Uncategorized Archives - Page 2 of 3

December 2, 2021by Excellium SA Excellium SA No Comments

What is Web Cryptography API?

Before getting down to today’s topic, Web Cryptography API, note that all the photos below are available here¹ in better quality.

Anyone developing a web application with a front-end may need to perform cryptographic operations like hashing, encryption, signatures on the client-side (JavaScript code). The habits lead to import and use popular external libraries like crypto-js² in order to be portable across all targeted browsers:

October 22, 2021by Excellium SA Excellium SA No Comments

How to evaluate an “OAuth/OpenID Connect” system from a security point of view?

This post presents a collection of security-oriented validation points that should be verified on a system using OAuth/OpenID Connect (OpenID Connect will be called OIDC in the rest of the post). Therefore, it assumes you are familiar with all the concepts related to OAuth/OIDC. All references to OAuth refer to OAuth 2.0.

If it is not the case then you can refer to this free online course named “Introduction to OAuth 2.0 and OpenID Connect“ kindly created and provided by Dr. Philippe De Ryck or the several tutorials from ConnectId.

Note that this post is mainly security-oriented feedback following a complete focused training that I have recently taken on the OAuth/OIDC topics.

The Cyber Blog Times newspaper displayed on a table with a cup of coffee

October 18, 2021by Excellium SA Excellium SA No Comments

The power of the cloud migration

Welcome back to another The Cyber Blog Times article.

Today, we discuss a journey towards cloud migration. A trendy topic nowadays, especially since securing the cloud remains a cornerstone.

What is cloud migration? Why is that so important? How can you migrate in a secure way? We’ve got your back!

October 4, 2021by Excellium SA Excellium SA No Comments

How to handle teleworking in Luxembourg while considering cybersecurity

On the 9^th of April, 2021, the Commission de Surveillance du Secteur Financier (hereinafter, “CSSF”) published a new Circular dedicated to teleworking (Circular CSSF 21/769), which comes into force on the 30^th of September, 2021. This Circular applies to all supervised companies and is a clear example of how the pandemic has tumbled the world and is slowly letting the way towards the “new normal”. Where teleworking was seen as an exception, it is now slowly becoming the new rule or at least an option for employees at a larger scale.

June 8, 2021by Excellium SA Excellium SA No Comments

Perform your independent assessment against the SWIFT CSCF standard

The Customer Security Controls Framework (CSCF) describes a set of mandatory and advisory security controls. To be compliant, all users need to be in line with all the mandatory security controls and suffer an annual assessment.

Someone reading the SWIFT CSCF standard

May 27, 2021by Excellium SA Excellium SA No Comments

How to train your team in cybersecurity?

Hello everybody and welcome back to our fourth article from The Cyber Blog Times.

In today’s article, we discuss how to train your team in cybersecurity.

If you wish to catch up and read our previous articles from this edition, click here.

Let’s dive into today’s topic!

stop attacks by controlling vulnerabilities

May 6, 2021by Excellium SA Excellium SA No Comments

Move to an efficient Vulnerability Management with a risk-based approach

Market Observations

Market observations show that more than two-thirds of companies over the world anticipate either a decrease or no change of their IT budget in the “Covid-19 recovering phase”. In the meantime, about 80% declare they do not adjust their budget according to the business impact¹. As the market continues to lack skilled cybersecurity staff to meet the growing demand, organizations are forced to do “more with less”.

A newspaper displayed on a table next to a cup of coffee and a scone

April 26, 2021by Excellium SA Excellium SA No Comments

How to sensitize your team to cyber risks in 2 steps?

It’s TheCyberBlogTimes again! Today, it’s all about cyber risks. Ready to read, ready to score (and win our final award?)?

March 25, 2021by Excellium SA Excellium SA No Comments

How to React to a Cyber Incident?

Welcome back to our second article from The Cyber Blog Times addressing cyber incidents.

If you have missed our first article, catch up and find the rules right here.

Ready? Grab your glasses, help yourself a cup of coffee and let’s nail this month reading.

Cookie	Duration	Description
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

About us

Career Opportunities

Get in Touch