End-of-Shift report
Timeframe: Mittwoch 26-04-2017 18:00 − Donnerstag 27-04-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Picture this: Senate staffers’ ID cards have photo of smart chip, no security
https://arstechnica.com/information-technology/2017/04/picture-this-senate-staffers-id-cards-have-photo-of-smart-chip-no-security/
FIRST TC Amsterdam 2017 Wrap-Up
Here is my quick wrap-up of the FIRST Technical Colloquium hosted by Cisco in Amsterdam. This is my first participation to a FIRST event. FIRST is ..
https://blog.rootshell.be/2017/04/26/first-tc-amsterdam-2017-wrap/
A vigilante is putting a huge amount of work into infecting IoT devices
https://arstechnica.com/security/2017/04/a-vigilante-is-putting-huge-amount-of-work-into-infecting-iot-devices/
Homebrew crypto SNAFU on electrical grid sees GE rush patches
Boffins turned up hard-coded password in ancient controllers General Electric is pushing patches for protection ..
www.theregister.co.uk/2017/04/27/ge_rushing_patches_to_grid_systems_ahead_of_black_hat_demonstration/
DSA-3835 python-django - security update
Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common ..
https://www.debian.org/security/2017/dsa-3835
Cyberkriminalität: So machen Sie Ihr Unternehmen sicher
Bei der Roadshow "IT-Sicherheit und Datenschutz" der WKÖ und des BMI im Rahmen von "Gemeinsam.Sicher mit ..
https://futurezone.at/b2b/cyberkriminalitaet-so-machen-sie-ihr-unternehmen-sicher/260.579.835
Peace in our time! Symantec says it can end Google cert spat
Its basically a promise to do better and not mess things up Symantec is hoping to get its certificates back on Googles trust list.
www.theregister.co.uk/2017/04/27/symantec_ca_proposal_for_google/
Ransomware up. Breaches up. What do hackers want? Research, prototypes... all your secrets
Verizon super depressing reports in Cyberespionage and ransomware attacks are on the increase, according ..
www.theregister.co.uk/2017/04/27/verizon_breach_report/
nomx: The worlds most (in)secure communications protocol
I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, ..
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/
APT Trends report, Q1 2017
Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries. During the first quarter of 2017, there were 33 private ..
http://securelist.com/analysis/quarterly-malware-reports/78169/apt-trends-report-q1-2017/
StringBleed ist kein zweites Heartbleed
Es wird mal wieder eine benamste Schwachstellen-Kuh durch die IT-Security Community getrieben. Der Name soll offensichtlich an Heartbleed erinnern, aber soweit wir das jetzt einschätzen können, ..
http://www.cert.at/services/blog/20170427115946-1972.html
Cracking APT28 traffic in a few seconds
Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly ..
http://securityaffairs.co/wordpress/58435/apt/cracking-apt28-traffic.html
Windows 10: Microsoft liefert Updates auch außerhalb des Patchdays
Microsoft will Windows 10 nach dem Creators Update nun auch außerhalb des Patchdays mit Updates versorgen. Allerdings ..
https://heise.de/-3698302
Broadcom-Sicherheitslücken: Samsung schützt Nutzer nicht vor WLAN-Angriffe
Googles Project Zero hat kürzlich in Broadcom-Chips und -Treibern zahlreiche kritische Sicherheitslücken gefunden, mit denen sich Smartphones übernehmen lassen. Wir haben ..
https://www.golem.de/news/broadcom-sicherheitsluecken-samsung-schuetzt-nutzer-nicht-vor-wlan-angriffe-1704-127540.html