SEC Consult Unternehmensberatung GmbH
Cyber- und Applikationssicherheit
Wien
nicht verfügbar Mitarbeiter
Keine Jobs für junge Talente
Dieses Unternehmen bietet aktuell keine Jobs für junge Talente
Social Media
🚨 Critical Vulnerabilities in dormakaba’s Enterprise Grade Physical Access Control System‼️ After a long, exhausting but rewarding coordinated responsible disclosure process, we are excited to finally share all #vulnerabilities we identified in dormakaba’s physical access control system exos 9300, the access managers, responsible for opening electronic locks, as well as PIN pads. Our researchers Clemens Stockenreitner and Werner Schober detailed their discoveries in their blogpost, titled “Hands-Free Lockpicking”. The blogpost and the advisories are available at the following location: 👉 https://lnkd.in/dNwqQc9v What’s the impact❓ By exploiting these vulnerabilities, it is possible to open all doors controlled by the physical access control system without prior authentication, only network access is required. Some systems are even available via the Internet due to end user misconfigurations. But that’s not all. Overall, 20 CVEs have been assigned, most of them rated critical or high. The vendor dormakaba handled the responsible disclosure process exceptionally well. Patches are available and have been already applied for many customers! #ResponsibleDisclosure #PhysicalSecurity #AccessControl #Lockpicking #SecurityResearch #OffensiveSecurity
🕵️♂️ Sind Sie bereit für eine Reise in die dunklen Ecken der IT-Sicherheit? 💀 In unserem kommenden Webinar entführen wir Sie in eine Welt voller erschreckender Schwachstellen und verwaister Software. 🔦 Unsere beiden „Jonathan Frakes“ — Moritz Gruber und Werner Schober — berichten aus ihrer jahrelangen Pentest-Praxis und zeigen, wie kleine Fehler zu großen Sicherheitsrisiken werden können. Erleben Sie: 📖 Echte Fallgeschichten aus dem Alltag von Sicherheitsexperten 💡 Technische Einblicke, die Sie so noch nicht gehört haben 🧰 Praktische Tipps, um Ihre Systeme besser zu schützen 😱 Gänsehaut garantiert. 🧠 Das nehmen Sie mit: Konkrete Beispiele realer Sicherheitslücken Wie Angreifer vorgehen — und wie Sie das verhindern Handlungsempfehlungen für Entwickler & Security-Teams 📅 Wann: 30. Oktober 2025 // 10:00 Uhr 🎟️ Jetzt Platz sichern: 👉 https://lnkd.in/eWwZwNze #CyberSecurity #Webinar #Pentesting #ITSecurity #SECConsult #SecurityAwareness #Infosec #AufDeutsch
🚨 New SEC Consult Advisory: CleverControl Employee Monitoring Software Vulnerability (CVE-2025-10548) The SEC Consult Vulnerability Lab has identified a high-impact security issue in the CleverControl Software employee monitoring software. A missing TLS server certificate validation during installation enables attackers in a man-in-the-middle position to execute arbitrary code with SYSTEM privileges. 📌 Key Details CVE: CVE-2025-10548 Product: CleverControl employee monitoring software Vulnerable Version: 11.5.1041.6 Fixed Version: Not available Impact: Remote Code Execution (RCE) with elevated privileges Advisory: https://lnkd.in/d95huCu2 ⚠️ Vendor Response: Despite multiple attempts to contact CleverControl, the vendor remained unresponsive. No patch is available. 🔒 Business Recommendation We strongly advise all end users to contact the vendor directly and demand a patch. Until then, consider alternatives and ensure thorough network security monitoring. This vulnerability was discovered by Daniel 🦌 Hirschberger ⛰️ , Thorger Jansen , Tobias Niemann and Marius Renner (Office Bochum). #CyberSecurity #InfoSec #RCE
