A Curious Case of CVE-2019-19781 Palware: remove_bds
Vulnerability in Citrix Application Delivery Controller and Citrix Gateway (CVE-2019-19781) – updated Published on December 17 2019, CVE-2019-19781 is a…
Read more
A Look Back at DCSO Insight Day 2019
November 2019 13. On 13 November 2019, we welcomed more than 150 customers, partners and friends of DCSO to the…
Evidence-based Visibility Debugging in Corporate Walled Garden Networks with Mauerspecht
At its core, the DCSO Threat Detection & Hunting (TDH) service uses network security monitoring to protect organizations against both…
Infosecurity Europe 2019 – observations, scouting, and a recap
Recently, DCSO’s Technology Scouting and Evaluation (TSE) service visited the Infosecurity Europe conference in London. Infosecurity, also known as InfoSec,…
16th German IT Security Congress
From May 21 to 23, 2019, DCSO’s Technology Scouting and Evaluation (TSE) team visited the 16th German IT Security Congress,…
Modern authentication services – More than passwords plus smart card
Passwords have been used to secure access to protected assets since ancient times. Despite many attempts to find a better…
Facebook Documents Leaked to UK Parliament
The year 2018 ended on a bitter note for Facebook when an extraordinary chain of events led to the U.K.…
Enterprise Malware-as-a-Service: Lazarus Group and the Evolution of Ransomware
In an interesting twist to the use of ransomware, an attacker leveraged a vulnerability in a plug-in for a remote-monitoring…
Pegasus/Buhtrap analysis of the malware stage based on the leaked source code
In April of 2015, Kaspersky released a report on a Trojan / Remote Access Tool (RAT) targeting financial institutions in…
RSA Conference 2019: Trust (not Quantum), Blockchain, AI – and the advent of DevSecOps
A Trust Enabled World – that is the vision that guided the opening keynote speech of the RSA Conference 2019,…
Innovation Sandbox Contest: What Cyber Security Trends can the world expect?
“Same procedure as last year, Miss Sophie?” – “Same procedure as every year, James!” In line with this mantra, this…
Part 2: Using MISP-dockerized
As demonstrated in Part 1 of this blog article, installing MISP with MISP-dockerized is quite simple. All you have to…
Part 1: MISP in a box
MISP is a free open source platform developed by the MISP project team that primarily serves the purpose of sharing…
SuriCon 2018
Every year, there are a few “must-attend” events that are fixtures on every security enthusiast’s calendar. Besides the obvious “big…
PHP PEAR Software Supply Chain Attack
On January 19, 2019 the PEAR project announced, that it’s installation script had been tampered with: https://twitter.com/pear/status/1086634389465956352:
Breach & Attack Simulation: "Next-Generation" Vulnerability Management?
In the ongoing game of cat-and-mouse in the cybersecurity space, the dimensions of defense strategies evolve, especially for enterprise-grade organizations.…
DCSO’s Insight Day 2018
November 2018 13. On 13 November 2018, we opened the doors to Berlin’s Humboldt-Box at 9 am, thus launching DCSO’s…
Wanted: The Best Threat Intelligence Provider with APT Indicators
APT’s – advanced persistent threats – are among the most feared threats in the cyberspace. They are well known for…
BruCON 0x0A
BruCON is an annual IT-security conference, held in the historical lecture hall of the University of Gent in October. As…
it-sa 2018 – Impressions and Trends
Last week, DCSO’s TSE team visited the annual it-sa fair & conference taking place at the Nuremberg Exhibition Centre from…
User and Entity Behavior Analytics
Uncovering unknown threats in an enterprise environment might be one of the most significant challenges that security operations centers have…
UP18 – it-sa's cyber startup pitch contest
For the first time, the largest German cybersecurity conference it-sa was started by a warm-up event to get into the…
Thoughts on the Equifax 2017 Breach Report
The United States Government Accountability Office (GAO) recently released a report on the 2017 Equifax data breach. The GAO report…
Data in mysterious places – the subtle crisis of data harvesting apps
Recent news stories highlight the danger of unwanted data exfiltration by popular applications. The use of apps is increasingly important…
Cloud Security 101 – Do you already CASB?
“Hey, Mike, where can I find our current project calculation? Our client keeps asking questions … ” “It’s in our…
Intercepting Twofish-encrypted HTTP traffic with mitmproxy
With mitmproxy, a ncurses-based tool to intercept HTTP(s) connections is available as Open Source Software. This blog post reflects a…
The impact of GDPR on security research: A look at WHOIS
When individuals, companies, organizations, and governments register a domain, they are required to provide information to a domain registration company,…
Mobile Threat Defense – trying to extend established Enterprise Mobility Management
Portable devices like smartphones and tablets have developed from being just single-purpose communication tools to becoming valuable assets in business…
Using "magic" DNS-resolutions to track suspicious domains
APT operators are humans, and humans are lazy and make mistakes. A common pattern seen in APT operations is “sleeping…
Spectre-NG: LazyFP State Restore Vulnerability (CVE-2018-3665)
The first publicly accessible indication of a new Spectre-NG vulnerability appeared on June 5, 2018, in a commit message on…
Cryptomining: A Growing Threat
The rising prominence of cryptocurrencies worldwide incentivizes criminals to expand cryptocurrency mining operations, particularly when using compromised infrastructure forces others…
Infosecurity Europe 2018 – Trends and Innovations
Just recently, TSE visited the annual Infosecurity Europe conference to stay up-to-date with recent trends and innovations in the cyber…
Introducing Security Orchestration and Automation
One of the main tasks in TSE’s research regarding the IT security market is to identify new trends and developments…
Lower Barriers to Entry Fueling Growth in Cybercrime, Espionage and Even Security Research
Over the past few years, a very small number of cybercriminals have become quite sophisticated and are able to cause…
Girls' Day 2018 @ DCSO
Like last year, we are very happy to have hosted Girls’ Day 2018. We had a great experience with the…
Impressions of the RSA Conference 2018 part II – On the expo floor
Like last year, the main expo filled two complete buildings with more than 550 vendors. The floors were dominated by…
Impressions of the RSA Conference 2018 part I – Keynotes and Innovations
Later than usual, the annual RSA Conference in San Francisco started on April 16th. Breaking another record, about 50.000 participants…
New Cyber Security Laws put Compliance and Policy in the Spotlight
China’s cyber security law released in 2017, with a substantial implementing phase of one year, marks a significant overhaul of…
Tips and Tricks from Daily Testing
Testing security products in an enterprise environment can be a tedious task. In between pressing timelines, infrastructure nightmares and pushy…