Spike Reply DE

Have you ever seen this screen and wondered what happens when you hit the "Accept" button? 🚨 Many apps use Microsoft OAuth apps now to spare you the hassle to create a new account if you want to use the service. But let's be honest - do you always verify who you're granting access on your account? And do you always check the permissions you grant? See this example above - as soon as the users hit's the "Accept" button, a mysterious app named "Very_Legitimate_App_Name" may now send and read all of your e-mails on your behalf and read all files that you have access to. Hacker's can misuse this feature and create malicious OAuth apps and most of them will not be so kind to give their apps suspicious names. And from that point on, for a phishing attack to be successful they don't need you to enter your password - they only need you to click on a single button. Once. The worst part: Even if you change your password or enable Multi-Factor Authentication - access for the attacker persists. And now price question: Do you know where you can check, which apps you granted permissions on your Microsoft account❓ If you want to learn how you can monitor your user's access to third party apps, enforce policies on usage of OAuth apps and detect and respond to misuse and phishing attacks, contact Nils Milchert from Spike Reply DE . 🔒 #Cybersecurity Reply

Our colleague Tobias Kolb published his research on an attack vector in which he described a potential method used by threat actors to embed executables behind a PNG image by utilizing an LNK file.   This represents a sophisticated approach to malware development. It leverages both steganography and execution obfuscation, making detection by traditional antivirus solutions challenging. 🔒

#AskSpike As cloud adoption continues to surge, more and more companies are moving their systems, data, and applications to the cloud. From product management tools to cloud-enabled Active Directories, cloud services provide incredible flexibility and scalability. However, alongside these advantages comes a key challenge: an expanding attack surface. 🌩️ Each new cloud deployment reshapes the security landscape, making your systems potentially more vulnerable. To safeguard your data and assets, effective cloud security measures are essential. Regular security assessments have become a non-negotiable part of any resilient cloud strategy. At Spike Reply DE , we offer a comprehensive portfolio of cloud security services to protect your cloud environment. Our offerings include: 👉Cloud Penetration Testing - for AWS, Azure, and GCP 👉Regular Security Assessments - to stay ahead of emerging threats 👉Robust Monitoring Systems - that enable proactive threat detection As the cloud grows, so does the importance of thoroughly testing and securing every layer. Let’s work together to make your cloud infrastructure as secure as it is scalable. 🔒 For more information, please contact Tobias Kolb #CloudSecurity #CyberSecurity #PenetrationTesting Reply

Wir von Spike Reply DE hatten das große Vergnügen, am heutigen Vodafone Business Solution Factory Summit 2024 am Campus in #Düsseldorf teilzunehmen. Besonders gefreut hat uns die Anwesenheit vom CEO Vodafone Deutschland Marcel de Groot, der das Event mit einer Eröffnungsrede gestartet hat. Mit spannenden Themen rund um das Business Partner (#B2B) sowie Themen von #Cloud bis #Security war der Tag voller Ideen und wertvoller Einblicke. Als langjähriger Partner Reply freuen wir uns darauf, gemeinsam mit #Vodafone die #CyberSecurity Themen für 2025 aktiv zu gestalten. Ein Dankeschön an Oliver Petri, Petra Peiler, Dirk Räppgen, Julija Zaft, Martin Grabowski, Julia Ehrenstein, Corinna Remde, Martin Schumann, Oliver Paul, Dr. Christian Schemann und das #VodafoneBusiness Team für die Einladung und die herausragende Partnerschaft der letzten Jahre. Danke auch an Ulrich Sickelmann der die Partnerschaft mit unseren Kollegen vorantreibt und täglich pflegt. Gemeinsam treiben wir die #DigitaleTransformation und #Sicherheit unserer Kunden voran! 💪🏼

#AskSpike  🌐Cyber Resilience Act: Strengthening Europe’s Digital Defense🌐 Since October 10, the new Cyber Resilience Act has set mandatory cybersecurity standards for all digital products and services across the EU. Through these measures, the EU aims to bolster its digital infrastructure and encourage companies to prioritize cybersecurity from the earliest stages of product development. Non-compliance can lead to significant penalties. 🚨 Violations may incur fines of up to €15 million or 2.5% of global revenue, whichever is higher. 💰 For all businesses developing or using digital products, now is the time to review and adapt your cybersecurity strategy. - Is your company ready for the new standard? #CyberResilience #Cybersecurity #Compliance #EURegulation #RiskManagement Reply  

