Cyber & Information Security Archive

2. March 2022

The e2 Security Rulebook: How to survive in the Internet

…without being ripped off, scamed, or getting stolen your identity

This set of rules is intended to arm the users of the internet for the lurking dangers in it. Whether it’s the deceptively real-looking “application.doc” that lands in the HR department, or the Office 365 login link in the CEO’s inbox with the inconspicuous request to review a shared document. After you have read and understood this set of rules, you are 99.99% safe when using the Internet.

The e2 Security rulebook is available here: DOWNLOAD

2. December 2021

Case Study – Reflected Cross-Site-Scripting in Weglot Translator Plugin

Recently, we discovered a cross-site scripting vulnerability during a penetration test, which was only made possible using a third-party plugin. What was surprising: the vulnerability seemed to occur only when the website used a specific language. As a result, we took a closer look.

21. November 2021

HTTP Verb Tampering

When testing web applications for security flaws, the applications’ handling of different HTTP request methods – also known as verbs – should be considered.Usually, interactions between clients and servers utilize the HTTP methods GET or POST for accessing resources.

3. September 2021

Cross Site Scripting

From a high level, cross site scripting (short: XSS) can be described as the embedding of foreign code into a trusted context for execution.

20. July 2021

Phishing: These are the most popular tricks

For criminals and fraudsters, personal data of Internet users is always very desirable. In many cases it allows access to credit cards, bank or online accounts.

Phishing, i.e. obtaining other people’s personal data using fake e-mails or websites, is a popular method of doing this. The following is an overview of the most common methods:

29. June 2021

Clickjacking

What is Clickjacking?
Clickjacking takes place when a fraudster sets up an overlaid website interface and steals clicks on that fake website to then use it on a real site. Users come across these illegal overlays by chance and assume that after filling in a field, clicking a link, or entering their passwords, they’ll get access to what they see in front of them.

13. June 2021

Hard Coded Credentials for Dummies

Hard Coded Credentials for Dummies

How to not unknowingly, accidently and unconsciously reveal all your passwords and secrets to bad people

Credentials or passwords are the integral part of online and software world. In the simplest example they are the key protecting your “online house” such as Instagram, Facebook, email, etc.

2. June 2021

Password leaks and how to deal with them

At the beginning of April 2021, information was published that personal data of more than 500 million Facebook users had surfaced in a hacking forum.

27. May 2021

Who is Hacker’s favorite?

How well is my company positioned when it comes to cybersecurity? Are we way ahead of the game or do we have one foot in a major security hole… these are questions that IT managers often ask themselves. New screenings provide some surprising answers.

25. May 2021

Safe on the road on the cyber highway of the future

“We need to take care of our cybersecurity …” This phrase is a common one in organizations…. But where do we start? What is the cost? Along the entire value chain? And who will support us in the process?

25. March 2021

Safety First! Cybersecurity in times of Corona

For more than a year now, more people worldwide have been working from home offices than ever before.

The digitalization of the home has been turbo-charged, but the digital connection to companies has often been more poor than good, primarily in a hurry, so that everyone can continue to work and earn money quickly. But those which cobble together hurriedly open the door to danger from the web.

16. March 2021

The missing link in the chain: Cybersecurity in the value chain

Security is often not considered in digitization initiatives or in the best case after implementation only, which results in a major loss of efficiency and causes high costs.

22. February 2021

SolarWinds – The comprehensive review

In early 2019, hackers secretly broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system. The system, called “Orion,” is widely used by companies to manage critical IT resources.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.