- Microsoft released a Security Advisory this week to notify customers that opening an e-mail containing a crafted RTF file in Outlook may hand the computer to hackers. Microsoft provides a fix-it tool. Another option: Read your e-mail in plain text.
- The Full Disclosure security mailing list has been shut down after 12 years and more than 91.500 posts …
- …and reborn under new management after a few days! You need to manually subscribe if you wish to be a member.
- Amazon Web Services (AWS) is urging developers using GitHub to ensure they haven’t inadvertently exposed their log-in credentials. A search on GitHub reveals thousands of results where code containing AWS secret keys. (How to remove sensitive data on GitHub.)
- NTP DDoS Attacks: Since December 2013 there has been a dramatic rise in NTP traffic, much of it due to NTP amplification attacks. According to the Open NTP Version (Mode 6) Scanning Project, currently 4.6 million distinct IPs (IPv4) respond to a NTP Mode 6 query.
- Operation Windigo: Hackers compromised more than 25.000 servers and used them for stealing SSH credentials, sending an average of 35 million spam messages on a daily basis and infecting visitors with malware. ESET published a 69-page paper (PDF) with details of the large and sophisticated operation.
- Data Privacy: Is it an out of date concept or more important than ever?
German:
- Die Digitale Gesellschaft Schweiz hat ihren Swiss Lawful Intercept Report 2014 veröffentlicht. Dieser dokumentiert die Überwachungsaktivitäten der Kantone und des Dienstes Überwachung Post- und Fernmeldeverkehr (ÜPF).
SWITCH Security-Blog 