🌩️ Cloud misconfigurations remain one of the top entry points for attackers. From overly permissive IAM roles to exposed storage buckets — cloud-native environments require cloud-native security testing. 🔍 SEC Consult’s Cloud Pentesting service is designed to: 📍Detect misconfigurations across AWS, Azure & GCP 📍Simulate real-world attack paths 📍Deliver actionable remediation guidance Explore how we help organizations stay ahead of evolving threats: 👉 https://lnkd.in/dj6G8UeS #CloudSecurity #Misconfiguration #Pentesting #IAMSecurity #SECConsult
🔐 Live-Hacking & Red Teaming auf der it-sa 2025 – mit SEC Consult! Besuchen Sie uns auf Europas führender IT-Security-Messe und erleben Sie zwei exklusive Live-Events: 🎬 "Wir hacken wie Hollywood (es niemals tun würde)" 📅 Dienstag, 07.10.2025 | 🕔 17:00 – 17:30 Uhr 📍 Halle 9, Forum F ➡️ Live-Hacking mit Aha-Momenten – unterhaltsam, technisch fundiert und garantiert realitätsnah! 🧠 Workshop: "Warum Red Teaming ohne Penetrationstest ins Leere läuft" 📅 Mittwoch, 08.10.2025 | 🕝 14:30 – 17:30 Uhr 📍 NCC Ost, Raum Oslo ➡️ Tiefgehende Einblicke in moderne Angriffssimulationen und wie Unternehmen sich wirklich schützen können. 📌 Mehr Informationen zu den Sessions und unserem Messeauftritt finden Sie hier: 🔗 https://lnkd.in/dYRCFRjM 👉 Jetzt vormerken und vorbeikommen – wir freuen uns auf den Austausch! #AufDeutschDE #itsa2025 #SECConsult #LiveHacking #RedTeaming #CyberSecurity #ITSecurity
🎟️ New Blogpost: Forensics gone wrong? Unpredicted behaviour of writeblockers SEC Consult tested hardware writeblockers in preparation for incident response case work (Wiebetech USB 3.1, Wiebetech Forensic Ultradock, Logicube Portable, Tableau TK8u/T8u USB 3.0 Forensic Bridge). We noticed that two of our writeblockers are behaving differently than expected, namely Wiebetech USB 3.1 and Wiebetech Forensic Ultradock (SATA). 🛡️ Recommendation: Digital forensic investigators should take special care as these writeblockers work differently than familiar writeblockers of other brands. 🔍 Read the full article for technical details: 👉 https://lnkd.in/d_3EE3VW #CyberSecurity #DFIR #digitalforensics #writeblockers #SECConsult
🚀 Nominated for the Pwnie Awards 2025 – the “Oscars of IT Security”! We’re proud to announce that our research at the SEC Consult Group Vulnerability Lab has once again made waves internationally: ⚡ Critical vulnerabilities in EV charging infrastructure (Hardy Barth CPH2 & CPP2) identified. A huge thank you to our expert Stefan Viehböck for his outstanding work – and to our entire team for continuously driving innovation, disruption, and accountability in the field of cybersecurity. 👏 👏 🔍 Read more about the findings: https://lnkd.in/eiBCDwhn #CyberSecurity #PwnieAwards #EVCharging #SECConsult #VulnerabilityResearch #Innovation #ITSecurity
🍂 Oktober ist it-sa-Zeit – und natürlich ist SEC Consult auch dieses Jahr wieder mit dabei! 🍂 Die it-sa – Home of IT Security ist ein Pflichttermin für alle, die sich mit aktuellen Bedrohungen und innovativen Lösungen im Cybersecurity-Bereich auseinandersetzen. Gemeinsam mit unseren Kolleg:innen von Atos Cybersecurity und Eviden freuen wir uns auf den persönlichen Austausch, spannende Gespräche und praxisnahe Einblicke. Wann? 07.–09. Oktober 2025 Wo? Nürnberg, Messezentrum 🧭 Sie finden uns in Halle 9 I Stand 534 🧭 Kommen Sie vorbei und erleben Sie Cybersecurity live! Infos zu Tickets und Agenda 👉 https://lnkd.in/dmbAfVug #AufDeutschDE #itsa2025 #Cybersecurity #SECConsult #ITSecurity #Awareness #Events
🎶🏆 Day 2 at IKT 2025 in Dornbirn! We started the day with an impressive performance by the Österreichisches Bundesheer (Austrian Armed Forces) Military Band — and we’re thrilled to announce that the team, joined by our own Timo Longin , secured 2nd place at the Austrian Cyber Security Challenge yesterday! There’s a great atmosphere at the conference, and we’re looking forward to more insightful talks, valuable connections, and exciting discussions. 📍 If you’re here, come visit us at booth 48 & 49 (together with Mastercard ) — we’d love to catch up! #IKT2025 #CyberSecurity #SECConsult #CyberChallenge #Networking #TeamSpirit #CyberResilience #ACSC2025
