SWITCH Security-Blog

SWITCH-CERT IT-Security Blog

securityreport


Leave a comment

The November 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • IT security researchers reveal vulnerabilities in photoTAN procedure for mobile banking
  • DDoS attack via IoT botnet shuts down parts of Internet
  • Triple record: Yahoo loses half a billion customers’ details, more trust than ever and USD 1 billion from its acquisition price

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

securityreport


Leave a comment

The October 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Swiss electorate votes in favour of Intelligence Service Act – making everyone a suspect?
  • Your money or your device – mobile banking Trojan Gugi tricks Android users
  • SWIFT, and it’s gone – banks lose money to hackers again following SWIFT data theft
  • It was just a question of time – botnet discovered on Internet of Things

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

Sicherheit_Icon_cert_verteidigung


Leave a comment

An attachment that wasn’t there

By Slavo Greminger and Oli Schacher

On a daily basis we collect tons of Spam emails, which we analyze for malicious content. Of course, this is not done manually by our thousands of minions, but automated using some Python-fu. Python is a programming language that comes with many libraries, making it easy for us to quickly perform such tasks.

Python’s email library deals with, well, emails. And it does it well. But on October 3rd, we encountered an attachment that wasn’t there – at least according to Python’s email library.

Mal-formatted email

Left: Outlook Web does not show the attachment          Right: Thunderbird does show the attachment

Now how could that happen?

Emails do have a certain structure, which is described nicely in RFC #822, RFC #2822, RFC #5322, RFC #2045, RFC #2046, RFC #2047, RFC #2049, RFC #2231, RFC #4288 and RFC #4289. Even though these RFC’s are clear in their own way, an illustration might help (we focus on multipart emails only) to understand why Python’s email library got fooled.

Continue reading

securityreport


Leave a comment

The September 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Bug bounties and the Cyber Grand Challenge
  • Pegasus spies on Apple devices, QuadRooter threatens Android
  • A USD 22 billion investment pays off – WhatsApp shares phone numbers with Facebook
  • Now you see them, now you don’t – another multi-million-dollar Bitcoin theft
  • DiskFiltration and Fansmitter attempt to bridge the air gap

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

securityreport


The July 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • DAO-ism on the ethereal plane – hacker bags cryptocurrency worth USD 50 million
  • Ransomware – smart, greedy and unkillable
  • CANVAS ready to launch – bridging cybersecurity and ethics
  • US border guards want to be your Facebook friend – and other news on anti-terror measures

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

securityreport


The June 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • A RUeful tale – unknown cyberattackers steal 20 gigabytes of data from RUAG
  • Twitter shuts the door on US intelligence services
  • iPhone stays locked – Touch ID demands a password after 48 hours
  • Passwords for e-banking and suchlike? You can soon forget them!

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

securityreport


The May 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Faster than Odysseus – e-banking Trojan Gozi attacks Switzerland via news website
  • Heartbreak remote – chip implants and the security of implanted, software-driven medical devices
  • One point three million dollar phone – FBI spends big in iPhone hacking dispute with Apple
  • It looks horrible, and it is – Jigsaw causing terror once again, this time in digital form

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.