Rene Neff

1. 

   Stealer logs: How hackers gain access to vehicle functions through stolen login data

   Together with ZDF WISO, we show how criminals can use stolen login data from stealer logs to locate, open and drive away cars.

2. 

   Protection against identity theft through the extension of PHP with Argon2d

   By extending PHP with Argon2d, users and service providers can now be even better protected actively and preventively against identity theft on the Internet. Read more about the implementation and the dangers of identity theft in this blog article and find out how you can protect yourself and your users against it.

3. 

   The Banshee Information Stealer: The New Threat for Macs

   A new type of malware is spreading and primarily infects macOS devices. The spread of Banshee relies particularly on human factors.

4. 

   Phishing #7: Social Engineering

   In this special edition of our phishing series, we want to show how social engineering works in real life and how it can also affect the digital world.

5. 

   A Pentest for Identeco

   The Identeco solutions were subjected to a penetration test. Reason enough to talk about security tests, penetration tests and code audits.

6. 

   Phishing #6: Spearphishing, Watering-Hole Attack and Whaling Attacks

   Discover the dangers of spearphishing, watering hole and whaling attacks in our new blog post. From personalized attacks to compromising trusted websites - we show you how these phishing methods work and how you can recognize them.

7. 

   Malware #1: Malware, Virus and Worm

   We are starting a new blog series, in which we will introduce the different types of malware and give an example of an attack for each case. In the first part of the "Malware" series, we explain what malware actually is and how it differs from viruses and worms.

8. 

   The invisible threat: How stealer malware steals your information

   Our article takes a look into the world of stealer malware - hidden digital thieves that copy sensitive data. We shed light on how it works and the origins of an infection with this malware. Finally, we'll go into proven defensive measures. Learn how you can protect yourself and your business against the invisible threats from cyberspace.

9. 

   ProSBAcT Unites Identeco and StartUp Secure in Battle Against Account Takeovers

   Identeco launches with ProSBAcT! From the first of June 2023 ProSBAacT, a joint project of Identeco and the funding initiative StartUp Secure of the Federal Ministry of Education and Research will run. At this point, we would like to report briefly on what we plan to do with ProSBAcT and how we benefit from working with ProSBAcT.

10. 

    Phishing #5: Malvertising, Https-Phishing und Evil Twin

    Our blog series on phishing attacks continues. Learn about malvertising, HTTPS phishing and Evil Twin attacks. We explain not only how such attacks happen, but also how you can protect yourself against them.

11. 

    Hogwarts and email accounts: lessons for the Muggle world

    The magical world of Harry Potter is all about spells, magical artefacts and passwords. In our, digitalized Muggle world, passwords also play an increasingly important role. In this article, we want to look at similarities and differences between passwords in Harry Potter, passwords in the muggle world and personal identification numbers (PIN).

12. 

    Man-in-the-Middle Attacks: How do you protect yourself from the invisible threat?

    Man-in-the-middle attacks, nowadays also called machine-in-the-middle attacks, are attacks where the direct connection to a website or service is redirected by an attacker in such a way that he can read the user's input and thus gain access to their accounts. In this blog, you will learn not only how this happens, but also how you can protect yourself from it.

13. 

    Understanding DoS, DDoS, and DRDoS Attacks: What Every Business Should Know

    Protect your business from DoS, DDoS, and DRDoS attacks. Learn the differences, understand the technical background, and implement effective mitigation strategies to safeguard your network and account access.

14. 

    World Password Day 2023 - Current Recommendations

    World Password Day on the first Thursday in May is a reminder of the importance of strong passwords and proven best practices. NIST and BSI recommend passphrases, MFA and regular checks for compromise. We explain tips for choosing strong passwords and handling account details in our article.

15. 

    Phishing #4: Pharming Attack, Browser in browser Attacks and Doc Clouding Attacks

    Phishing attacks can occur in everyday internet life. Pharming redirects the user to a fake website, often via a pop-up window. In doc clouding, attackers pretend to be colleagues and share links, e.g. in comments. In this article you will learn more about these types of attacks.

16. 

    Multifactor Authentication (MFA): Only as strong as the weakest link in the chain

    In this article we are discussing multifactor authentication. The different kinds will be explained (knowledge, possesion, biometric and inherence), as well as some examples of possible attacks.

17. 

    Phishing #3: Smishing, Vishing and Email Clone Phishing

    Introduction of three types of phishing attacks: Smishing (SMS scam), Vishing (phone scam) and Email Clone Phishing (imitation of legitimate emails). The goal is to trick users into revealing information or installing malware.

18. 

    Phishing in 2023 - Our Predictions

    Phishing attacks are among the biggest threats in the digital world. 2023 will be no exception. We describe how criminals are becoming more specialised and how the latest tools, supported by AI, are being used for deepfake and extraordinarily convincing phishing campaigns.

19. 

    Verify Login Credentials to Protect against Credential-Stuffing Attacks

    To protect users from account takeover attacks, online platforms must ensure an appropriate level of security. A specialized service provider that checks login information against known leak data offers significant advantages over individual checking by each user.

20. 

    Risks to Users and Operators of Online Platforms from Credential-Stuffing Attacks

    Credential stuffing attacks threaten the security of users and operators of online platforms. This article explains causes and risks for users and platform operators.

21. 

    Credential Stuffing: A Threat to Online Platforms and Their Users

    Credential Stuffing Attacks with leaked login data put web portals at risk. Protective measures include regular checks for leaked logins. Service providers offer a fast, user-friendly and secure solution.

22. 

    Dark Web vs. Deep Web - What can you find there?

    Normal users rarely if ever come into contact with the Deep Web or Dark Web, but potential danger lurks in the 'depths' of the Internet. How do these two areas differ from the regular Internet and how can you protect yourself from danger?

23. 

    How often should you change your passwords?

    After choosing the right password, the question arises if and how often you should change your passwords.

24. 

    Phishing #2: CEO Fraud, Corporate Phishing and Angler Phishing Attacks

    In this second part of our series on Phishing CEO Fraud, Corporate Phishing and Angler are introduced.

25. 

    Phishing #1: Email Phishing, Baiting and Search Engine Phishing

    Email phishing, baiting and search engine phishing - what is it? In this multi-part article, we give a brief introduction to the different variants that are used to deceive users.