ON
← Nazaj na pregled
heise-ponudba: delavnica iX: iskanje sledi po napadu M365 ‒ ciljno ocenjevanje protokolov
Germany💻 Tehnologijapred 13 dnevi

heise-ponudba: delavnica iX: iskanje sledi po napadu M365 ‒ ciljno ocenjevanje protokolov

V članku se promovira dvodnevna delavnica z naslovom "M365 Forensics and Incident Response", ki jo organizira iX in se osredotoča na prepoznavanje, zadrževanje in preiskovanje kibernetskih napadov, usmerjenih v okolje Microsoft 365. Delavnica vključuje praktične simulacije, kjer udeleženci prevzamejo vlogo napadalec, da bi razumeli, kako kibernetski kriminalci izkoriščajo aplikacije M365 s tehnikami, kot je posel e-pošte (BEC).

heise online has announced a new training workshop focused on securing application programming interfaces (APIs) against common vulnerabilities outlined in the OWASP Top 10 list. The workshop aims to provide participants with practical knowledge and hands-on experience in identifying and mitigating security risks associated with APIs. This initiative highlights growing concerns about the increasing number of cyber threats targeting API endpoints, which serve as critical communication channels between clients and servers. The workshop will take place in a virtual environment where attendees can simulate real-world attacks and learn how to defend against them effectively. Participants will analyze typical weaknesses based on the OWASP Top 10 API Security Risks, including issues related to authentication and authorization using protocols such as OAuth 2.0 and OpenID Connect. They will also explore measures to protect against injection attacks and data leaks. With a maximum of twelve participants per session, the workshop ensures personalized attention and ample opportunity for discussion and question-asking. The event is scheduled for September 25, 2026, and runs from 9:00 AM to 5:00 PM. Attendees who register before July 28, 2026, will receive a 10 percent early bird discount. The workshop is led by two experienced security experts from codecentric AG, Lucy Jochum and Robin Kappler. Both have extensive backgrounds in conducting web penetration tests and responding to security incidents. Their expertise comes from real-world projects, allowing them to share insights into recognizing and addressing common API vulnerabilities. Participants are encouraged to attend if they work with API development and wish to enhance their understanding of security practices. While prior knowledge of API development is beneficial, it is not mandatory. The workshop promises to deliver actionable solutions that can be directly applied to ongoing development projects. In addition to this API security workshop, heise online has also introduced another training program focused on hardening Active Directory environments. Active Directory serves as the central component of many corporate networks and thus represents an attractive target for cyberattacks. This workshop provides comprehensive guidance on systematically securing Active Directory setups, emphasizing the identification and remediation of potential security risks. Attendees will gain hands-on experience using audit tools such as PingCastle alongside offensive tools like PowerView and BloodHound to detect and analyze vulnerabilities within their network infrastructure. Practical exercises will allow participants to conduct audits independently, identify typical misconfigurations, and implement appropriate hardening measures. These activities aim to deepen understanding of secure authentication methods while analyzing specific attack scenarios. This three-day online workshop is set to run from August 19 to 21, 2026, followed by another session from November 4 to 6, 2026. Early registration discounts apply until July 22, 2026, for the first session and October 7, 2026, for the second. Led by Thomas Kudlacek, a cybersecurity specialist at Oneconsult AG, the workshop draws upon his diverse professional background as both a former software developer and long-term IT security consultant. Kudlacek brings valuable insight into how Active Directory environments are typically attacked in practice, highlighting frequently occurring weaknesses and demonstrating effective ways to address these issues. His approach includes providing concrete examples, proven methodologies, and immediately applicable recommendations tailored to each participant's unique situation. The workshop caters specifically to administrators looking to engage more deeply with attack scenarios and seeking to strengthen their on-premise Active Directory configurations. Due to its limited group size—capped at ten participants—it fosters close interaction among attendees and with the trainer itself. This setup ensures that all individuals benefit from direct engagement and thorough discussions regarding their particular challenges and requirements.

Kako je poročala vsaka stran

Isti dogodek, razvrščen po političnem nagibu medijev, ki so o njem poročali.

Kako je poročala vsaka stran

Podprite neodvisne novice z zavedanjem pristranskosti in odklenite družbeni utrip, glasovanje skupnosti in svoj prilagojen pregled Zame.

Postani podpornik

Poročanje po svetu

Isti dogodek, kot so ga poročali v drugih državah.

Poročanje po svetu

Podprite neodvisne novice z zavedanjem pristranskosti in odklenite družbeni utrip, glasovanje skupnosti in svoj prilagojen pregled Zame.

Postani podpornik

Preverjanje trditev

Ključne dejanske trditve in koliko virov jih potrjuje oz. zavrača.

Preverjanje trditev

Podprite neodvisne novice z zavedanjem pristranskosti in odklenite družbeni utrip, glasovanje skupnosti in svoj prilagojen pregled Zame.

