[CERT-daily] Tageszusammenfassung - Dienstag 30-12-2014

Daily end-of-shift report team at cert.at
Tue Dec 30 18:08:16 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 29-12-2014 18:00 − Dienstag 30-12-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Can malware and hackers really cause giant physical disasters? ***
---------------------------------------------
Could you really have a hacker or malware initiated meltdown? Yes, says the 2014 report of the German Office for Information Security...
---------------------------------------------
https://nakedsecurity.sophos.com/2014/12/29/can-malware-and-hackers-really-cause-giant-physical-disasters/




*** Will 2015 be the year we finally do something about DDoS? ***
---------------------------------------------
Among the events of the past few days during the holidays was a DDoS attack on Sonys Playstation network and on Xbox Lives network. The attack was reportedly carried out by a group called Lizard Squad and by all measures is not ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19127




*** WhyDoWork AdSense 1.2 - XSS and CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7733




*** Open Season on VNC Servers Around the World ***
---------------------------------------------
VNC, or Virtual Network Computing, is a way to control computers remotely across a network. Often times computers running VNC servers are on internal networks with firewalls protecting them from outside users. No one wants a malicious user to remotely connect to their computer and have their way with their computer, right?
---------------------------------------------
https://medium.com/@kylestev/open-season-on-vnc-servers-around-the-world-4b89a0f8d992




*** Stallman: Freie Software ist die Basis für IT-Sicherheit ***
---------------------------------------------
Der Vater der Freien-Software-Gemeinde, Richard Stallman, hat auf dem 31C3 freie Software zum 'notwendigen Fundament der Cybersicherheit' erklärt. Proprietäre Programme entwickelten sich immer mehr zu Malware.
---------------------------------------------
http://www.heise.de/security/meldung/Stallman-Freie-Software-ist-die-Basis-fuer-IT-Sicherheit-2507190.html




*** Expect more ransomware and extortionware in 2015 ***
---------------------------------------------
While we can expect to see the return of some of the issues we faced in 2014, there are still a number of new threats that we need to be aware of in the year to come.
---------------------------------------------
http://www.scmagazine.com/expect-more-ransomware-and-extortionware-in-2015/article/390193/




*** 31C3: Wie man ein Chemiewerk hackt ***
---------------------------------------------
Die Sicherheit von Industrieanlagen wird oft beschworen, die Praxis lässt aber viel zu wünschen übrig. Beim CCC-Congress in Hamburg zeigten Hacker, wie man Industrieanlagen lahmlegen und Millionenschäden verursachen kann.
---------------------------------------------
http://www.heise.de/security/meldung/31C3-Wie-man-ein-Chemiewerk-hackt-2507259.html




*** Researchers Find 64-bit Version of Havex RAT ***
---------------------------------------------
Trend Micro researchers have come across a 64-bit version of Havex, a remote access tool that has been used in cyber espionage campaigns aimed at industrial control systems.
---------------------------------------------
http://www.securityweek.com/researchers-find-64-bit-version-havex-rat




*** Save Our Souls (SOS) ***
---------------------------------------------
Natural disasters are unexpected events that can cause severe financial and environmental loss as well as the loss of human life. As an enterprise, it is our responsibility to ensure that proper recovery strategies are in place, just ..
---------------------------------------------
http://resources.infosecinstitute.com/save-souls-sos/




*** Sicherheit: BKA schaltet Botnetz mit tausenden Rechnern ab ***
---------------------------------------------
Mehr als die Hälfte der Rechner eines vom BKA zerschlagenen Botnetzes sollen in Deutschland gestanden haben. In Zusammenarbeit mit dem BSI, dem Fraunhofer Institut und Antivirenherstellern wurden die betroffenen Nutzer informiert.
---------------------------------------------
http://www.golem.de/news/sicherheit-bka-schaltet-botnetz-mit-tausenden-rechnern-ab-1412-111393.html




*** 4G Security: Hacking USB Modem and SIM Card via SMS ***
---------------------------------------------
Telecommunications operators are pushing fast and cheap 4G communications technology. Yet only the chosen few know just how insecure it is. While researching the security level of 4G communications, Positive Technologies experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected computer as ..
---------------------------------------------
http://blog.ptsecurity.com/2014/12/4g-security-hacking-usb-modem-and-sim.html


Next End-of-Shift report on 2015-01-02


More information about the Daily mailing list