- Internet of things and botnets: According to Proofpoint more than 750 000 phishing and spam e-mails have been launched from so called “Thingbots” including televisions and a fridge. Really? Arstechnica did an analysis of the report and is skeptical. “In any case: it could happen, and sooner or later it will.” (Bruce Schneier)
- Win32/Sefnit: Despite you are not using Tor maybe your computer does. This blogpost from Microsoft explains how the Tor client service, added by Sefnit, is posing a risk to millions of machines. What you’ll learn also: Microsoft has the ability to remotely remove programs en masse from people’s computers.
- By exploiting bugs in Google Chrome, malicious sites can activate your microphone, and listen in on anything said around your computer.
- NSA “Dishfire” program: The NSA collects and analyses millions of SMS text messages daily and extracts location, contacts and financial transactions – ‘The Guardian’ wrote.
- Surveillance & Misuse: ‘Die Zeit’ did an interview with Morgan Marquis-Boire, Security Engineer at Google and researcher at the Citizen Lab of the University of Toronto.
- DDoS: Who is commandeering your hosting center? DDoS attacks being launched against business web sites and networks often originate within web hosting centers.
- EncFS: Taylor Hornby published a report of an EncFS security audit.
- Windows Forensics is the topic of Packetpushers Healthy Paranoia Show 21 – surveillance-free and EFF-approved 😉
Die aktuelle Ausgabe unseres monatlich erscheinenden ‘SWITCHcert Reports zu aktuellen Trends im Bereich IT-Security und Privacy‘ ist soeben erschienen.
Themen diesen Monat:
- Sind EU-Institutionen im Visier der Geheimdienste?
- Die schöne neue Welt der Smart spying TVs
- Schwache Verschlüsselungsverfahren erleichtern Abhörern
- Verbraucherschützer erkämpfen mehr Rechte für deutsche
Google-Nutzer – möglicherweise
- Und wie immer Links zu spannenden Präsentationen, Artikeln und Videos rund um die Themen IT-Security und -Privacy.
Zum Download (PDF):
Haben Sie einen unserer vorigen Security-Reports verpasst? Hier kommen Sie zum Archiv.
- “Tomdep”-Malware: Symantec has discovered a worm-type threat which targets servers running Apache Tomcat.
- Brute force attack: Github faced a Brute force password-guessing attack. Github did a reset of passwords and personal access tokens and informed their users.
- Internet route hijacking: Renesys published a blog post about ‘Targeted Internet Traffic Misdirection’.
- LG Smart-TVs phone home: The british IT consultant Jason Huntley discovered that his TV talks to LG servers everytime he changes a channel – even after he disabled the ‘Collection of watching info’ option. LG says that’s not personal information.
- Forensics: Sandro Süffert published a comprehensive slideset on Memory Forensics for Windows, Mac and Linux.
- Awareness: The website eBanking – but secure is now also available in a smartphone optimized version.
- Ransomware: According to Microsoft, Ransomware is on the rise, especially in Europe.
- Offenbar gab es einen Einbruch in das Netz des EU-Parlaments: Hacker konnten demnach ohne grossen Aufwand auf vertrauliche E-Mails und persönliche Dokumente zugreifen. Ein Grossteil der EU-Politiker verwendet immer noch Windows XP.
Am 23. September gab es an der ETH Zürich einen Vortrag zum Thema “Die Cyber-Bedrohung – Wie ernst ist es wirklich?”, präsentiert vom ehemaligen Projektleiter der “Nationalen Strategie Cyber Defense”, Divisionär Kurt Nydegger. Wir waren natürlich sehr interessiert, was dort berichtet wird.
- E-Banking: A new banking trojan called ‘Hesperbot’ has been discovered targeting online banking users in Turkey, the Czech Republic, Portugal and the United Kingdom. The aim of the attackers is to obtain login credentials and to get victims to install a mobile component of the malware on their Symbian, Blackberry or Android phone.
- Tor & Malware: The number of Tor users has more than quintupled over the last weeks. Researchers from the Dutch security firm Fox-IT traced the Tor traffic to a botnet, known as SBC, using the “Mevade.A” or “Sefnit” malware families. Tor can be used to hide C&C servers.
- Mobile Malware ‘Obad’: How does this malware get onto mobile devices? Kaspersky has discovered four basic methods used to distribute different versions of Backdoor.AndroidOS.Obad.a.. And for the first time malware is being distributed using botnets that were created using completely different mobile malware.
