Automate, automate, automate: Three Ways to Increase the Value from Third Party Risk Management Efforts

Third Party Risk Management (“TPRM”) efforts are often considered labour-intensive, with numerous tedious, manual steps. Often, an equal amount of effort is put into managing the process as is to focusing on risks. In order to avoid this, we’d like to share three ways in which we’ve been boosting our own TPRM efficiency - through … Continue reading Automate, automate, automate: Three Ways to Increase the Value from Third Party Risk Management Efforts

New mobile malware family now also targets Belgian financial apps

While banking trojans have been around for a very long time now, we have never seen a mobile malware family attack the applications of Belgian financial institutions. Until today... Earlier this week, the Italy-based Cleafy published an article about a new android malware family which they dubbed TeaBot. The sample we will take a look … Continue reading New mobile malware family now also targets Belgian financial apps

Securing IACS based on ISA/IEC 62443 – Part 1: The Big Picture

For many years, industrial automation and control systems (IACS) relied on the fact that they were usually isolated in physically secured areas, running on proprietary hardware and software. When open technologies, standard operating systems and protocols started pushing their way into IACS replacing proprietary solutions, the former “security through obscurity” approach did no longer work. … Continue reading Securing IACS based on ISA/IEC 62443 – Part 1: The Big Picture

Cyber Security Contests – A look behind the scenes about how to expand the community

Cyber security has long since become a strategic priority for organizations across the globe and in all sectors. Therefore, training and hiring young potential in information security has become a crucial goal.   To raise awareness of cyber security threats and help train a generation of security aware security experts, we at NVISO organize Capture the Flag (CTF) Cyber Security Events in two countries, Belgium and Germany and reach a broad audience.   Each … Continue reading Cyber Security Contests – A look behind the scenes about how to expand the community

Smart Home Devices: assets or liabilities? – Part 2: Privacy

TL;DR - Part two of this trilogy of blog posts will tackle the next big topic when it comes to smart home devices: privacy. Are these devices doubling as the ultimate data collection tool, and are we unwittingly providing the manufacturers with all of our private data? Find out in this blog post! This blog … Continue reading Smart Home Devices: assets or liabilities? – Part 2: Privacy

Proxying Android app traffic – Common issues / checklist

During a mobile assessment, there will typically be two sub-assessments: The mobile frontend, and the backend API. In order to examine the security of the API, you will either need extensive documentation such as Swagger or Postman files, or you can let the mobile application generate all the traffic for you and simply intercept and … Continue reading Proxying Android app traffic – Common issues / checklist

Smart Home Devices: assets or liabilities? – Part 1: Security

This blog post is part of a series, keep an eye out for the following parts! TL;DR - Smart home devices are everywhere, so I tested the base security measures implemented on fifteen devices on the European market. In this blog post, I share my experience throughout these assessments and my conclusions on the overall … Continue reading Smart Home Devices: assets or liabilities? – Part 1: Security