To synchronize directories with each other based on rSync, tools like DeltaCopy help. With the free open source program, two directories in macOS X or Windows can be synchronized against each other. It is managed via a graphical user interface. Synchronize data via rSync with DeltaCopy Data loss can be avoided by synchronizing files and …
When it comes to vulnerable IoT systems, many first think of modern smart devices like digital assistants or smart watches. Yet the greatest risks lie with typically unmanaged IoT devices in the smart building, healthcare, network and VoIP, and operations technology sectors. A recent study by ForeScout reveals which IoT devices pose particular risks. The …
Anyone who develops applications or works with databases must test their results sufficiently. This requires valid test data. So it makes sense to copy the existing productive data and use it for the test. This sounds simple and not at all unfair, but it can become a legal problem with considerable financial damage. Avoiding unpleasant …
A Blue Team has the task of protecting an organization’s IT infrastructure from real attackers as well as from simulated attacks by a Red Team. It is made up of IT security experts from within the organization and differs from standard security teams in that it is constantly alert and ready to defend against attacks …
Common Vulnerabilities and Exposures (CVE) is a standardized list of vulnerabilities and security risks of computer systems. Thanks to the unique naming, the exchange of data about vulnerabilities and security risks is simplified. Sequential numbers uniquely identify the various entries. What is CVE? The acronym CVE stands for Common Vulnerabilities and Exposures. It is a …
What is CVE (Common Vulnerabilities and Exposures)? Read More »
Open Source Intelligence is a term originally coined by intelligence agencies. OSINT uses freely available, open sources such as print media, TV or the Internet to collect information and gain intelligence. In addition to government organizations, private sector companies also use various OSINT techniques and tools. What is Open Source Intelligence (OSINT)? The acronym OSINT …
The Point-to-Point Tunneling Protocol (PPTP) can be used to implement virtual private networks over IP-based networks such as the Internet. It is an extension of the Point-to-Point Protocol and is implemented in many operating systems. Due to known vulnerabilities, PPTP is no longer considered secure today. What is PPTP? The abbreviation PPTP stands for Point-to-Point …
What is PPTP (Point-to-Point Tunneling Protocol)? Read More »
Security by Design is a design concept applied in hardware and software development. The security of hardware or software is already considered in the development process and integrated into the complete life cycle of a product. Design criteria include, for example, minimizing the attack surface, using encryption and authentication, and isolating security-relevant areas. Security is …
In a penetration test, IT systems or networks are subjected to a comprehensive examination designed to determine their susceptibility to attack. A pentest uses methods and techniques that are used by real attackers or hackers. What is a penetration test? With the help of a penetration test, often called a pentest, IT experts try to …
Operational technology includes software and hardware for monitoring and controlling industrial plants or physical machines and their processes. In the past, these were often proprietary solutions operated in isolated environments. Digitization and the Internet of Things are merging traditional IT with operational technology. This fusion is referred to as IT/OT convergence. What is Operational Technology …
Mobile Information Management (MIM) ensures the secure provision of corporate data on mobile devices. Along with Mobile Device Management (MDM) and Mobile Application Management (MAM), it is another important component of Enterprise Mobility Management. MIM leverages technologies and practices such as encryption, cloud services, sandboxing, containers and others. What is MIM (Mobile Information Management)? The …
A bot is a computer program that independently performs tasks in an automated manner without the involvement of a user. There are different types of bots that perform different tasks. They range from social bots to chatbots to search engine bots. Bots can be useful or malicious. When bots communicate over a network, it is …
To detect and defend against cyberattacks earlier, you need to understand the attackers’ objectives and approach and build defenses accordingly. The Lockheed Martin Cyber Kill Chain is a multi-step model for analyzing attacks and building defenses along with the attack steps. Cyber Kill Chain – Basics, Application, and Development Detecting and disabling attackers is not …
Cyber Kill Chain – Basics, Application and Development! Read More »
CEO Fraud is a fraud method in which the attacker pretends to be a CEO, manager, or boss and asks employees to transfer money to a specific account, for example. If the attacker uses email as a means of communication, CEO Fraud is a form of Business Email Compromise (BEC). However, other attack vectors are …
A sandbox is an isolated area, sealed off from the system environment, in which software can be executed in a protected manner. Sandboxes can be used, for example, to test software or to protect the underlying system from changes. What is a sandbox? A sandbox is an isolated area in which software can be executed …
Meltdown is a security vulnerability published in 2018 together with Spectre. It is due to a vulnerability in the hardware architecture of processors and allows unauthorized reading of the memory contents of third-party processes. Processors from various manufacturers such as x86 processors from Intel are affected. Software patches to fix the problem cause performance degradation. …
A DDoS attack attempts to cause the unavailability of Internet service through a deliberately induced overload. Usually, botnets consisting of a multitude of individual systems are used for the attack. The target of the attack can be servers or other network components. What is a DDoS attack (Distributed Denial of Service (DDoS)? The acronym DDoS …
Air Gap is a security concept that meets the highest security requirements. It describes the complete physical and logical isolation of computers from each other and from networks. Information exchange between systems is possible, for example, via transportable storage media. Methods such as side-channel attacks exist to overcome an air gap. What is Air Gap? …
Patch management is nowadays an integral part of system management. It deals with the procurement, testing, and installation of required updates for applications, drivers, and operating systems of computers. What is Patch Management? The literal translation of the English term “to patch” is “to mend”. Transferred to the world of programming, patch refers to software …
Phishing describes the attempt to steal identities and passwords via the Internet by sending fake e-mails or text messages. Internet users are lured by cybercriminals to fake websites of banks, online stores, or other online services by means of deceptively real fake e-mails in order to get hold of their user IDs and passwords. The …
