Swiss Economic Forum 2019, Interlaken

The motto of this year's Swiss Economic Forum (SEF) is "YES – The Optimist Code". Yes is positive. Yes opens up space for possibilities and alternatives. However, when asked whether there is THE security for our data, it is usually followed by "Yes, but...". Compass Security discusses this topic with other experts.

The Swiss Economic Forum (SEF) is Switzerland’s leading economic conference. On May 23/24, 2019 more than 1300 leading personalities from business, academia, politics and the media meet in Interlaken for an active exchange of ideas and cross-industry networking.

The programme on the main stage will be supported by master classes in which current topics will be deepened in smaller groups with proven experts.


Be up to Date

Active discussions take place in the breakout sessions, which are organized by various SEF partners. Premium partner Allianz is focused on the topic of "Data Security" and has invited three specialists for the dialogue with the participants:

Ivano Somaini, Regional Manager and Social Engineering specialist at Compass Security Schweiz will discus with Myriam Dunn Cavelty (ETH Zurich) and Jens Krickhahn (Allianz), whether there is one hunderd percent security for our data.

The breakout sessions will take place on Friday, 12.00-12.45 p.m.


Hacking for Everyone

As a special highlight of the event, participants can find out how hacker attacks work. At the Allianz booth, Compass Security offers to try your hand at hacking. Cause security analysts Ivano Somaini and Damian Pfammatter (Security Analyst at Compass) know:

"If you understand how a simple attack works and see what effects it can have, you become more cautious and more aware of information security".



Please visit for detailed information.


Vulnerability in "The Scheduler" Plugin for Jira

Thierry Viaccoz has identified an XML External Entity (XXE) vulnerability in "The Scheduler" plugin for Jira. Read more

Vulnerability in the Email+ iOS Application from MobileIron

Sylvain Heiniger has identified a "Cleartext Storage of Sensitive Information" vulnerability in the MobileIron application Email+. Read more

Vulnerabilities in Universal Automation Center (UAC)

Michael Fisler and Felix Aeppli have identified vulnerabilities in the Universal Automation Center (UAC). Read more


Compass Security Blog

Privilege escalation in Windows Domains (2/3)

This second article about privilege escalation in Windows domains describes how to propagate by aiming for passwords that are lying around. mehr

Privilege escalation in Windows Domains (1/3)

This first article of our series about privilege escalation in Windows domains demonstrates how to get a foothold by relaying credentials from users. mehr