End-of-Shift report
Timeframe: Montag 29-12-2014 18:00 − Dienstag 30-12-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Can malware and hackers really cause giant physical disasters?
Could you really have a hacker or malware initiated meltdown? Yes, says the 2014 report of the German Office for Information Security...
https://nakedsecurity.sophos.com/2014/12/29/can-malware-and-hackers-really-cause-giant-physical-disasters/
Will 2015 be the year we finally do something about DDoS?
Among the events of the past few days during the holidays was a DDoS attack on Sonys Playstation network and on Xbox Lives network. The attack was reportedly carried out by a group called Lizard Squad and by all measures is not ..
https://isc.sans.edu/diary.html?storyid=19127
WhyDoWork AdSense 1.2 - XSS and CSRF
https://wpvulndb.com/vulnerabilities/7733
Open Season on VNC Servers Around the World
VNC, or Virtual Network Computing, is a way to control computers remotely across a network. Often times computers running VNC servers are on internal networks with firewalls protecting them from outside users. No one wants a malicious user to remotely connect to their computer and have their way with their computer, right?
https://medium.com/@kylestev/open-season-on-vnc-servers-around-the-world-4b89a0f8d992
Stallman: Freie Software ist die Basis für IT-Sicherheit
Der Vater der Freien-Software-Gemeinde, Richard Stallman, hat auf dem 31C3 freie Software zum 'notwendigen Fundament der Cybersicherheit' erklärt. Proprietäre Programme entwickelten sich immer mehr zu Malware.
http://www.heise.de/security/meldung/Stallman-Freie-Software-ist-die-Basis-fuer-IT-Sicherheit-2507190.html
Expect more ransomware and extortionware in 2015
While we can expect to see the return of some of the issues we faced in 2014, there are still a number of new threats that we need to be aware of in the year to come.
http://www.scmagazine.com/expect-more-ransomware-and-extortionware-in-2015/article/390193/
31C3: Wie man ein Chemiewerk hackt
Die Sicherheit von Industrieanlagen wird oft beschworen, die Praxis lässt aber viel zu wünschen übrig. Beim CCC-Congress in Hamburg zeigten Hacker, wie man Industrieanlagen lahmlegen und Millionenschäden verursachen kann.
http://www.heise.de/security/meldung/31C3-Wie-man-ein-Chemiewerk-hackt-2507259.html
Researchers Find 64-bit Version of Havex RAT
Trend Micro researchers have come across a 64-bit version of Havex, a remote access tool that has been used in cyber espionage campaigns aimed at industrial control systems.
http://www.securityweek.com/researchers-find-64-bit-version-havex-rat
Save Our Souls (SOS)
Natural disasters are unexpected events that can cause severe financial and environmental loss as well as the loss of human life. As an enterprise, it is our responsibility to ensure that proper recovery strategies are in place, just ..
http://resources.infosecinstitute.com/save-souls-sos/
Sicherheit: BKA schaltet Botnetz mit tausenden Rechnern ab
Mehr als die Hälfte der Rechner eines vom BKA zerschlagenen Botnetzes sollen in Deutschland gestanden haben. In Zusammenarbeit mit dem BSI, dem Fraunhofer Institut und Antivirenherstellern wurden die betroffenen Nutzer informiert.
http://www.golem.de/news/sicherheit-bka-schaltet-botnetz-mit-tausenden-rechnern-ab-1412-111393.html
4G Security: Hacking USB Modem and SIM Card via SMS
Telecommunications operators are pushing fast and cheap 4G communications technology. Yet only the chosen few know just how insecure it is. While researching the security level of 4G communications, Positive Technologies experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected computer as ..
http://blog.ptsecurity.com/2014/12/4g-security-hacking-usb-modem-and-sim.html
Next End-of-Shift report on 2015-01-02