SEC Consult Group

The introduction of a Coordinated Vulnerability Disclosure (CVD) process, also known as "Responsible Disclosure," is becoming increasingly important for product manufacturers. Regulations like the EU Cyber Resilience Act and rising market security demands necessitate a clear strategy for handling vulnerabilities. Join our webinar with Johannes Greil & Stefan Viehböck on: ➡️ Understand Regulatory Requirements: Learn how to align with the EU Cyber Resilience Act ➡️ Implement Best Practices: Gain insights into proven strategies for effective CVD processes ➡️ Leverage Bug Bounty Programs: Discover the benefits and challenges of using platforms like HackerOne and Bugcrowd ➡️ Enhance Communication: Improve your interaction with researchers, authorities, and the public ➡️ Real-World Insights: Benefit from practical experiences, real-life stories, and concrete recommendations Register for participation 👉 https://lnkd.in/gN-ZvqW3 Webinar will be held in German language. #CyberResilianceAct #CVD #ResponsibleDisclosure #webinar

Two high-severity vulnerabilities in Siemens A8000 PLCs (CP-8050 & CP-8031) discovered https://lnkd.in/d6uYzhtg 🔹Firmware Downgrade (CVE-2024-39601): Allows reverting to older, vulnerable firmware, enabling known exploits (e.g., RCE, data leaks, backdoors). 🔹Firmware Decryption Oracle (CVE-2024-53832): Secure element authentication can be intercepted, enabling decryption of encrypted firmware updates. Researchers: Stefan Viehboeck, Steffen Robertz, Gerhard Hechenberger, Constantin Schieber-Knöbl ⚠️Risk assessment: Exploitation requires an authenticated user account or physical access, reducing likelihood. Siemens has already released a patch – users should update their firmware immediately!

🤝 Comprehensive Support for CRA Compliance 🤝 SEC Consult offers end-to-end support for implementing the EU Cyber Resilience Act. From Coordinated Vulnerability Disclosure (CVD) to legal advisory through our partner law firm, we ensure your company meets all CRA requirements in a legally compliant manner. 🔧 Our Comprehensive Approach: ▪️ CVD Processes: Experienced and efficient management of security vulnerabilities. ▪️ Legal Compliance: Specialized legal advice for CRA implementation via our partner law firm. ▪️ Security Advisories: Professional release to minimize risks. Reduce risks and enhance trust in your company with our expert services! 🌟 👉 https://lnkd.in/dERWfqfC #Compliance #CyberResilience #LegalAdvisory #SECConsult

🚀 Beyond Gravity is fortifying cybersecurity 🚀   A robust cybersecurity strategy is essential for companies operating in sensitive sectors. This is why the Swiss space company Beyond Gravity has chosen to work with our experts in cyber security.   To be prepared for threats such as industrial espionage or ransomware attacks, Beyond Gravity needed a comprehensive security strategy, including   👉 Staff training and awareness 👉 Preventive security measures 👉 Strategy optimization 👉 Rapid incident response   Martin Müller, CISO at Beyond Gravity, emphasizes the importance of protecting sensitive assets in the space industry. This proactive approach has significantly improved their security standards and resilience.   Read the full story here: https://lnkd.in/dMvGgsHC   💡 Are you at the Swiss Cybersecurity Days in Bern today? 🏃♀️➡️ Then take the opportunity to talk to our experts on the spot (hall 2.2, booth no. E010)! 💡   #CyberSecurity #Aerospace #ProactiveSecurity #CyberResilience

🔍 Technical Expertise for Robust Product Security 🔍 At SEC Consult Group, we bring extensive experience in penetration testing and product security analysis to help you comply with the EU Cyber Resilience Act. Our services include threat modeling, secure coding training, and source code reviews to ensure your products are secure from the outset. 🚀 Excerpt of our services: ▪️ Penetration Testing: Identify and mitigate vulnerabilities. ▪️ Secure Development: Integrate security into your development process. ▪️ Threat Modeling: Proactively address potential risks. Partner with us to design secure products and enhance your cybersecurity posture! 🛡️ 👉 https://lnkd.in/dERWfqfC #ProductSecurity #CyberResilience #PenetrationTesting #SECConsult

Happy Valentine's Day! 💖 In the world of cybersecurity consulting, protecting your data is a lot like protecting your heart. Just as we take steps to safeguard our personal relationships, it's crucial to implement robust security measures to protect your organization's sensitive information. Here are a few tips to keep your data safe and sound: 📍 Regular Security Audits: Just like regular check-ins with loved ones, frequent security audits help identify vulnerabilities before they become major issues. 📍 Strong Passwords: Think of your passwords as the keys to your heart. Make them strong, unique, and change them regularly. 📍 Employee Training: Educate your team about the latest cybersecurity threats and best practices. A well-informed team is your first line of defense. 📍 Incident Response Plan: Have a plan in place for when things go wrong. It's like having a relationship counselor on speed dial! Remember, a secure environment fosters trust and confidence, just like a healthy relationship. Let's make sure your data is as protected as your heart this Valentine's Day! 💌🔐 #ValentinesDay #Cybersecurity #Consulting #DataProtection #LoveAndSecurity

