-2021-22927)

Written by Wolfgang Ettlinger on 30.11.202130.11.2021

We have discovered a vulnerability in Citrix products (Citrix ADC and Citrix Gateway) that allows an attacker to conduct header injection attacks. This would have ...

Unpatched Exchange servers distribute phishing links (squirrelwaffle)

Written by Peter Wagner on 29.11.202129.11.2021

Beginning of November a customer reached out to us. Internal and external users reported suspicious mails sent from their mail accounts, which included suspicious ...

The Invisible JavaScript Backdoor

Written by Wolfgang Ettlinger on 09.11.202119.01.2022

A few months ago we saw a post on the r/programminghorror subreddit: A developer describes the struggle of identifying a syntax error resulting from an invisible ...

RCE in GridPro Request Management for Windows Azure Pack (CVE-2021-40371)

Written by Giulian Guran on 21.10.202121.10.2021

We recently discovered a vulnerability in GridPro Request Management versions <=2.0.7905 for Windows Azure Pack by GridPro Software. The vulnerability was ...

Citrix ADC & Citrix Gateway Vulnerability CVE-2020-8300

Written by Wolfgang Ettlinger on 09.06.202130.11.2021

Update: Details regarding this vulnerability can be found here: https://certitude.consulting/blog/en/citrix-header-injection-2/ We have identified an issue in ...

DP API encryption ineffective in Windows containers: Publicly Available Cryptographic Keys (CVE-2021-1645)

Written by Marc Nimmerrichter on 16.03.202118.05.2021

We recently discovered a vulnerability in the DP API key management of Windows containers. This vulnerability was assigned CVE-2021-1645 by Microsoft [1] and ...

CSRF in JSF 2.0: Predicting CSRF Tokens for Apache MyFaces

Written by Wolfgang Ettlinger on 19.02.202118.05.2021

JavaServer Faces (JSF) is a commonly used server-side web framework. Developers appreciate its relative ease of use while security engineers appreciate its ready-made ...

Hacking Demonstration at FinTechWeek

Written by Natalie Müller on 07.06.202207.06.2022

Last Friday, Certitude was able to contribute to this year's FinTechWeek, an event organized by the Banking Association and the Vienna Business Agency, with ...

Kleine Zeitung – 25.05.2022

Written by Melchior Kistowski on 25.05.202230.05.2022

The six phases of a cyberattack This article is available in ...

Die Presse – 21.04.2022

Written by Ulrich Kallausch on 21.04.202225.04.2022

This article is available in ...

Certitude continues strong growth

Written by Anita Lukic on 12.04.202212.04.2022

Certitude Consulting, the specialist company for cyber security founded in 2019, is continuing on its growth course with the massive reinforcement of its ...