Additional Conficker Guidance

Yes, Conficker is far from being over. We still see a lot of infections. Therefore we decided to publish additional guidance for Conficker:

Microsoft Conficker guidance page for IT Professionals and those focused on security in the enterprise:

Microsoft Conficker guidance page for consumers and home users:


Adaptive Network Hardening in Azure Security Center

When you see security incidents “in the Cloud” they often link back to misconfigurations on the networking side: Public interfaces being open, public ports being misconfigured etc. Our customers often find it hard to really understand and control the Network Security Group’s settings. Therefore, we now released Adaptive Network Hardening in public preview. To quote:…


Achieving Compliant Data Residency and Security with Azure

We recently published an interesting paper to address a concern we hear often – Compliance with regards to data residency and security. The paper covers this: This paper provides guidance about the security, data residency, data flows, and compliance aspects of Azure. It is designed to help you ensure that your data on Microsoft Azure…


A Security Comparison: Microsoft Office vs. Oracle Openoffice

Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only one side of the equation…


A European Dinner :-)

I just got this from a friend of mine: European heaven : You are invited to an official dinner. The English welcomes you, the French is cooking, the Italian is making the show and the event is organized by the German. European hell: You are invited to an official dinner. The French welcomes you, the…


A Detailed Analysis of an Attack – Do We Need an International Incident Sharing Database?

I recently came across a paper called Shadows in the Cloud, which is actually a follow-up report of Tracking GhostNet: Investigating a Cyber Espionage Network, an investigation of the attacks on the office of the Dalai Lama and some governmental bodies. The report is written by two bodies who had the privilege to investigate those…