Postani podpornik

Pojdite k primarnim virom (3)

Uradni viri, na katerih temelji poročanje. Preberite jih neposredno in se izognite uokvirjanju.

3 poročil

heise online logoheise onlineNeodvisenSredinaDejstva 100Objektivnost 100pred 13 dnevi
heise ponudba: iX delavnica Varnost API: OWASP Top 10 API Security Risks

Članek promovira varnostno delavnico API, ki jo je organiziral heise online, s poudarkom na 10 največjih varnostnih tveganjih OWASP API. Cilj dogodka je izobraževanje udeležencev o prepoznavanju in zmanjševanju pogostih ranljivosti API s pomočjo praktičnih vaj in strokovnih nasvetov. Osredotoča se na teme, kot so avtentikacija prek OAuth 2.0 in Open ID Connect, zaščita pred injekcijskimi napadi in uhajanjem podatkov. Delavnico vodijo dva varnostna strokovnjaka iz podjetja codecentric AG in ponuja praktično izkušnjo v simuliranem okolju. Sodelovanje je omejeno na 12 udeležencev, da se zagotovi personalizirano poučevanje. Dogodek je predviden za 25. avgust 2026, popusti za zgodnje ptice pa so na voljo do 28. julija 2026.

Ocena pristranskosti (Sredina): Članek predstavlja tehnični izobraževalni dogodek, osredotočen na prakse kibernetske varnosti, ki je po naravi apolitičen. Ne razpravlja o vladnih politikah, volitvah ali družbenih vprašanjih, zaradi česar je primeren za osrednjo oceno.

Zakaj te ocene (Dejstva 100 · Objektivnost 100): The article accurately reflects the content of the primary source document, including the focus on OWASP Top 10 API risks, practical exercises, and expert instruction.

heise online logoheise onlineNeodvisenSredinaDejstva 89Objektivnost 86pred 17 dnevi
heise ponudba: iX delavnica: Active Directory Hardening Od audita do varnega okolja

V članku se promovira delavnica z naslovom "Zagotavljanje aktivnega imenika: od revizije do varnega okolja", ki jo ponuja heise online. Cilj delavnice je učiti udeležence, kako zavarovati svoje korporativne okolje aktivnega imenika pred kibernetskimi napadi s pomočjo praktičnih vaj in strokovnih nasvetov. Udeleženci se bodo naučili prepoznavati varnostna tveganja, popravljati napačne konfiguracije in se braniti pred napadi s pomočjo orodij, kot so PingCastle, PowerView in BloodHound. Dogodek vključuje praktično usposabljanje v realnem laboratorijskem okolju in ga vodi Thomas Kudlacek, strokovnjak za kibernetsko varnost z izkušnjami v penetracijskem testiranju in IT varnostnem svetovanju.

Ocena pristranskosti (Sredina): Članek se osredotoča na delavnico za tehnično usposabljanje v zvezi s praksami kibernetske varnosti in se ne ukvarja z nobenimi politično napolnjenimi temami, razpravami ali ideološkimi pogledi.

Zakaj te ocene (Dejstva 89 · Objektivnost 86): The article provides detailed information about implementing ISO 27001, aligning with the primary source. It remains objective by focusing on the practical aspects of implementation without promoting any specific vendor.

heise online logoheise onlineNeodvisenSredinaDejstva 85Objektivnost 80pred 22 dnevi
heise-ponudba: delavnica iX: iskanje sledi po napadu M365 ‒ ciljno ocenjevanje protokolov

V članku se promovira dvodnevna delavnica z naslovom "M365 Forensics and Incident Response", ki jo organizira iX in se osredotoča na prepoznavanje, zadrževanje in preiskovanje kibernetskih napadov, usmerjenih v okolje Microsoft 365. Delavnica vključuje praktične simulacije, kjer udeleženci prevzamejo vlogo napadalec, da bi razumeli, kako kibernetski kriminalci izkoriščajo aplikacije M365 s tehnikami, kot je posel e-pošte (BEC).

Ocena pristranskosti (Sredina): Članek obravnava delavnico za tehnično usposabljanje, ki se osredotoča na prakse kibernetske varnosti, in se ne ukvarja s politično nabito temo, kot so vladni ukrepi, politike ali ideološke razprave.

Zakaj te ocene (Dejstva 85 · Objektivnost 80): The article accurately describes the workshop content and objectives related to cybersecurity threats like BEC. It provides practical details about the workshop structure and benefits but has some promotional language.

Ohranimo novice poštene.

ObjectiveNews financirajo bralci in je brez oglasov – pristranskost vam pokažemo, ne skrijemo. Podprite neodvisno novinarstvo za 5 €/mesec.

Postani podpornik

Povezane zgodbe