SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


Leave a comment

A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Attack of the digital dolphins: hacking Alexa, Siri and their friends via ultrasound
  • The anti-antivirus programme: US government bans agencies from installing Kaspersky software on their computers
  • A hack of ‘epic proportions’ at Equifax
  • Science fiction 4.0 – how to hack a computer with a drop of saliva

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.


1 Comment

Money for Nothing and Coins for Free

Beginning in mid-September 2017, we started seeing a new abuse scheme on .ch and .li domains. The websites in question were running on outdated software and inevitably, hackers exploited some well-known vulnerability in order to inject malicious code. At this point we would usually expect an exploit kit in the website’s content with the purpose of infecting the victim’s machine with malware. In these cases however, the Javascript inject often looked somewhat like the following:

This code is designed to run in the background of the victim’s browser and immediately starts an endless loop of intensive computations at full pace, effectively turning the browser into a hash-crunching mule for the sake of distributed mining of cryptocoins, with profits going directly to the hacker.

Continue reading


IPv6 Security und Hacking – Vortrag beim Swiss IPv6 Council

sipv6cIm Rahmen einer neuen Tech-Event-Reihe, die das Swiss IPv6 Council in Kooperation mit Digicomp durchführt, hatte ich am vergangenen Montag die Gelegenheit, das Thema “IPv6 Security und Hacking” vorzustellen. Mit rund 70 Teilnehmern stiess auch diese zweite Veranstaltung der Reihe auf reges Interesse.

Continue reading

News


IT-Security-Links #3

News


IT-Security-Links #2