M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV), Author at AWARE7 GmbH

Security Tools – provide more security yourself!

18. January 202217. January 2022 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

There are numerous security tools that are open source and can therefore be used free of charge. It is no secret that even trained pentesters use many of these tools. The SANS Institute has listed a considerable number of tools that help to determine the level of IT security – … continue reading

Smishing – the big scam with the fake SMS!

17. January 2022 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

Smishing – a word combination of SMS and fishing that most people know from phishing. The latter represents an attempt to “fish” for passwords. Smishing refers to the channel, namely SMS, as a means to an end. Since SMS is used for only a few purposes now, criminals focus on … continue reading

Google Docs comment function is used for phishing attacks

14. January 2022 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

Google Docs – simple spreadsheet as well as a word processor in the web browser. Practical, free of charge and also therefore interesting for criminals. In fact, Google’s environment is currently being used for phishing attacks. Particular emphasis is placed on the comment function. Text lines can be marked and … continue reading

Criminals use fake QR codes on parking meters to divert payments

13. January 2022 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

Fake QR codes are being placed on parking meters in the States to divert payments. Yet cities don’t even have QR codes in place for payment processing. The first cases have surfaced in Austin, Houston and San Antonio. It is to be expected that this method will find its way … continue reading

USB sticks with ransomware – FIN7 hacker group uses hardware!

12. January 2022 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

Having USB sticks with ransomware in the real mailbox is an unusual, even if not unrealistic, scenario. In the past, many companies have prepared for this eventuality with various measures. A current case shows that even this threat scenario cannot yet be put ad-acta. The defense industry in the United … continue reading

Check dependencies on open source libraries!

11. January 2022 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

With a high number of dependencies on open source libraries, unwanted problems can occur. As a recent incident shows, these do not have to be of technical origin, but can have human motives. The open-source faker.js and colors.js libraries were intentionally tampered with by Marak Squires, the developer. Developers who … continue reading

CTF: Learning Format for Cybersecurity

12. January 202221. October 2020 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

A Capture the Flag (CTF) contest is an event that is well known in the field of information security. Regardless of whether they are experts or newcomers, a CTF can help build information security capabilities. The competitive character makes the whole thing competitive. What is a CTF? A CTF is … continue reading

Unc0ver: Jailbreak for iOS 11 to 13.5 available!

5. January 202225. May 2020 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

Since Saturday, a non-permanent and fully reversible jailbreak is available for iOS 11 to 13.5. The possibility to break out of Apple’s operating system is based on a zero-day gap which is at home in the kernel. The developers are positive that the jailbreak also works with iOS 14. With the release of the jailbreak the developers renounce the participation in a bug bounty program.

Hacker Shop – Buying hacking hardware

5. January 202219. May 2020 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

In a hacker shop you can buy ready-made hardware and software for attacking IT systems. The hardware can also save time and carry out complex work faster when carrying out a professional penetration test on site.

Having received the hardware without the explicit declaration of consent can have legal consequences. The different tools range from espionage to the wilful destruction of property.

What is blacklisting? Check and protect your reputation!

5. January 202218. May 2020 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

A blacklisting is a list of untrusted senders. This helps to separate serious from untrustworthy senders when delivering e-mails. On the Internet, classification is used in many places.

Large area spam e-mails can be prevented in this way. However, too many login attempts on a website can also lead to the IP address ending up on a blacklist.