[CERT-daily] Tageszusammenfassung - Freitag 17-02-2017

Fri Feb 17 18:06:40 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 16-02-2017 18:00 − Freitag 17-02-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Divide Between Work, Personal Data on Android Breached ***
---------------------------------------------
Researchers demonstrate how malicious apps can break into secure Android work containers on EMM managed phones.
---------------------------------------------
http://threatpost.com/divide-between-work-personal-data-on-android-breached/123779/


*** Don’t panic over cyber-terrorism: Daesh-bags still at script kiddie level ***
---------------------------------------------
Medieval terror bastards not great at hacking says ex-top NSA lawyer RSA USA There’s no need to panic about the threat of a major online terrorist attack, since ISIS and their allies are all talk and no ..
---------------------------------------------
www.theregister.co.uk/2017/02/16/online_terrorism_isnt/


*** Mobile apps and stealing a connected car ***
---------------------------------------------
The concept of a connected car, or a car equipped with Internet access, has been gaining popularity for the last several years. By using proprietary mobile ..
---------------------------------------------
http://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/


*** DSA-3790 spice - security update ***
---------------------------------------------
https://www.debian.org/security/2017/dsa-3790


*** MQTT-Protokoll: IoT-Kommunikation von etwa Reaktoren und Gefängnissen öffentlich einsehbar ***
---------------------------------------------
Über das Telemetrie-Protokoll MQTT spricht eine unüberschaubare Zahl an IoT-Sensoren in etwa Autos und Flugzeugen mit ihren Servern – unverschlüsselt, ohne Frage nach Passwörtern. Hacker könnten nicht nur mitlesen, sondern Daten auch manipulieren.
---------------------------------------------
https://heise.de/-3629650


*** Darknet-Drogenring in Braunau aufgeflogen ***
---------------------------------------------
Die Hinweise auf den Suchtgifthandel kamen von Zollfahndung Frankfurt. Der Kopf der Bande befindet sich in Haft.
---------------------------------------------
https://futurezone.at/digital-life/darknet-drogenring-in-braunau-aufgeflogen/247.055.269


*** My Friend Cayla: Eltern müssen Puppen ihrer Kinder zerstören ***
---------------------------------------------
Smartes Spielzeug wird vor allem von Datenschützern immer wieder kritisiert. In einem Fall greift die ..
---------------------------------------------
https://www.golem.de/news/my-friend-cayla-eltern-muessen-puppen-ihrer-kinder-zerstoeren-1702-126236.html


*** MQTT-Protokoll: IoT-Kommunikation von Reaktoren und Gefängnissen öffentlich einsehbar ***
---------------------------------------------
Über das Telemetrie-Protokoll MQTT spricht eine unüberschaubare Zahl an IoT-Sensoren in etwa Autos und Flugzeugen ..
---------------------------------------------
https://heise.de/-3629650


*** Gag Order: Riseup belebt den Kanarienvogel wieder ***
---------------------------------------------
Nachdem Riseup seinen Warrant Canary im vergangenen Jahr nicht aktualisiert hatte, gab es viel Aufregung in der Szene. Jetzt gibt das Kollektiv bekannt: "Wir haben Nutzerdaten herausgegeben." Künftig soll das dank Verschlüsselung nicht mehr möglich sein.
---------------------------------------------
https://www.golem.de/news/gag-order-riseup-belebt-den-kanarienvogel-wieder-1702-126245.html


*** USB Killer now lets you fry most Lightning and USB-C devices for $55 ***
---------------------------------------------
Plus a new, stealthy "anonymous" stick, because thats what the world really needed.
---------------------------------------------
https://arstechnica.com/gadgets/2017/02/usb-killer-fry-lightning-usb-c-devices/


*** Planning for an InfoSec Conference ***
---------------------------------------------
I wasted many an early year going to InfoSec conferences and security events only to find them useless. Well, they werent totally useless, Id often come back with a bag full of goodies that more often than not included stress ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/planning-for-an-infosec-conference


*** SMTP Strict Transport Security Coming Soon to Gmail, Other Webmail Providers ***
---------------------------------------------
SMTP Strict Transport Security is coming to major webmail providers this year, a Google engineer said at RSA Conference
---------------------------------------------
http://threatpost.com/smtp-strict-transport-security-coming-soon-to-gmail-other-webmail-providers/123789/


*** VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for ***
---------------------------------------------
APT reports are great for gaining an understanding of how advanced attack groups operate - however, they can also ..
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/02/vb2016-paper-apt-reports-and-opsec-evolution-or-these-are-not-apt-reports-you-are-looking/