- Trojan.Tubrosa is a new click-fraud malware. The attackers compromise victims’ computers via Spam campaigns to use them to automatically inflate their YouTube video views. The malware comes with a Flash Player and a list of YouTube links.
- Cisco published their 53-page Annual Security Report for 2015 (PDF). Tl;dr? Look at page 4 for a summary.
- For those who still plan their migration from Windows XP to 7: Keep in mind that Windows 7 is already in the so-called “extended support” phase which will likely end in 5 years.
- Smart vulnerable cars: According to a recent research, an electronic dongle used to plugged into the on-board diagnostic port of more than two million cars are vulnerable to wireless attacks, resulting in taking control of the entire vehicle.
- PACE report: A 32-page report into mass surveillance by a top European rights body has warned that digital dragnets are endangering fundamental human rights.
- Social Engineering: Jimmy Kimmel sent a camera out onto Hollywood Boulevard to ask people: What is your password? Obviously we need to do a better job of protecting ourselves.
Month: January 2015
The January 2015 issue of our SWITCH Security Report is available!
Dear Reader!
A new issue of our monthly SWITCH Security Report has just been released.
The topics covered in this report are:
- iBeacons: the next big thing for 2015?
- «Locate. Track. Manipulate.»: a new level of mobile snooping
- How to steal fingerprints with a 200-mm zoom lens
- Drones – buzzing business, more stringent rules and fewer benefits than expected
- The Golden Globes in the wake of the Sony hack
- The Clipboard: Interesting Presentations, Articles and Videos
The Security Report is available in both english and german language.
»» Download the english report. »» Download the german report.
Did you miss our previous Security Report? Click here to go to the archive.
IT-Security-Links #68
- 31c3: Talks from the 31. Chaos Communication Congress are available on CCC-TV. Learn about SS7 phone-call routing protocol misuse or how the thumbprint of the German defense minister could be copied with a 200mm Tele lens.
- SECURE 2014: CERT Polska published the talks from the SECURE 2014 security conference in Warsaw.
- Misfortune Cookie / RomPager: Researchers from Check Point found a critical vulnerability that allows an intruder to remotely take over SOHO Internet routers and use them for attacks. Is it that bad? Yes. A list of at least 200 different likely affected devices is available as well as an online check.
- Ransomware: CryptoWall keeps evolving. For example new versions communicate with command-and-control servers using the Tor network.
- SSH: Secure the secure shell – how you can harden recent OpenSSH versions.
- MITM in the air: A Google engineer recently noticed that In-flight WiFi uses fake Google SSL certificates to spy on net traffic.
- Social Engineering: Ninety-nine-point-nine percent of the job is looking like you know what you’re doing.
German:
- Awareness: Dr. Security, ein Mann wie eine Firewall – eine dreiteilige Videoserie über gehackte Autos, entführte Rechner und Sicherheitslücken aus dem digitalen Alltag.
SWITCH Security-Blog 