How to maximize anonymity when accessing the Internet on mobile
The problem of mobile anonymity Dystopia is in full swing in Europe, and achieving true anonymity from mobile devices is a big problem. The picture below shows that most countries require mandatory registration of SIM cards on the national ID or passport. This means that all mobile operators in a given state (and, of course, […]
Discovery of CVE-2022-24833
When on a security audit for a client it was discovered that a key component – the open-source private paste service PrivateBin contained a previously undocumented flaw. Cross-site-scripting is nothing new. I actually feel there must be prehistoric cave paintings and markings somewhere in the world containing some variation of <script>alert(1)</script>. Although XSS payloads embedded […]
Possibility of widespread leak and misuse of EU vaccination certificates
How to get an EU vaccination card for any citizen of the Slovak Republic based on their name and date of birth 1 Vulnerability history Similar to our recent revealed vulnerability in the NCZI systems (NCZI or NHIC National Health Information Center), where we were able to download 130 000 PCR/antigen tests and personal information […]
Mobile app security expert WANTED!
Job Description: Search for security vulnerabilities in Android/iOS apps and in the most diverse web applications and web services. Testing of mobile applications involves detailed testing of mobile applications and relevant web services in accordance with the OWASP Mobile Security Testing Guide. The result of the testing is documented by creating a final report in […]
Threat Hunting and Threat Intelligence services
Watch a video and read our comprehensive answers: Describe what Threat Hunting means and why it can be helpful for companies? On average, adversaries are present within an organization for more than 140 days before they are detected, and it often takes weeks and even months to entirely remove them. The time during which an […]
RED TEAMING – CAN YOU WITHSTAND A PROFESSIONALLY LED ATTACK?
1 WHAT IS RED TEAMING? In the following article, we will explain exactly what “Red Teaming” means, how it differs from traditional penetration tests, how the “Red Teaming” approach is unique, and why it best simulates a real coordinated attack. In Nethemba, we performed “Red Teaming” for many years before the term was publicly adopted […]
Our customer guide III
This is the third part of the article Our customer guide I and Our customer guide II. Repeated tests and bug bounty program The results of the performed penetration test or security audit are valid only to the specific date when the customer receives the final report. Neither we nor any other IT security company in […]
Our customer guide II
This is the second part of the article Our customer guide I. I want an offer, what do you need from me? (RFP) If you already know exactly which penetration tests or security audits you are interested in, do not hesitate to contact us. You can also do this in a secure encrypted way – […]
Our customer guide I
Everything you wanted to know about our IT security services The goal of the following document is to explain how to choose a suitable penetration test or security audit according to your expectations, following professional standards and at the best price. It is based on our 14 years of experience in the field of ethical […]
The critical vulnerability in the My eHealth application – a leak of the Slovak database of patients tested for COVID-19
In the Moje eZdravie application, we identified a trivial vulnerability that allowed us to obtain personal information about more than 390,000 patients who were tested for COVID-19 in Slovakia (for the demonstration we managed to get personal information about more than 130,000 patients, of which more than 1600 COVID-19 positive). The personal information obtained for […]