  🚨 Security Advisory Announcement: Wattsense Bridge Vulnerabilities Fixed with Swift Vendor Response 🚨   We are announcing the discovery and resolution of several high risk vulnerabilities affecting Wattsense Bridge devices. Thanks to the exceptional response times and proactive measures taken by the vendor, the majority of these issues have been resolved already and patches are available. 💪 Congratulations to the researchers who identified those issues: Constantin Schieber-Knöbl, Steffen Robertz, Stefan Schweighofer   👉 Vulnerabilities Identified: ‼️Access to JTAG Interface (CVE-2025-26408): Physical access to the PCB allows attackers to extract firmware and gain full control. ‼️Access to Bootloader and Shell via Serial Interface (CVE-2025-26409): Physical access enables root access and system file modifications. ‼️Weak Hard-coded Credentials (CVE-2025-26410): Hard-coded passwords allow unauthorized system access via the serial interface. ‼️Authenticated Arbitrary Python File Upload via Plugin Manager (CVE-2025-26411): Malicious uploads via the web interface grant root privileges remotely.   🔒 Patch & Security Updates: Wattsense has been proactive in addressing these issues: ✔️ CVE-2025-26409: Fixed in BSP versions ≥ 6.4.1 ✔️ CVE-2025-26410: Resolved, as the user no longer exists in BSP versions ≥ 6.4.1 ✔️ CVE-2025-26411: Fixed in BSP versions ≥ 6.1.0 ✔️ CVE-2025-26408: Requires physical access and advanced attacker knowledge. This issue is currently in the vendor’s backlog for future mitigation. 🚨 We strongly recommend immediate installation of the available patches to ensure device and infrastructure security.   💡 Cyber Resilience Act Alignment: These vulnerabilities underscore the need for proactive security measures, as mandated by the Cyber Resilience Act (CRA). Compliance with CRA is critical for vendors to ensure their connected devices meet stringent security requirements and protect end users.   🤝 Our Service Offerings: At SEC Consult, we help vendors achieve secure and resilient IoT product ecosystems through comprehensive security assessments, penetration testing, and regulatory compliance consulting.   Let’s collaborate to strengthen the security posture of your IoT devices and meet evolving standards.   👉 Advisory URL: https://lnkd.in/eArXg9cd   #CyberSecurity #IoTSecurity #CyberResilienceAct #PatchNow #Wattsense #VulnerabilityManagement

🔒 Ensure Your Cyber Resilience! 🔒 Navigating the complexities of the EU Cyber Resilience Act (CRA) can be challenging. We offer a #CRA Readiness Assessment to systematically analyze your current cybersecurity measures and develop a tailored roadmap with clear priorities. ➡️ Our goal is to help you target security gaps and establish long-term, effective processes. 💡 Why Choose Us? ▪️ Tailored Roadmaps: Customized strategies to meet your unique needs. ▪️ Expert Analysis: In-depth assessment of your cybersecurity measures. ▪️ Long-term Solutions: Sustainable processes for ongoing compliance. 👉 https://lnkd.in/dERWfqfC Make your company future-proof with our expert guidance! 🌐 #CyberSecurity #CyberResilience #EUCompliance #SECConsult

🌐 Happy Safer Internet Day! 🌐 Today, let's take a moment to reflect on the importance of online safety and the steps we can all take to protect ourselves and our data. At SEC Consult, we are committed to helping you navigate the digital world securely. 🔒 Why is online safety crucial? ➡️ Protects personal and sensitive information ➡️ Prevents cyber attacks and data breaches ➡️ Ensures a safer digital environment for everyone Learn more about how we can help you to stay safe: www.sec-consult.com #SaferInternetDay #CyberSecurity #OnlineSafety #teamsecconsult

✨ Join us at the #SwissCyberSecurityDays (SCDS), Switzerland's leading platform for cybersecurity dialogue and business! 🔒🤝 💡🛡️ Visit our booth in Hall 2.2, Booth No. E010, to explore our innovative solutions and connect with our experts, alongside #Atos and #Eviden! 🎫 Don't have a ticket yet? We've got you covered: https://lnkd.in/dwbUUQPk 🌟 #CyberSecurity #SCSD2025 #SecureSwiss