- The Cybercrime Coordination Unit Switzerland (CYCO/KOBIK) published their Annual Report 2012 (PDF). It’s also available in German.
- Phishing: How the phishers perpetrated their attacks, and what defensive measures are and are not working: The Anti-Phishing Working Group (APWG) released the Global Phishing Survey for 2H2012.
- DDoS Attacks: I’m under attack. What should I do? Whom should I call? Dave Piscitello wrote an interesting blog post about How to Report a DDoS Attack on behalf of the ICANN Security Team.
- When it comes to enterprise security, is it better to focus on compliance or risk? A viewpoint from Christian Anschuetz and Dan Abdul at networkworld.com.
- A new Android malware is targeting Polish e-banking users. The application is called “E-Security”. (CERT Polska)
- Strong Twitter passwords are important! Here you can (let your colleagues) check, if your/their Twitter passwords are still secure. 😉
In the 3rd quarter 2012, SWITCH-CERT has helped to clean 1260 malware distributing websites under the .ch and .li top level domains. This is more than twice than in the quarters before.
The dramatic rise of compromised websites in Q3 2012 is most likely due to a vulnerability in the popular Plesk server admin software, that allowed attackers to access the websites and enabled them to inject their invisible code. Exploit kits were commercially available on the internet.