🎤 Our talk at IKT 2025: “Coordinated Vulnerability Disclosure for Manufacturers” by Johannes Greil We had a great time presenting today at the IKT Security Conference, sharing real-world insights and best practices on coordinated vulnerability disclosure — and what companies need to know to prepare for the EU Cyber Resilience Act. A big thank you to everyone who attended and joined! 📸 Here are a few snapshots from the presentation — it was fantastic to see so much interest in this important topic. #IKT2025 #CyberSecurity #VulnerabilityDisclosure #EUCRA #SECConsult #InfoSec #CyberResilience
🚀 The IKT Security Conference 2025 is officially underway — and our SEC Consult team is on site in Dornbirn! Stop by booth 48 & 49 (shared with Mastercard ) or catch our talk on Coordinated Vulnerability Disclosure. We’re looking forward to great conversations and connecting with you — see you at the stand! 📸 Here’s a quick snapshot of our team — come say hello! #IKT2025 #CyberSecurity #SECConsult #Networking #TeamSpirit #CyberResilience #VulnerabilityDisclosure
🔐 We’re looking forward to attending the IKT Security Conference 2025 on June 25–26 at Messe Dornbirn! We’ll be there to connect with the cybersecurity community and discuss the latest in coordinated vulnerability disclosure, the EU Cyber Resilience Act, and best practices for safeguarding critical infrastructure. 💬 Don’t miss our talk on “Coordinated Vulnerability Disclosure for Manufacturers” by Johannes Greil , where we’ll share real-world insights and lessons learned. 📍 Plus, come visit us at our stand (no. 48 & 49) — together with our partner Mastercard — for some great conversations. We look forward to seeing you in Dornbirn! #IKT2025 #CyberSecurity #SecConsult #EUCRA #VulnerabilityDisclosure #Networking
Social Media
🚨 Critical Vulnerabilities in dormakaba’s Enterprise Grade Physical Access Control System‼️ After a long, exhausting but rewarding coordinated responsible disclosure process, we are excited to finally share all #vulnerabilities we identified in dormakaba’s physical access control system exos 9300, the access managers, responsible for opening electronic locks, as well as PIN pads. Our researchers Clemens Stockenreitner and Werner Schober detailed their discoveries in their blogpost, titled “Hands-Free Lockpicking”. The blogpost and the advisories are available at the following location: 👉 https://lnkd.in/dNwqQc9v What’s the impact❓ By exploiting these vulnerabilities, it is possible to open all doors controlled by the physical access control system without prior authentication, only network access is required. Some systems are even available via the Internet due to end user misconfigurations. But that’s not all. Overall, 20 CVEs have been assigned, most of them rated critical or high. The vendor dormakaba handled the responsible disclosure process exceptionally well. Patches are available and have been already applied for many customers! #ResponsibleDisclosure #PhysicalSecurity #AccessControl #Lockpicking #SecurityResearch #OffensiveSecurity
🕵️♂️ Sind Sie bereit für eine Reise in die dunklen Ecken der IT-Sicherheit? 💀 In unserem kommenden Webinar entführen wir Sie in eine Welt voller erschreckender Schwachstellen und verwaister Software. 🔦 Unsere beiden „Jonathan Frakes“ — Moritz Gruber und Werner Schober — berichten aus ihrer jahrelangen Pentest-Praxis und zeigen, wie kleine Fehler zu großen Sicherheitsrisiken werden können. Erleben Sie: 📖 Echte Fallgeschichten aus dem Alltag von Sicherheitsexperten 💡 Technische Einblicke, die Sie so noch nicht gehört haben 🧰 Praktische Tipps, um Ihre Systeme besser zu schützen 😱 Gänsehaut garantiert. 🧠 Das nehmen Sie mit: Konkrete Beispiele realer Sicherheitslücken Wie Angreifer vorgehen — und wie Sie das verhindern Handlungsempfehlungen für Entwickler & Security-Teams 📅 Wann: 30. Oktober 2025 // 10:00 Uhr 🎟️ Jetzt Platz sichern: 👉 https://lnkd.in/eWwZwNze #CyberSecurity #Webinar #Pentesting #ITSecurity #SECConsult #SecurityAwareness #Infosec #AufDeutsch
