Multi-factor authentication (MFA) is often presented as THE solution against phishing attacks, since a second factor (e.g. a temporary one-time password) cannot be reused by attackers. Many companies and software vendors therefore require their employees and customers to use MFA. Microsoft has also changed its requirements for MFA for many of its Azure cloud services since October 2024, enforcing the use of a second factor without the option of disabling it. More services will follow in early 2025 (https://azure.microsoft.com/en-us/blog/announcing-mandatory-multi-factor-authentication-for-azure-sign-in/).

The first part of this blog post series Do you know your assets? introduced the importance of threat modeling for manufacturing companies as well as the CERTAINITY modeling technique and the underlying metamodel. This modeling technique enables comprehensive modeling and assessment of threats and risks based on three levels of abstraction.

This blog post discusses the CERTAINITY method of threat modeling for manufacturing companies, based on the data flow of the modeling technique.

Warum es sinnvoll und nutzbringend ist die eigene Infrastruktur mit distributed Dinal of Service Angriffe zu testen. Weiterlesen...

I took part at a webinar on “Fraud traps & fakes on the internet” organised by the Upper Austrian Chamber of Labour and was pleasantly surprised at how many people, even at an advanced age, also took part. I was so positively surprised that I would like to share a few thoughts on this. In today’s digital world, information security and cybersecurity are of crucial importance. But why should we be concerned with it at every stage of our lives? How can we protect ourselves from the many dangers we are exposed to every day on the internet or on other channels such as social engineering, fraud traps, etc.? In this article, I want to highlight the reasons for the importance of awareness in relation to information security and cybersecurity, as well as provide a few tips on how to protect yourself effectively.

Threat modeling is a practice in information security that involves identifying and evaluating threats and possible attack vectors during the design phase. This makes it possible to address the identified threats appropriately and at an early stage. This is particularly relevant for risk management, as decisions regarding risk acceptance or mitigation can be made on the basis of the risk assessment from the threat model.

In addition, the European Cyber Resilience Act and the IEC 62443 series of standards stipulate that a cybersecurity risk assessment or threat modeling must be carried out for products, software and hardware. In the course of threat modeling, the components of a product, the data flows between these components and external influences are evaluated with regard to potential risks. By carrying out this project step early on in the product development life cycle, it is possible to make design decisions based on the results and to mitigate the identified threats as far as possible with the help of a secure design.

Interview about the preparation and legal aspects of cyber incidents Weiterlesen...

The term OSINT stands for “Open Source Intelligence” and refers to the systematic systematic collection and analysis of freely available information. These These freely accessible sources of information include, for example databases, social media, (dark net/deep web) websites, online blogs, but of course offline content such as magazines, books or company flyers. company flyers.

The use of The use of publicly available sources to obtain information has a very long history and was already used over 100 years ago by secret services, security security organizations and resourceful entrepreneurs to gain an information advantage. information advantage.

Introduction

This security advisory addresses a vulnerability discovered during a recent forensics engagement. Our investigation together with ONEKEY revealed that the Mocor OS, running on UNISOC SC6531E devices, is susceptible to a clock fault injection attack, which poses a significant threat to user data security and privacy. Through this attack vector, an unauthorized user with physical to a device access can bypass the device’s user lock, gaining unrestricted access to the main screen and compromising the integrity of the system. Notably, this vulnerability arises from a flaw in the soft reset routine performed by the OS kernel, which lacks proper permission checks for user passwords, making feature/burner phones vulnerable to exploitation.

In Zeiten von Naturkatastrophen, Cyberangriffen und anderen Krisen ist es für Unternehmen unerlässlich, sich auf diese Bedrohungen bestmöglich vorzubereiten.

Business Continuity Management (BCM) und Resilienz sind zwei wesentliche Aspekte, um Unternehmen und Organisationen vor unvorhersehbaren Ereignissen, dies kann alles von Naturkatastrophen bis hin zu Cyberangriffen, umfassen, zu schützen und im Ernstfall das Unternehmen schnell wieder handlungsfähig zu machen. Es geht dabei nicht nur darum, eine Krise zu überstehen, sondern vor allem auch gestärkt daraus hervorzugehen.

