NVISO is proud to announce that it has successfully qualified as an APT Response service provider and is now recommended on the website of the German Federal Office for Information Security (BSI). Advanced Persistent Threats (APT) are typically described as attack campaigns in which highly skilled, often state-sponsored, intruders orchestrate targeted, long-term attacks. Due to their … Continue reading NVISO approved as APT Response Service Provider
Wi-Fi devices are affected by a series of new attacks on the Wi-Fi protocol, known as FragAttacks and released in May 2021. These attacks have complex requirements and impacts. We attempt to shed some light on those and provide some guidance for users, developers and asset owners (integrators or IT staff).
This blog post is the last part of a series, if you are interested in the security or privacy of smart home devices, be sure to check out the other parts as well! TL;DR: In our previous blog posts we concluded that there is quite a long way to go for both security and privacy … Continue reading Smart Home Devices: assets or liabilities? – Part 3: Looking at the future
This blog post is part of a series, keep an eye out for the following parts! TL;DR - Smart home devices are everywhere, so I tested the base security measures implemented on fifteen devices on the European market. In this blog post, I share my experience throughout these assessments and my conclusions on the overall … Continue reading Smart Home Devices: assets or liabilities? – Part 1: Security
Firmware: the holy grail of most Internet of Things (IoT) security assessments! Sometimes, getting access to a device's firmware can be as easy as visiting the vendor's website. Other times, the only option is to dump it directly from the hardware, and this is where things get interesting. Some procedures used for dumping can expose … Continue reading Will they melt? Testing the resistance of flash memory chips
Introduction At NVISO Labs, we are constantly trying to find better ways of understanding the data our analysts are looking at. This ranges from our SOC analysts looking at millions of collected data points per day all the way to the malware analyst tearing apart a malware sample and trying to make sense of its … Continue reading Going beyond Wireshark: experiments in visualising network traffic
Introduction Around mid-October we got a call from a reporter working on an article covering online privacy and social media. Rather than writing about others, the reporter wanted to have his own story. So, he asked NVISO to research him on-line, and find out as much as possible about him! Of-course, after agreeing on some … Continue reading Stalking a reporter – behind the scenes!