- NSA & Snowden: According to documents revealed by Edward Snowden, NSA and GCHQ – the US and British intelligence agencies – have successfully cracked much of the online encryption. Bruce Schneier says, Government and industry have betrayed the internet – and us. And he suggests five ways to stay safe.
- Android Tools: The Infosec Institute published a list of Security and Hacking apps for Android devices.
- Gravierende Mängel: Die Geschäftsprüfungsdelegation des Schweizer Parlaments hat einen Bericht zur Informatiksicherheit im Nachrichtendienst des Bundes (PDF) veröffentlicht. Auslöser war ein Datendiebstahl vergangenen Jahres. Die Delegation stellt dem Geheimdienst und dem Verteidigungsdepartement kein gutes Zeugnis aus.
- DDoS: China suffered a DDoS attack that disrupted and slowed access to sites in the .cn domain. According to the China Internet Network Information Center (CNNIC) the attack was the largest in history against the domain servers for Chinas ccTLD.
- NSA and Lavabit: New insights about the immediate closure of the encrypted e-mail service Lavabit.
- Linux Trojan “Hand of Thief”: Avast did an analysis of the new trojan for Linux.
- SSL/TLS: What’s under the hood – Where are the TLS sessionkeys in your Browser and how can you use them with Wireshark?
- Do you have the right methodical approach to introduce and run your ‘Next Generation Firewall’ successfully?
- justdelete.me: is a directory of direct links to delete your account from web services.
- DDoS as a diversionary tactic: While keeping the Security staff busy with a ‘low-powered’ DDoS, attackers took over the wire payment switch at several US banks.
- APT: Read how Attackers are refining their tactics, using public cloud services to bypass monitoring or leveraging well known off-the-shelf tools for their attacks.
- ENISA, the European Union Agency for Network and Information Security issued their Annual Incident Report 2012 providing an overview of the major outage incidents in the EU in 2012. Pierluigi Paganini wrote a summary of it in the Securityaffairs Blog.
- “Spying NSA”: Listen (at your own risk) how an update of the Beach Boys song “Surfin USA” sounds at this years CRYPTO conference. And in case you want to sing along, here are the lyrics.
- PRISM@CH: Ein Artikel in der Weltwoche sinniert darüber, wie und wo in der Schweiz Traffic gesnifft wird und wie das damit rechtlich aussieht.
- Ist das Trusted Platform Module (TPM) Version 2.0 als Hintertür für Geheimdienste gedacht? Die Deutsche Bundesregierung warnt vor Windows 8. – Ach nee doch nicht!
- Social Engineering Attack I: The website of “The New York Times” was unavailable on Wednesday morning. According to KrebsOnSecurity a sophisticated phishing attack against newsroom reporters led to hacking of the site.
- Social Engineering Attack II: “Outbrain” who provides link recommendation services to Washington Post, CNN and the Time Magazine faced a security breach this week. As a consequence links on the sites redirected readers to the website of the Syrian Electronic Army (SEA). According to Outbrain, a phishing email was sent to all employees at Outbrain purporting to be from Outbrain’s CEO. It led to a page asking Outbrain employees to input their credentials to see the information.
- NSA surveillance: Lavabit and Silent Circle shut down their encrypted email services. Read interviews of Silent Circle CEO Michael Janke to discover the inside story and Lavabit founder Ladar Levison and his lawyer. Also here’s an interview of PGP inventor and Silent Circle co-founder Phil Zimmermann on the surveillance society.
- IT Threat Evolution: Kaspersky published their IT Threat Report for Q2/2013.
- The City of London stops smartphone tracking recycle bins. The bins which are located in the Cheapside area of central London, logged the MAC address of individual smartphones.
- Web Application Security: Are attackers dot-dot-slashing their way into your data? Directory traversal (or Path traversal) attacks are too old and too simple to mention? According to recent Web Application Attack Reports, they still make up more than 30 percent of the attacks against web applications.
- DEF CON 21, Black Hat 2013 and the NSA: We need some time apart – DEF CON founder Jeff Moss has asked federal agents not to attend this year’s DEF CON. At the same time the Director of the NSA, General Keith Alexander, will talk at Black Hat USA 2013.
- Android Security: Last week we reported about a vulnerability that allows to modify a legitimate, digitally signed Android application (.APK-File) without breaking the app’s cryptographic signature. In the meantime Google released a fix to OEMs. But only a few have released the patch to customers yet. A proof of concept exploit code is there, released by Pau Oliva Fora. And yes, there’s also a “Master key” Security Scanner App available from Bluebox to test if your device is vulnerable.
