- Trojan.Tubrosa is a new click-fraud malware. The attackers compromise victims’ computers via Spam campaigns to use them to automatically inflate their YouTube video views. The malware comes with a Flash Player and a list of YouTube links.
- Cisco published their 53-page Annual Security Report for 2015 (PDF). Tl;dr? Look at page 4 for a summary.
- For those who still plan their migration from Windows XP to 7: Keep in mind that Windows 7 is already in the so-called “extended support” phase which will likely end in 5 years.
- Smart vulnerable cars: According to a recent research, an electronic dongle used to plugged into the on-board diagnostic port of more than two million cars are vulnerable to wireless attacks, resulting in taking control of the entire vehicle.
- PACE report: A 32-page report into mass surveillance by a top European rights body has warned that digital dragnets are endangering fundamental human rights.
- Social Engineering: Jimmy Kimmel sent a camera out onto Hollywood Boulevard to ask people: What is your password? Obviously we need to do a better job of protecting ourselves.
A new issue of our monthly SWITCH Security Report has just been released.
The topics covered in this report are:
- iBeacons: the next big thing for 2015?
- «Locate. Track. Manipulate.»: a new level of mobile snooping
- How to steal fingerprints with a 200-mm zoom lens
- Drones – buzzing business, more stringent rules and fewer benefits than expected
- The Golden Globes in the wake of the Sony hack
- The Clipboard: Interesting Presentations, Articles and Videos
The Security Report is available in both english and german language.
Did you miss our previous Security Report? Click here to go to the archive.
- 31c3: Talks from the 31. Chaos Communication Congress are available on CCC-TV. Learn about SS7 phone-call routing protocol misuse or how the thumbprint of the German defense minister could be copied with a 200mm Tele lens.
- SECURE 2014: CERT Polska published the talks from the SECURE 2014 security conference in Warsaw.
- Misfortune Cookie / RomPager: Researchers from Check Point found a critical vulnerability that allows an intruder to remotely take over SOHO Internet routers and use them for attacks. Is it that bad? Yes. A list of at least 200 different likely affected devices is available as well as an online check.
- Ransomware: CryptoWall keeps evolving. For example new versions communicate with command-and-control servers using the Tor network.
- SSH: Secure the secure shell – how you can harden recent OpenSSH versions.
- MITM in the air: A Google engineer recently noticed that In-flight WiFi uses fake Google SSL certificates to spy on net traffic.
- Social Engineering: Ninety-nine-point-nine percent of the job is looking like you know what you’re doing.
- Awareness: Dr. Security, ein Mann wie eine Firewall – eine dreiteilige Videoserie über gehackte Autos, entführte Rechner und Sicherheitslücken aus dem digitalen Alltag.