The fight against vulnerabilities is a constant battle, a real race between hackers and organizations trying to keep them out. Unfortunately, organizations happen to lose.
Qualys and Excellium join forces to provide organizations with the ability to manage their vulnerabilities from asset management to remediation with a contextualized approach. Read more
Secure the SWIFT Network
In 2016, users of Society for Worldwide Interbank Financial Telecommunication (SWIFT), Bangladesh, Vietnam and Ecuador suffered cyber-attacks and had huge financial losses. Due to the exponential increase of cyber-attacks and frauds against financial institutions, the same year, SWIFT introduced its own Customer Security Programme (CSP). The main goal of this programme is to ensure and improve the security level of each SWIFT customer to bring more confidence in the SWIFT’s network. To follow this aim, SWIFT proposed three guidelines: Secure your environment, Know and Limit Access, Detect and Respond.
First thing, a bit of contextualization. What are these blog posts about? The Cyber Blog Times is all about challenges and knowledge acquisition. How? Simple.
Every month, we will share a new Cyber Blog Post. It will address and introduce one of our core services helping you better understand Excellium Services as well as cybersecurity. Furthermore, each blog post will offer you the possibility to challenge yourself and test your information with a small quiz. The more correct answers you get, the more chances you will have to win The Cyber Blog Times final Contest.
Read carefully, be consistent and overall, get involved! Are you ready? Let’s go.
For an independent company, starting its own Security Operation Center might sound like a good idea. However, it turns out that it often presents a huge challenge with very mixed results. Thus, we will review some of the themes that can lead to internal failures of SOC projects based on our customer’s feedback.
Context of the hashing issue
During a web assessment, Excellium’s Intrusion & AppSec team audited a PHP application where users passwords were stored using the bcrypt hashing algorithm. As bcrypt 1https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.htmlis still a valid and recommended algorithm to hash passwords, compromising passwords 2https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials should not be an easy task. However, sometimes, the devil is in the details.
Après plusieurs années d’expertise au Luxembourg, Excellium Services a décidé de traverser la frontière et d’étendre ses activités en Belgique. Un choix stratégique mais également un choix de coeur. Read more
On August 25, 2020, the Commission de Surveillance du Secteur Financier (CSSF) introduced and published a new circular (CSSF 20/750). This circular is applicable to all credit institutions, all Professionals of the Financial Sector (PFS), all payment institutions, and all electronic money institutions. The main objective is to implement the guidelines of the European Banking Authority EBA/GL/2019/04 relating to the management of risks linked to information and communication technologies (“ICT”) and security.
2020 has been challenging for lots of companies trying to keep afloat despite all the sanitary restrictions. Being present and maintaining customers relationships was not an easy game yet we did it. Through webinars, virtual events, magazine interviews, and so much more at Excellium we made sure to be present and to maintain our yearly activities no matter how much we had to adapt.
Le groupe Excellium Services emploie actuellement plus de 130 personnes sur les différents marchés où elle opère. Et malgrè un recrutement soutenu cette année 2020, la recherche de talents reste une des priorités pour 2021. Si 2020 aura été une année particulière à bien des égards, les soucis de trouver des talents dans des domaines technologiques comme la cybersécurité restent d’actualité.