Cooperation: Corporate Trust & HanseSecure
We are pleased to introduce our colleagues from“Corporate Trust Business Risk & Crisis Management GmbH” as our first technical partner since 26.04.2021: Here is a brief presentation of our new colleagues: Corporate Trust Corporate Trust is your strategic partner in risk and crisis management. As a management consultancy for security services, we support companies, organizations […]
Talk: GO Business No. 175
Good digitization. Evil digitization. After having given my last presentation at a GoBusiness event 4 years ago by now, I am very happy to have been invited again. This time there is no live hack, but the content is all the more exciting 😉If someone still has time & desire to be there on 29.04.2021: […]
Talk: IT security management in insurance companies
I am very pleased to be able to give a presentation on 07.05.2021 at the web conference for IT security management in insurance companies. The group of participants consists of well-known insurance companies and I am looking forward to stimulating discussions. As usual, I will add my slides to this post afterwards. Here we go […]
KeyNote at ISX QI 2021
On 10.02.2021 I was allowed to give a KeyNote at the Security Conference ISX of the Vogel IT Verlag. The publisher has some cool formats, which one or the other might know. For example, Security Insider and IT Business belong to it 😉 What was it about? I explained (in the very short 15 minutes […]
Vulnerability in Cordaware bestinformed
CVE CVE-2021-3168 Vulnerable software Cordaware bestinformed <= version 5.1.0.3 Vulnerability An Unquoted service path in Cordaware bestinformed software allows a local attacker to potentially escalate privileges to system level. Timeline 15.12.2020 Vendor informed via email 17.12.2020 Sending additional information to Vendor 12/18/2020 Calling Vendor 11.01.2021 Still no reply 14.01.2021 Disclosure because of exceeding the 30-day […]
Certifications Q4 2020
I try to attend technical trainings regularly to get new input for my work. Therefore, in the past few months, I have completed additional trainings and acquired certifications accordingly: I try to write a review for every training, but I don’t know when yet 😉
Lecture at Trust in Tech Cologne
I was allowed to give a talk at Trust in Tech Cologne on 21.09.2020. I enjoyed the event extremely much and it was a super open round, thank you very much for that! Click here for the slides on the topic“The last one closes the door – Unlocked offices as an invitation for hackers“.
Podcast at Tech Data
I had a lot of fun with an anniversary edition of the podcast “Ones & Zeros, IT Simply Explained” at Tech Data. We talked about different technical testing options for the level of security in companies. Who likes can listen in 😉
Vulnerability in monitoring software
CVE CVE-2020-13912 Vulnerable software SolarWinds “Advanced Monitoring Agent” before 10.8.9 Vulnerability Insufficient authorization/ rights extension Timeline Description The Advanced Monitoring Agent software up to version 10.8.9 was executed when each user (remote or local) logged in. The corresponding file can be modified by all users on the system. A malicious user could exchange the file […]
3x More security in the HomeOffice
In the past few weeks, I have created a number of webinars and documents that can help companies and possibly also one or two private individuals to protect themselves in the home office. Depending on how much time you can/want to spend for this, you just have to choose the right paragraph 😉 For those […]
