Hacking Trends – SWITCH Security-Blog

The July/August 2020 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

Aimless navigation – Garmin scrambling to regain its bearings after hacking incident
Hacking with a heavy hand: German intelligence is making a push to install hardware directly with internet providers and reroute internet traffic
A protection shield minus the protection – ECJ declares Privacy Shield unlawful
A night(mare) of celebrities – The ‘biggest Twitter hack of all times’ raises questions about the security of the network

The Security Report is available in both English and German.

»» Download the English report. »» Download the German report.

A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

Attack of the digital dolphins: hacking Alexa, Siri and their friends via ultrasound
The anti-antivirus programme: US government bans agencies from installing Kaspersky software on their computers
A hack of ‘epic proportions’ at Equifax
Science fiction 4.0 – how to hack a computer with a drop of saliva

The Security Report is available in both English and German.

»» Download the english report. »» Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

Money for Nothing and Coins for Free

written by Antoine Neuenschwander

Beginning in mid-September 2017, we started seeing a new abuse scheme on .ch and .li domains. The websites in question were running on outdated software and inevitably, hackers exploited some well-known vulnerability in order to inject malicious code. At this point we would usually expect an exploit kit in the website’s content with the purpose of infecting the victim’s machine with malware. In these cases however, the Javascript inject often looked somewhat like the following:

This code is designed to run in the background of the victim’s browser and immediately starts an endless loop of intensive computations at full pace, effectively turning the browser into a hash-crunching mule for the sake of distributed mining of cryptocoins, with profits going directly to the hacker.

Continue reading “Money for Nothing and Coins for Free”

IPv6 Security und Hacking – Vortrag beim Swiss IPv6 Council

Im Rahmen einer neuen Tech-Event-Reihe, die das Swiss IPv6 Council in Kooperation mit Digicomp durchführt, hatte ich am vergangenen Montag die Gelegenheit, das Thema “IPv6 Security und Hacking” vorzustellen. Mit rund 70 Teilnehmern stiess auch diese zweite Veranstaltung der Reihe auf reges Interesse.

Continue reading “IPv6 Security und Hacking – Vortrag beim Swiss IPv6 Council”

IT-Security-Links #3

A report from Black Hat USA in Las Vegas, one of the biggest IT security conferences in the world published by Compass Security. (Scroll down for the paper.)
A new Linux rootkit which injects iframes to websites has been discovered. Georg Wicherski did a first analysis in the Crowdstrike blog.
The next trends in cyber security: Some of the top security threats we can expect to see developing over the next year – compiled by Gordon Makryllos (CSO Australia)
The IETF has published RFC 6797: HTTP Strict Transport Security (HSTS) – read a short summary here.
How Java exploit code bypasses 44 Antivirus products – A nice step by step demo.