OSM-S Logo
Get a Quote!

Blog
Services

Ready for Red Teaming?

Red teaming is often seen as the pinnacle of offensive security: A simulated, no-holds-barred attack that tests your organization’s detection and response capabilities in real-world conditions. But while it’s tempting to jump into red teaming for the prestige or thrill, the timing matters. Starting too early, or without the right foundations, can lead to wasted effort, misunderstood results, or even dangerous blind spots. It’s not just about breaking in, it’s about seeing how well your defenses hold up and whether your team knows how to respond. Without the right preparation, the real lessons can be missed.

So when is your organization actually ready for red teaming?

Read More »
2025-07-30 No Comments
Privacy

Evaluating DNS4EU and Resolving Trust

The DNS Divide Between State, NGOs, and Corporations

Using a privacy-focused DNS (Domain Name System) provider is important for several reasons, primarily concerning data protection, digital sovereignty, and enhanced security.

When evaluating how different types of DNS providers handle user data, a key distinction lies in their logging policies, anonymization practices, and overall commitment to privacy, often influenced by their organizational structure and jurisdiction.

Read More »
2025-06-11 No Comments
Going Dark or Going too far?
IT Security

From Backdoors to “Upload Moderation”: Is Your Privacy Under Attack?

Are We Trading Privacy for Policing?

The EU’s “Going Dark” group says it’s about helping law enforcement tackle digital crime. But dig a little deeper, and things get murky. With talk of encryption backdoors, data retention revivals, and pressure on tech companies to play surveillance middlemen, critics warn we’re inching toward mass surveillance. Austria’s already setting the stage with its own plans to monitor messenger apps. Is this really about security, or are we breaking the very tools that protect our privacy? Let’s unpack it.

Read More »
2025-05-28 No Comments
Security Bug
Compliance

EUVD vs. NVD

With the EU Vulnerability Database launching and the CVE program hitting turbulence, the global vulnerability disclosure ecosystem is in transition. Here’s what it means for your security team.
In early 2025, the cybersecurity world got a wake-up call. The CVE Program, which underpins the U.S. National Vulnerability Database (NVD), came close to a shutdown due to a funding lapse. The contract between the U.S. government and MITRE, the operator of the CVE program, was set to expire on April 16, threatening the continuity of a system that’s foundational to global vulnerability tracking.
Though a last-minute extension was secured, the incident highlighted the fragility of the CVE infrastructure, and the ripple effects that budgetary instability can have across global security operations.

Read More »
2025-05-26 No Comments
Red Team VS Blue Team, TLPT
IT Security

Threat-Led Penetration Test (TLPT): What and Why?

Cyber attacks continue to evolve in both sophistication and frequency, forcing organizations to rethink how they approach security testing. Traditional methods like vulnerability scanning or one-off penetration tests still play an important role, but they often fall short in capturing how a real-world attacker would behave, especially one with time, resources, and specific intent. As a result, many organizations are beginning to shift away from generic, checklist-style assessments in favor of more focused, scenario-driven approaches that reflect the current threat landscape.
One such approach gaining significant traction, particularly in regulated sectors like finance and critical infrastructure, is known as Threat-Led Penetration Testing (TLPT). But what exactly is TLPT, where did it originate, and how does it differ from traditional penetration testing or red teaming?

Read More »
2025-04-07 No Comments
Choosing the right Penetration Testing Approach | Auswahl des richtigen Penetrationstest-Ansatzes
Services

Choosing the Right Penetration Testing Approach

In the ever-changing landscape of cybersecurity, organizations rely on penetration testing to assess the security of their digital infrastructure. This practice involves experts simulating real-world cyber attacks to identify vulnerabilities before malicious actors can exploit them. Over time, various methodologies have emerged to conduct penetration testing. Initially, experts performed traditional assessments, meticulously probing for weaknesses. Subsequently, bug bounty programs gained popularity, incentivizing individuals to discover and report vulnerabilities. Now, Penetration Testing as a Service (PTaaS) has emerged as a novel approach, offering continuous security assessments through subscription-based models. In this article, we’ll delve into these diverse penetration testing methodologies, examining their strengths and limitations. By understanding those 3 different approaches, organizations can make informed decisions to fortify their defenses against evolving cyber threats.

Read More »
2024-03-15 No Comments
Digital Operational Resilience Act (DORA)
Compliance

1 Year Until DORA: A Compact Overview for Financial Service Providers

As we stand at the threshold of January 2024, the clock is ticking for financial service providers across Europe. The Digital Operational Resilience Act (DORA) is set to come into full effect in January 2025, marking a significant shift in the regulatory landscape. This impending regulation underscores the critical importance of digital resilience in an era where cyber threats loom large and operational continuity is paramount. In this blog, we’ll delve into the essence of DORA, outline the key requirements it imposes on financial entities, and provide a strategic roadmap to ensure compliance within the one-year timeframe.

Read More »
2024-01-31 No Comments
A secure Cloud hovering over a Hand | Eine sichere Cloud über einer Hand
IT Security

Cloud Security

IT services in the cloud are becoming more and more popular these days. Many companies have already made their way to the cloud or are in the process of migrating their infrastructure to the cloud. Obviously, this offers a number of advantages: fast service delivery, high scalability, seemingly unlimited resources, and very high availability at a reasonable price. In addition, you do not have to purchase your own server hardware and do not have to maintain it. Despite all these advantages, the security of the company’s applications and data in the cloud should not be overlooked. Even if conventional security technologies cannot be integrated into the cloud solution so easily, the security objectives remain the same: preventing unauthorized access, preventing data loss and maintaining availability.

So, what needs to be considered when it comes to cloud security?

Read More »
2020-11-10 No Comments
Security is guaranteed
Research

IP Camera Security Horror

Would you like to buy a nice (and cheap) wireless surveillance camera to monitor your entrance or other areas of your property? That was exactly what I wanted and after doing some research I found hundreds of offers for wireless cameras with Wi-Fi, SD-Card Storage, Pan & Tilt functionality and much more between 20 and 60 Euros. These are sold through various websites and shops, most of them look quite similar and also offer more or less the same functionality. I randomly picked a model with the features I required and ordered it online. About 3 weeks later the package arrived, but while waiting for it I rethought the whole idea of buying security equipment from an unknown manufacturer called “e-scam” and planned for a small review before really putting it to use.

Read More »
2017-11-30 2 Comments

Most Popular:

Get In Touch

If you are interested in our services or just want to talk about Information Security, Risk or Compliance, just contact us!

OSM Solutions Standort auf Google Maps | OSM Solutions Location on Google Maps

Wipplingerstraße 33 / Top 3. OG | 1010 Vienna

office@osm-s.com

+43 1 8903625

Request Your
Pentest Summer 2025

Get a Quote!