During the COVID-19 pandemic a growing dependency on information technology became obvious for many organizations – and with it an increase of cyber risks. The exploitation of employees working remotely …

Ransomware is one of today’s much discussed type of cyber attacks. Several business models around this attack type emerged during the last years. The schema boils down to a threat …

The theft of credential is one of today’s risks to information security that significantly increased with the rise of Social Engineering. Cyber Criminals use credentials to intrude the infrastructure of …

Losing company assets, like laptops, smartphones, or documents, as well as assets getting stolen are two well known risks to information security of organizations. However, over the last years Verizons …

A Denial of Service (DoS) attack aims at the availability of a service, website or network. By disrupting or suspending normal data flow, the system is rendered unavailable. Amplifying this …

The misuse of ones privileges is an intentional, malicious attack pattern. Most of the data breaches in 2021 in this category were caused by privilege abuse or data mishandling. They …

Unintentional actions are among the most common patterns in information security incidents. Miscellaneous errors of employees can directly compromise assets of an organization and lead to data breaches. According to …

System Intrusion happens in an early phase of a cyber attack (Figure 1). It usually starts after attackers have collected enough data about the target and assembled tactics for their …

Web applications are often compromised by basic attacks that require only a small number of steps or additional actions after the initial compromise. The attackers are rather focused, for example …

In social engineering, an attacker exploits the “human factor” as the supposed weakest link in the information security chain in order to accomplish his criminal intent. SECURNITE explains what Social Engineering is.