March 2014 – SWITCH Security-Blog

IT-Security-Links #52

Microsoft released a Security Advisory this week to notify customers that opening an e-mail containing a crafted RTF file in Outlook may hand the computer to hackers. Microsoft provides a fix-it tool. Another option: Read your e-mail in plain text.
The Full Disclosure security mailing list has been shut down after 12 years and more than 91.500 posts …
…and reborn under new management after a few days! You need to manually subscribe if you wish to be a member.
Amazon Web Services (AWS) is urging developers using GitHub to ensure they haven’t inadvertently exposed their log-in credentials. A search on GitHub reveals thousands of results where code containing AWS secret keys. (How to remove sensitive data on GitHub.)
NTP DDoS Attacks: Since December 2013 there has been a dramatic rise in NTP traffic, much of it due to NTP amplification attacks. According to the Open NTP Version (Mode 6) Scanning Project, currently 4.6 million distinct IPs (IPv4) respond to a NTP Mode 6 query.
Operation Windigo: Hackers compromised more than 25.000 servers and used them for stealing SSH credentials, sending an average of 35 million spam messages on a daily basis and infecting visitors with malware. ESET published a 69-page paper (PDF) with details of the large and sophisticated operation.
Data Privacy: Is it an out of date concept or more important than ever?

German:

Die Digitale Gesellschaft Schweiz hat ihren Swiss Lawful Intercept Report 2014 veröffentlicht. Dieser dokumentiert die Überwachungsaktivitäten der Kantone und des Dienstes Überwachung Post- und Fernmeldeverkehr (ÜPF).

IT-Security-Links #51

“SOHO-Farming”: Hackers have compromised 300.000 SOHO routers and changed DNS settings to redirect to the attacker site. Team Cymru has published a report about recent Pharming attacks (PDF) targeting Small office and Home office (SOHO) routers.
WordPress DDoS: securi.net reported that more than 162.000 WordPress sites have been used for a DDoS Attack using the pingback feature. Here you can check, if your WordPress domain participated in the DDoS. Meanwhile Brian Krebs described different ways how to disable the pingback functionality.
We don’t know who Justin Bieber is. But his official twitter account which has more than 50 million followers has been hijacked by attackers to spread spam links from the account. Subsequently more than 13.000 users have favorited the tweets and over 7.000 users have re-tweeted them…
NSA Today: Recently published NSA slides explain some more projects. For example the Tailored Access Operations (TAO) hacking unit run a system called TURBINE, which can spam out millions of pieces of sophisticated malware at a time. HAMMERCHANT and HAMMERSTEIN is malware designed to sit on routers and grab encryption keys to decrypt supposedly secure VPN connections in real time. QUANTUMCOPPER automatically corrupts any data downloaded by a user. In the meantime, Facebook founder and CEO Mark Zuckerberg said he had called President Obama to voice his concerns about government surveillance.
CrowdResponse is a new, free incident response toolkit designed to help enterprises collect the data they need to analyze sophisticated attacks.
Dendroid: Symantec researchers have come to know another android malware toolkit called “Dendroid” which is being sold in the underground forums. And an example already made its way into Google’s official app store.

Unser SWITCH Security-Report für März 2014 ist verfügbar

Die aktuelle Ausgabe unseres monatlich erscheinenden ‘SWITCHcert Reports zu aktuellen Trends im Bereich IT-Security und Privacy’ ist soeben erschienen.

Themen diesen Monat:

Zwischen Panik und Ignoranz: Facebook kauft WhatsApp
Google, Apple und Co. wollen Auto der Zukunft mitgestalten
Harter Kampf um Kundendaten: Weg mit den Blockern, her mit der Reklame
Der tiefe Fall der grössten Bitcoin-Börse Mount Gox
Und wie immer Links zu spannenden Präsentationen, Artikeln und Videos rund um die Themen IT-Security und -Privacy.

Zum Download (PDF):