Conscia blog | Insights about complex IT infrastructres

Blog

Diving Deep: How to detect Malware Persistency pt. 1

During a cyber-attack, adversaries might gain access to an environment through a certain system, but that might not be their actual targeted system or that might not be their end goal. To establish a permanent foothold in the environment and plan new attacks within the environment or simply continue to infect the system through reboots, […]

Blog

Diving Deep: How to detect Typosquatting

Typosquatting is a type of social engineering attack, where a threat actor registers domains with deliberately misspelled names of known brands or websites and hosts malicious content on them or lures visitors to input sensitive data into the website. This...

Blog

Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day

Microsoft confirmed a security vulnerability tracked as CVE-2022-30190 and released it on their MSRC portal on May 30th, 2022. The vulnerability allows for a remote code execution (RCE) when MSDT (Microsoft Support Diagnostic Tool) is called using URL protocol from...

Blog

Diving Deep: Malware Injection Techniques – Part 1

Malware Injection Techniques This is the first entry in the Malware Injection Techniques article series that we will be writing about. The ultimate goal of any malicious software is to be able to execute its code without any hindrance. In...

Blog

Ransomware-as-a-Service: An infamously lucrative business model

Ransomware as a type of malware is not a 21st century invention. We can trace it back to 1989 when Joseph Popp wrote the first known ransomware known as PC Cyborg Trojan. However, since 2010 ransomware attacks really started to...

Blog

Conti Ransomware Gang falls apart

Conti ransomware gang was infamously known as one of the most sophisticated adopters of ransomware-as-a-service (RaaS) model, earning them 180 million USD only in 2021. However, due to the recent Russian invasion on Ukraine, the foundations of the group started...

Blog

Increased threat against industries leveraging ICS and SCADA devices

US agencies (CISA, NSA, FBI) and Department of Energy issued a new Cybersecurity Advisory (CSA) warning on 13.04.2022 in regards to increased threats to industrial control systems (ICS) / SCADA devices. Advanced persistent threat (APT) actors have developed custom malwares...

Blog

What you need to know about the increased Digital Risks following the cyber-attacks on Ukraine

Amidst the ongoing warfare, we were able to track the development of new dedicated and tailored malware (HermeticWiper and Whisper Gate) on the dark web forums, which were specifically crafted for the war. Now there are several reputable sources providing...

Blog

Critical Vulnerability in Apache Log4j

A critical vulnerability has been discovered in Apache Log4j (CVE-2021-22448), which has a maximum CVSS score of 10. The vulnerability is considered easy to exploit, and unfortunately, Apache Log4j is widespread. Apache Log4j is an open-source Java-based logging framework used in many Java applications, affecting products and systems in the cloud and on-prem. The vulnerability […]

Blog

Is your Active Directory secure?

How do you discover and assess misconfigurations and newly discovered vulnerabilities in your most critical asset – Active Directory? Let’s face it. Most of the hacks being done today are exploiting or abusing the Microsoft Active Directory because that is where all users and administrators are located. So of course, we need to secure the […]

Blog

CIS Controls version 8

Center for Internet Security (CIS) has recently updated the CIS controls (May 2021) and we no longer have 20 controls as in CIS version 7.1 but “only” 18 controls. You can find the new version here: https://www.cisecurity.org/controls/v8/ In my opinion...

Blog

Where and how to begin the cyber security journey?

Where to start? Many European organizations struggle to start the cyber security journey. Most of the organizations know of all the cyber security incidents happening now and most management boards also have the cyber security as a top priority on...

Blog

Major security mistake costs businesses millions

Cybersecurity is on the board agenda for all companies or should at least be there. Everyone understands the efforts needed and that demands are constantly rising. Hard work and significant investments are not enough. We need to take advantage of...

Blog

Cutting corners in cyber security will backfire

Managers at manufacturing companies experience how IT, digitalization, call it what you want, washes over them at an accelerating rate over the next few years. It is essential to hang out and surf into the future; otherwise, you will have...

Blog

Cloud Managed Next Generation Firewall-as-a-Service

Network security is an unfair game. To protect your business, users, and data, you employ a number of security mechanisms across the data center, hybrid, and public cloud environments. On the contrary, the adversaries are only after one vulnerability. One...

Blog

PODCAST: Who are hackers and what do they want?

In this first episode of the Cybersec Bites Podcast, Jakob Premrn, Cybersecurity Analyst from NIL’s Security Operations Center (SOC), discusses the motives and operations of cybercriminals.

Blog

Data is gold – protect it

By using new technologies in our everyday lives, enormous amounts of data are produced. 59 zettabytes of data were produced in 2020 in comparison to 2 zettabytes a decade ago. it is estimated that in 2021 this number will increase by...

Blog

Major Step forward in delivering IT-as-a-Service

For almost twenty years, Conscia has been a leading European provider of secure, reliable IT infrastructure. With a history of building and delivering fully managed solutions—largely built from Cisco’s broad portfolio of market-leading technologies—Conscia is moving toward delivering IT as a service to its customers. Furthermore, Cisco’s Cisco Plus announcement represents a significant step in this […]

Blog

Data Abundance

By using new technologies in our everyday lives, enormous amounts of data are produced. 59 zettabytes of data were produced in 2020 in comparison to 2 zettabytes a decade ago. it is estimated that in 2021 this number will increase by 25%.

Blog

Education and research institutions are more vulnerable than ever

Education and research institutions are more vulnerable than ever and a significant target for cybercriminals. Indeed, in these challenging times, when more online education occurs, and teachers and students often access home applications, the risks only increase. The chance of...

Diving Deep: How to detect Malware Persistency pt. 1

Diving Deep: How to detect Typosquatting

Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day

Diving Deep: Malware Injection Techniques – Part 1

Ransomware-as-a-Service: An infamously lucrative business model

Conti Ransomware Gang falls apart

Increased threat against industries leveraging ICS and SCADA devices

What you need to know about the increased Digital Risks following the cyber-attacks on Ukraine

Critical Vulnerability in Apache Log4j

Is your Active Directory secure?

CIS Controls version 8

Where and how to begin the cyber security journey?

Major security mistake costs businesses millions

Cutting corners in cyber security will backfire

Cloud Managed Next Generation Firewall-as-a-Service

PODCAST: Who are hackers and what do they want?

Data is gold – protect it

Major Step forward in delivering IT-as-a-Service

Data Abundance

Education and research institutions are more vulnerable than ever

Do you have any questions?

Related content

Diving Deep: How to detect Malware Persistency pt. 1

Diving Deep: How to detect Typosquatting

Vulnerability Spotlight: How to detect Follina the Windows MSDT 0-day

Diving Deep: Malware Injection Techniques – Part 1

Contact