Search results
The Dutch Industrial economy is doing well: revenues have been positive over the years; investments have been rising recently and companies contribute with a high share to the national income and to a significant number of employment opportunities. At the same time, the industrial economy has a relatively high dependence on export and the financial outlook is, given international tensions in the world, not always positive. The potential disruption of processes would immediately affect the competitive position of the Netherlands in international context.
The Nixu Digital Forensics and Incident Response team has received a bunch of cases related to the wide-spread exploitation of the Citrix CVE-2019-19781 vulnerability after the proof-of-concept exploit code was published. Our team started looking into possibilities to perform memory forensics on the specific version of FreeBSD that the virtual appliance uses. Here is a brief description of how we managed to do Netscaler forensics with Volatility.
The second meetup of the Cyber Security Essentials training program dwelled into security operations and log analysis, instructed by Flavia Koskivaara and Antti Ollila from Nixu. The free training program is organized by Future Female and HelSec, and it is intended for women who are interested in working in cybersecurity or gaining more in-depth technical knowledge. Nixu is hosting the meetups to support diversity in cybersecurity.
Nixu CEO Petri Kairinen's presentation on the financial results for 2019 and expectations for 2020 based on financials, strategy execution and cybersecurity market evolution at a news conference for analysts, investors and media on February 13, 2020.
Do the names Industroyer/CrashOverride, Stuxnet, Blackenergy 2, Havex and Triton ring a bell? These are the names of malware targeted at Industrial Control Systems (ICS). Targets were electric grid operators, Iran’s nuclear facilities and Saudi Arabian petrochemical plants . But even non-ICS targeted malware, like Petya , may have an impact on industrial control systems. NotPetya ransomware wreaked havoc at Maersk’s APM Terminal in Rotterdam. IT related crime has already infiltrated ICS. What can we do to protect existing systems without causing downtime?
Nixu Corporation, Press release, February 13, 2020 at 8:20 AM EET
Nixu Corporation, Press release, February 13, 2020, at 8:25 AM EET
The Finnish Tax Administration, together with cybersecurity company Nixu and Digital Living International, piloted SisuID to identify foreign entrepreneurs online so that registering a new company in Finland could be made digital, easy, and fast. This user-friendly process would help Finland to attract more companies and more tax revenues to Finland. The pilot shows that Finland already has all the technologies needed to reach this vision.
Cloud provides flexibility, cost savings, and often also better technical security than on-premise solutions. However, if you are used to the on-premise world, the cloud environment may bring new risks that you haven’t encountered before. “Sometimes people don’t understand the technical and legal threat model of the cloud,” says Mattias Almeflo, a Principal Security Consultant in Nixu.
Nixu Challenge is open again with new puzzles! For many years, Nixu has been hiring people based on how they solve the problems. Many seasoned Nixuans also take the challenge just for fun and to sharpen their skills. This year, we have brought some hardware hacking angle to some of the problems. Besides, we included tasks that we created for Disobey 2020 Capture the Flag competition.
Are you thinking about starting to do threat modeling? Are you having trouble identifying potential misuse scenarios? Download our deck of Cyber Bogie cards today and gamify your threat workshops!
Nixuans do hundreds of web application and mobile application security assessments each year. For these assessments, bug bounties, and security testing training we give, Burp Suite Professional is typically the tool of choice. Burp is extendable with plugins that can automate part of the testing, identify more vulnerabilities, or make generating testing payloads easier. For all you white hat hackers out there, we wanted to give some tips on how we use Burp: here's our top 10 list of best Burp Suite plugins.
Nixu Corporation, Press release on February 26, 2020 at 10 AM EET
In 2020, the RSA Conference still took place in San Francisco, but this year’s event was held virtual with the ongoing pandemic restrictions. The previous physically held conference in February 2020 saw plenty of exciting new research published, which we discussed at the time, focusing especially on cloud security. Now, we decided to take a look at new data and see how things in the world of the cloud have developed from early 2020 to August 2021. It looks like the challenges remain the same, but have likely been exacerbated by the pandemic years.
What is penetration testing, and how to do it? That was the topic of the third meetup of the Cyber Security Essentials training program, instructed by Laura Kankaala and Ossi Väänänen. The free training program is organized by Future Female and HelSec, and it is intended for women who are interested in working in cybersecurity or gaining more in-depth technical knowledge. Nixu is hosting the meetups to support diversity in cybersecurity.
CLOUD Act, or the Clarifying Lawful Overseas Use of Data Act, is a United States federal law that allows U.S. federal law enforcement to request data from U.S. based technology companies regardless of geographical location. Because the GDPR sets restrictions on international data transfer, a lot of myths circulate the CLOUD Act. We gathered you the facts about CLOUD Act.
Nixu Corporation, Press release, March 11, 2020, at 8:00 AM EET