- PRISM: How Microsoft collaborates with the NSA. An article in ‘The Guardian’ which is worth reading (not only) for Hotmail, Outlook.com, SkyDrive and Skype users.
- DDoS: To provide insights on the latest DDoS threats – and effective mitigation strategies – Information Security Media Group has launched a DDoS Resource Center.
- Windows 7 Reinstall-How-to: Your PC has become infected with malware? You don’t know how to correctly reinstall your system, and reduce the risk of becoming reinfected at the same time? Have a look at the new How-to from EBAS. (Available in 4 languages.)
- PRISM: Tens of thousands Americans protest against unconstitutional surveillance.
- Motorola phones phone home to send user data and passwords to Company’s servers. (Finally someone who’s listening to the customers.)
- Android-Security: .APK-Code can apparently be modified without breaking the app’s cryptographic signature.
- Since Spear-Phishing is on the rise, does DMARC, the Domain-based Message Authentication, Reporting and Conformance initiative help?
- Multi Factor Authentication is now available for OpenSSH!
- Unser Security-Report für Juni 2013 ist kostenlos online abrufbar (PDF) .
- Android Security I: USBCleaver – How your Smartphone steals your PC’s browser passwords, the Wi-Fi password and network information.
- Android Security II: Only 4% of Android users are running the latest version of the mobile OS – which can mitigate some 77% of all existing Android malware threats.
- Opera network cracked, code signing certificate stolen: At least a few thousand Opera users received malware through the Opera update process.
- DDoS: Have you heard about Download-Flooding-Attacks? U.S. mid-tier banks are currently facing this kind of attacks. Nothing new, but useful to get around standard DDoS-detection and mitigation measures.
- PRISM: The Washington Post published some NSA slides that explain the data-collection program… …If you’re now looking for alternatives to Google, Facebook and Co, prism-break.org is worth a look… …and if you’ve decided to encrypt everything from now on, you should read this first.
- An interesting view on Recycling User IDs, E-Mail-Accounts or Domains and the impact on Privacy – and what this means for providers of internet services.
- In Bayern kann man jetzt wegen offenen E-Mail-Verteilern ein Bussgeld kassieren. Besser spät als nie.
- Android Trojans are getting more sophisticated. Roman Unuchek, a Kaspersky Lab Expert, gives insights into Backdoor.AndroidOS.Obad.a.
- Google Glass: What are the Privacy Implications of the tracking eye movement system and the head-worn camera?
- Darkleech: It looks like Plesk is often one of the entry points. If you are still running old Plesk Panels we recommend that you update Plesk immediately. (Here you find details from the manufacturer ‘Parallels’.)
- PRISM: The NY-Mag interviewed 9 Former NSA Employees. And Pierluigi Paganini thought about “Who helped NSA to build PRISM?”
- DDoS: You need to be prepared – 7 essentials for defending against DDoS attacks.
- Hard-coded passwords are apparently state of the art for medical devices.
- Banking-Trojaner: Zeus-Aufwärtstrend durch Facebook-Phishing und sinnvolle Gegenmassnahmen
- Boston-Spam: Malicious actors are exploiting the Boston Marathon explosions to spread malicious code, the US-CERT warns. The Internet Storm Center provides some details and how the spam campaigns are now changing over to the Waco plant explosion.
- WordPress: Securi.net blogged details about the massive brute force attacks against WordPress websites over the past days.
- Waiting desperately for Android Security Updates from your carrier? The American Civil Liberties Union has filed a complaint with the US Federal Trade Commission (FTC) concerning this issue.
- According to Reuters, China and the United States will set up a working group on cyber-security. “Cyberspace should be an area where the two countries can increase mutual trust and cooperation.”
- Symantec published their 58-page Internet Security Threat Report 2013 (PDF). Reviews can be found here and here.
- ‘Red October’ is the Security buzzword this week. Kaspersky published a report about a large scale cyber-espionage network on monday. And they called it ‘Red October’ (after famous novel ‘The Hunt For The Red October’).
- Interesting reading from the Citizen Lab Internet research group about the downside of network security and optimization products: “Planet Blue Coat: Mapping Global Censorship and Surveillance Tools“. And a corresponding article in the New York Times.
- “Cybercrime and the Underground Market” is a quite detailed article about Cyber-attacks, malware, identity theft, phishing and spam – in the Infosec-Institute Blog by Pierluigi Paganini.
- Also after the recent Java patch: A new exploit suggests to keep Java disabled.