🚨 New SEC Consult Advisory: CleverControl Employee Monitoring Software Vulnerability (CVE-2025-10548) The SEC Consult Vulnerability Lab has identified a high-impact security issue in the CleverControl Software employee monitoring software. A missing TLS server certificate validation during installation enables attackers in a man-in-the-middle position to execute arbitrary code with SYSTEM privileges. 📌 Key Details CVE: CVE-2025-10548 Product: CleverControl employee monitoring software Vulnerable Version: 11.5.1041.6 Fixed Version: Not available Impact: Remote Code Execution (RCE) with elevated privileges Advisory: https://lnkd.in/d95huCu2 ⚠️ Vendor Response: Despite multiple attempts to contact CleverControl, the vendor remained unresponsive. No patch is available. 🔒 Business Recommendation We strongly advise all end users to contact the vendor directly and demand a patch. Until then, consider alternatives and ensure thorough network security monitoring. This vulnerability was discovered by Daniel 🦌 Hirschberger ⛰️ , Thorger Jansen , Tobias Niemann and Marius Renner (Office Bochum). #CyberSecurity #InfoSec #RCE
🌩️ Cloud misconfigurations remain one of the top entry points for attackers. From overly permissive IAM roles to exposed storage buckets — cloud-native environments require cloud-native security testing. 🔍 SEC Consult’s Cloud Pentesting service is designed to: 📍Detect misconfigurations across AWS, Azure & GCP 📍Simulate real-world attack paths 📍Deliver actionable remediation guidance Explore how we help organizations stay ahead of evolving threats: 👉 https://lnkd.in/dj6G8UeS #CloudSecurity #Misconfiguration #Pentesting #IAMSecurity #SECConsult
🔐 Live-Hacking & Red Teaming auf der it-sa 2025 – mit SEC Consult! Besuchen Sie uns auf Europas führender IT-Security-Messe und erleben Sie zwei exklusive Live-Events: 🎬 "Wir hacken wie Hollywood (es niemals tun würde)" 📅 Dienstag, 07.10.2025 | 🕔 17:00 – 17:30 Uhr 📍 Halle 9, Forum F ➡️ Live-Hacking mit Aha-Momenten – unterhaltsam, technisch fundiert und garantiert realitätsnah! 🧠 Workshop: "Warum Red Teaming ohne Penetrationstest ins Leere läuft" 📅 Mittwoch, 08.10.2025 | 🕝 14:30 – 17:30 Uhr 📍 NCC Ost, Raum Oslo ➡️ Tiefgehende Einblicke in moderne Angriffssimulationen und wie Unternehmen sich wirklich schützen können. 📌 Mehr Informationen zu den Sessions und unserem Messeauftritt finden Sie hier: 🔗 https://lnkd.in/dYRCFRjM 👉 Jetzt vormerken und vorbeikommen – wir freuen uns auf den Austausch! #AufDeutschDE #itsa2025 #SECConsult #LiveHacking #RedTeaming #CyberSecurity #ITSecurity
🎟️ New Blogpost: Forensics gone wrong? Unpredicted behaviour of writeblockers SEC Consult tested hardware writeblockers in preparation for incident response case work (Wiebetech USB 3.1, Wiebetech Forensic Ultradock, Logicube Portable, Tableau TK8u/T8u USB 3.0 Forensic Bridge). We noticed that two of our writeblockers are behaving differently than expected, namely Wiebetech USB 3.1 and Wiebetech Forensic Ultradock (SATA). 🛡️ Recommendation: Digital forensic investigators should take special care as these writeblockers work differently than familiar writeblockers of other brands. 🔍 Read the full article for technical details: 👉 https://lnkd.in/d_3EE3VW #CyberSecurity #DFIR #digitalforensics #writeblockers #SECConsult