Wir freuen uns, unsere exklusive Veranstaltungsreihe für die öffentliche Verwaltung im Jahr 2025 anzukündigen: Das Regionale Forum für #CloudSouveränität. Unter dem Motto “Innovationen für den Public Sector” zeigen wir Dir praxisnahe Lösungen und wie Google Cloud Deine Prozesse modernisieren und zukunftssicher gestalten kann. #Cybersicherheit und #Datenschutz bilden die Grundlage einer souveränen Cloud. Mit Reply an Deiner Seite kannst Du sicherstellen, dass Deine Cloud-Strategie sowohl den Anforderungen des #Datenschutzbeauftragten (DSB) als auch des #Informationssicherheitsbeauftragten (ISB) gerecht wird. Wir unterstützen Dich mit maßgeschneiderten Konzepten, um Deine Organisation optimal abzusichern. Erlebe Keynotes, tiefgehende Sessions und interaktive Workshops zu Themen wie #KI-gestützte Stadtplanung, sichere Datenhaltung und moderne Arbeitsplätze. Nutze die Gelegenheit, Dich mit Fachkollegen und Google Cloud Spezialisten auszutauschen und wertvolle Impulse für Deine Organisation mitzunehmen. Das ganze kostenfrei. Termine und Orte: • Köln: 13. März 2025 • Gütersloh: 20. März 2025 • München: Datum folgt • Berlin: Datum folgt Sichere Dir jetzt Deinen Platz und gestalte die Zukunft Deiner Behörde aktiv mit! 👉 https://lnkd.in/eUE8efRN Danke an Fabian Kienle und Sebastian Butz für den Support und die Initiative. ☁ Go Reply & 🛡 Spike Reply DE

Today is the day: We’re ready for the #HuFiCon2024 trade fair by SoSafe in Cologne! Spike Reply DE will be on-site as a sponsor, showcasing our expertise in #OTSecurity, attack simulations, and #NIS2 compliance. We’ll provide practical insights and solutions in the field of cybersecurity and feature our OT Security Demo to demonstrate how companies can effectively protect themselves against threats—especially in critical infrastructures. Visit us at HuFiCon and meet the experts to discuss all things #CyberSecurity. Special thanks to Maurice Al-Khaliedy and Markus Wendl for the setup! 📅 When? November 14–15, 2024 📍 Where? HALLE Tor 2, Cologne We look forward to engaging conversations and sharing knowledge! We Reply! More information about the event and tickets can be found here: https://lnkd.in/dDmiMJD4

#AskSpike  BSI C5 & SGB V: Cloud Compliance for Health Data – The Future of Data Security in Healthcare! 🔒 With the rapid digitalization of the healthcare sector, cloud computing is becoming essential – but with it, the demands for data protection and compliance are rising. 💡 The strict requirements of BSI C5 and SGB V call for comprehensive security measures in the cloud for organizations handling sensitive health data. But what does that mean in practice? Healthcare providers must ensure their cloud vendors comply with BSI C5 standards to guarantee the protection of patient data and meet the high standards set by Germany’s Social Security Code V (SGB V). If you’re processing health data, now is the time to review your cloud strategy: Are all data protection standards in place? Is data security assured for the long term? Our recommendation: Act proactively to future-proof data security in the cloud! If you need support with compliance checks or your cloud strategy, Spike Reply DE is here to help. 🤝 #CloudCompliance #DataProtection #HealthData #Cybersecurity Reply

❗If it quaks like a duck and walks like a duck it's a ... wolf in sheepskin❗ Attackers lure their victims into executing malicious powershell scripts just sugarcoating it and disguising it as a shortcut. We all use shortcuts on daily basis but did you know that you can add command line arguments to an executeable with a shortcut? That technique can be used to run PowerShell scripts using the "-EncodedCommand" argument which allows adding an encoded script which is executed. And the best part about shortcuts - you can choose whatever icon you like and since there are no file extension for shortcuts, you can make it look like any document type you like. However, as soon as the icon is double clicked, no harmless invoice document opens up but the PowerShell payload is exeucted - potentially taking over the PC it was ran on. 🚨 #ItSecurity #Cybersecurity Reply

🌐 Exciting News! 🌐 We were honored to be featured in the latest Handelsblatt article and share our insights on the fast-evolving fields of Artificial Intelligence and Cybersecurity. Our Managing Director Marco Graia, Head of Cyber Defense Services Lars Grebe and Security Expert Alexander Partenheimer discussed the critical role of AI in strengthening cybersecurity and how it is transforming the landscape for defenders and attackers alike. In today’s digital-first world, staying ahead in the cybersecurity game is more crucial than ever. AI is accelerating this race, helping organizations proactively counteract emerging threats while safeguarding critical information. But it's not as easy as it seems at first glance. 🔗 Read more here https://lnkd.in/emwApfCP Thank you, Handelsblatt, for the opportunity. Check out the full article to learn more about how AI is shaping the future of cybersecurity! 🔍 How do you see AI shaping the future of cybersecurity? We’d love to hear your thoughts! #Cybersecurity #AI #DigitalSecurity #Handelsblatt #FutureOfSecurity #DigitalTransformation #Reply #SpikeReply Reply