In cooperation with the University of Innsbruck CERTAINITY is conducting an online survey to investigate how well-prepared companies are for the introduction of the European Cyber Resilience Act.

Our target audience are organizations and stakeholders being responsible for product development and ongoing maintenance. If your organization develops, sells or imports networked hardware or software products within the EU, you are a perfect candidate to participate in our study.

We highly appreciate it, if you take 10 to 15 minutes to share your expertise and participate in our survey. We will ask questions concerning your organization, the current state of your secure development and product vulnerability management processes as well as your current documentation practices.

The importance of exercises in IT security

While the saying "No plan survives first contact with the enemy" is certainly true, this fact rarely leads to resignation and surrender. Rather, attempts are made to keep the delta between plan and reality as small as possible, even after fine contact, through constant practice and training. Transferred to the preparation for IT security incidents (incident readiness), this means regularly and thoroughly practicing emergency plans, backup-restore processes, and the like. One way to do this is by conducting IT security exercises.

Introduction

As we already demonstrated through our recent advisories (Asus M25 NAS, Phoenix Contact, NetModule , Festo)  ONEKEY's "zero day identification" module is quite versatile when it comes to finding bugs in PHP, Lua, or Python code we find in firmware uploaded to ONEKEY's platform. However, we recently discovered that we were missing an interesting source for PHP taint analysis: PHP wrappers.

PHP comes with many built-in wrappers for various URL-style protocols for use with the filesystem functions such as fopen(), copy(), file_exists() and filesize(). They are sometimes used to read the content of HTTP requests or command line arguments by using php://input, php://stdin, or php://fd/0 (ok the last one is a bit far-fetched and came up when we discussed potential sources for the taint analysis, but you get the point :) ).

Introduction

This is the fourth security advisory we release together with ONEKEY that is related to the introduction of a “zero-day identification” module that performs static code analysis on proprietary applications found within firmware uploaded to ONEKEY's platform. You can find the first three here: Asus M25 NAS Vulnerability, Multiple Vulnerabilities in NetModule Routers, and Unauthenticated Configuration Export in Multiple WAGO Products.

Phoenix Contact is a manufacturer of industrial grade routers. The vulnerabilities identified within the web management interface allow authenticated users to execute arbitrary commands with elevated privileges or to access any file on the system.

Cyberangriffe gehören zu der weltweit am schnellsten wachsenden Form an Kriminalität. Ein guter Indikator für den aktuellen Zustand ist die Tatsache, dass laut Medienberichten die Versicherbarkeit von Unternehmen gegen Cyberangriffen deutlich schwerer geworden ist. Die Versicherer schrauben den erforderlichen Reifegrad an Sicherheit hoch. Und genau das wird die Ablöse der derzeit gängigen Self-Assessments durch qualifizierte Audits mit der Hinterlegung zwingend erforderlicher Evidenzen mit sich bringen.

Geschäftsführung ist in der Pflicht

Durch die Richtlinie (EU) 2022/2555 erfolgt eine wesentliche Erweiterung der betroffenen Unternehmen und deren Pflichten. Ab 2024 kann davon ausgegangen werden, dass in Österreich ca. 3.000 Unternehmen, unterteilt in 16 Sektoren, ab 50 Mitarbeitern und 10 Mio. EUR Umsatz, nachweislich Cybersecurity Maßnahmen umsetzen müssen. Die nationale Gesetzgebung wird die Überprüfung der Einhaltung der Mindeststandards übernehmen und in weiterer Folge Geschäftsführer von Betreibern kritischer Infrastrukturen in die Pflicht nehmen.

Introduction

This is the third security advisory we release in cooperation with ONEKEY that is related to the introduction of a “zero-day identification” module that performs static code analysis on proprietary applications found within firmware uploaded to ONEKEY’s platform.

NetModule is an Original Equipment Manufacturer of industrial grade routers. The vulnerabilities identified within the web management interface allow authenticated users to execute arbitrary commands with elevated privileges or to access any file on the system.