🚀 Nominated for the Pwnie Awards 2025 – the “Oscars of IT Security”! We’re proud to announce that our research at the SEC Consult Group Vulnerability Lab has once again made waves internationally: ⚡ Critical vulnerabilities in EV charging infrastructure (Hardy Barth CPH2 & CPP2) identified. A huge thank you to our expert Stefan Viehböck for his outstanding work – and to our entire team for continuously driving innovation, disruption, and accountability in the field of cybersecurity. 👏 👏 🔍 Read more about the findings: https://lnkd.in/eiBCDwhn #CyberSecurity #PwnieAwards #EVCharging #SECConsult #VulnerabilityResearch #Innovation #ITSecurity
🍂 Oktober ist it-sa-Zeit – und natürlich ist SEC Consult auch dieses Jahr wieder mit dabei! 🍂 Die it-sa – Home of IT Security ist ein Pflichttermin für alle, die sich mit aktuellen Bedrohungen und innovativen Lösungen im Cybersecurity-Bereich auseinandersetzen. Gemeinsam mit unseren Kolleg:innen von Atos Cybersecurity und Eviden freuen wir uns auf den persönlichen Austausch, spannende Gespräche und praxisnahe Einblicke. Wann? 07.–09. Oktober 2025 Wo? Nürnberg, Messezentrum 🧭 Sie finden uns in Halle 9 I Stand 534 🧭 Kommen Sie vorbei und erleben Sie Cybersecurity live! Infos zu Tickets und Agenda 👉 https://lnkd.in/dmbAfVug #AufDeutschDE #itsa2025 #Cybersecurity #SECConsult #ITSecurity #Awareness #Events
🎶🏆 Day 2 at IKT 2025 in Dornbirn! We started the day with an impressive performance by the Österreichisches Bundesheer (Austrian Armed Forces) Military Band — and we’re thrilled to announce that the team, joined by our own Timo Longin , secured 2nd place at the Austrian Cyber Security Challenge yesterday! There’s a great atmosphere at the conference, and we’re looking forward to more insightful talks, valuable connections, and exciting discussions. 📍 If you’re here, come visit us at booth 48 & 49 (together with Mastercard ) — we’d love to catch up! #IKT2025 #CyberSecurity #SECConsult #CyberChallenge #Networking #TeamSpirit #CyberResilience #ACSC2025
🎤 Our talk at IKT 2025: “Coordinated Vulnerability Disclosure for Manufacturers” by Johannes Greil We had a great time presenting today at the IKT Security Conference, sharing real-world insights and best practices on coordinated vulnerability disclosure — and what companies need to know to prepare for the EU Cyber Resilience Act. A big thank you to everyone who attended and joined! 📸 Here are a few snapshots from the presentation — it was fantastic to see so much interest in this important topic. #IKT2025 #CyberSecurity #VulnerabilityDisclosure #EUCRA #SECConsult #InfoSec #CyberResilience
🚀 The IKT Security Conference 2025 is officially underway — and our SEC Consult team is on site in Dornbirn! Stop by booth 48 & 49 (shared with Mastercard ) or catch our talk on Coordinated Vulnerability Disclosure. We’re looking forward to great conversations and connecting with you — see you at the stand! 📸 Here’s a quick snapshot of our team — come say hello! #IKT2025 #CyberSecurity #SECConsult #Networking #TeamSpirit #CyberResilience #VulnerabilityDisclosure
🔐 We’re looking forward to attending the IKT Security Conference 2025 on June 25–26 at Messe Dornbirn! We’ll be there to connect with the cybersecurity community and discuss the latest in coordinated vulnerability disclosure, the EU Cyber Resilience Act, and best practices for safeguarding critical infrastructure. 💬 Don’t miss our talk on “Coordinated Vulnerability Disclosure for Manufacturers” by Johannes Greil , where we’ll share real-world insights and lessons learned. 📍 Plus, come visit us at our stand (no. 48 & 49) — together with our partner Mastercard — for some great conversations. We look forward to seeing you in Dornbirn! #IKT2025 #CyberSecurity #SecConsult #EUCRA #VulnerabilityDisclosure #Networking
Jobs
SEC Consult Unternehmensberatung GmbH
Keine Jobs für junge Talente
Dieses Unternehmen bietet aktuell keine Jobs für junge Talente