======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 26-04-2017 18:00 − Donnerstag 27-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Picture this: Senate staffers’ ID cards have photo of smart chip, no security *** --------------------------------------------- https://arstechnica.com/information-technology/2017/04/picture-this-senate-s...
*** FIRST TC Amsterdam 2017 Wrap-Up *** --------------------------------------------- Here is my quick wrap-up of the FIRST Technical Colloquium hosted by Cisco in Amsterdam. This is my first participation to a FIRST event. FIRST is .. --------------------------------------------- https://blog.rootshell.be/2017/04/26/first-tc-amsterdam-2017-wrap/
*** A vigilante is putting a huge amount of work into infecting IoT devices *** --------------------------------------------- https://arstechnica.com/security/2017/04/a-vigilante-is-putting-huge-amount-...
*** Homebrew crypto SNAFU on electrical grid sees GE rush patches *** --------------------------------------------- Boffins turned up hard-coded password in ancient controllers General Electric is pushing patches for protection .. --------------------------------------------- www.theregister.co.uk/2017/04/27/ge_rushing_patches_to_grid_systems_ahead_of_black_hat_demonstration/
*** DSA-3835 python-django - security update *** --------------------------------------------- Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3835
*** Cyberkriminalität: So machen Sie Ihr Unternehmen sicher *** --------------------------------------------- Bei der Roadshow "IT-Sicherheit und Datenschutz" der WKÖ und des BMI im Rahmen von "Gemeinsam.Sicher mit .. --------------------------------------------- https://futurezone.at/b2b/cyberkriminalitaet-so-machen-sie-ihr-unternehmen-s...
*** Peace in our time! Symantec says it can end Google cert spat *** --------------------------------------------- Its basically a promise to do better and not mess things up Symantec is hoping to get its certificates back on Googles trust list. --------------------------------------------- www.theregister.co.uk/2017/04/27/symantec_ca_proposal_for_google/
*** Ransomware up. Breaches up. What do hackers want? Research, prototypes... all your secrets *** --------------------------------------------- Verizon super depressing reports in Cyberespionage and ransomware attacks are on the increase, according .. --------------------------------------------- www.theregister.co.uk/2017/04/27/verizon_breach_report/
*** nomx: The worlds most (in)secure communications protocol *** --------------------------------------------- I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, .. --------------------------------------------- https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol...
*** APT Trends report, Q1 2017 *** --------------------------------------------- Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries. During the first quarter of 2017, there were 33 private .. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/78169/apt-trends-re...
*** StringBleed ist kein zweites Heartbleed *** --------------------------------------------- Es wird mal wieder eine benamste Schwachstellen-Kuh durch die IT-Security Community getrieben. Der Name soll offensichtlich an Heartbleed erinnern, aber soweit wir das jetzt einschätzen können, .. --------------------------------------------- http://www.cert.at/services/blog/20170427115946-1972.html
*** Cracking APT28 traffic in a few seconds *** --------------------------------------------- Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly .. --------------------------------------------- http://securityaffairs.co/wordpress/58435/apt/cracking-apt28-traffic.html
*** Windows 10: Microsoft liefert Updates auch außerhalb des Patchdays *** --------------------------------------------- Microsoft will Windows 10 nach dem Creators Update nun auch außerhalb des Patchdays mit Updates versorgen. Allerdings .. --------------------------------------------- https://heise.de/-3698302
*** Broadcom-Sicherheitslücken: Samsung schützt Nutzer nicht vor WLAN-Angriffe *** --------------------------------------------- Googles Project Zero hat kürzlich in Broadcom-Chips und -Treibern zahlreiche kritische Sicherheitslücken gefunden, mit denen sich Smartphones übernehmen lassen. Wir haben .. --------------------------------------------- https://www.golem.de/news/broadcom-sicherheitsluecken-samsung-schuetzt-nutze...