DCSO Blog – Engineering Security

16. January 202017. January 2020

A Curious Case of CVE-2019-19781 Palware: remove_bds

Vulnerability in Citrix Application Delivery Controller and Citrix Gateway (CVE-2019-19781) – updated

Published on December 17 2019, CVE-2019-19781 is a vulnerability in the Citrix Application Delivery Controller (ADC) and Gateway that, if exploited, allows an unauthenticated attacker to perform arbitrary Remote Code Execution (RCE). Based on the proposed mitigations for the problems, the root cause of the vulnerability stems from how the clients handle SSL VPN requests. While Citrix has provided their clients with information on how to mitigate the issue, a permanent fix has yet to be published.
Continue reading “A Curious Case of CVE-2019-19781 Palware: remove_bds”

14. November 201918. November 2019

A Look Back at DCSO Insight Day 2019

November 2019

13.

On 13 November 2019, we welcomed more than 150 customers, partners and friends of DCSO to the third DCSO Insight Day! This time, we opened doors to Haus Ungarn in Berlin, just next to famous Alexanderplatz. Continue reading “A Look Back at DCSO Insight Day 2019”

23. August 201923. August 2019

Evidence-based Visibility Debugging in Corporate Walled Garden Networks with Mauerspecht

At its core, the DCSO Threat Detection & Hunting (TDH) service uses network security monitoring to protect organizations against both targeted attacks by advanced threat actors and annoyances that are best described as “commodity” crime ware. Continue reading “Evidence-based Visibility Debugging in Corporate Walled Garden Networks with Mauerspecht”

14. June 201925. June 2019

Infosecurity Europe 2019 – observations, scouting, and a recap

Recently, DCSO’s Technology Scouting and Evaluation (TSE) service visited the Infosecurity Europe conference in London. Infosecurity, also known as InfoSec, is a congress series for IT- and cyber-security vendors of all sizes and maturities. This particular event in London is the region’s largest, Continue reading “Infosecurity Europe 2019 – observations, scouting, and a recap”

5. June 201911. June 2019

16th German IT Security Congress

From May 21 to 23, 2019, DCSO’s Technology Scouting and Evaluation (TSE) team visited the 16th German IT Security Congress, which took place in Bonn-Bad Godesberg. The German Federal Office for Information Security (BSI) hosted the congress, which focused on “IT security as a prerequisite for Continue reading “16th German IT Security Congress”

7. May 201910. May 2019

Modern authentication services – More than passwords plus smart card

Passwords have been used to secure access to protected assets since ancient times. Despite many attempts to find a better solution, passwords are still the most widely used option for signing into services and applications in today’s digital era. Continue reading “Modern authentication services – More than passwords plus smart card”