M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV), Author at AWARE7 GmbH

Election evaluation software with big security problems!

12. January 202220. October 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

Shortly before the election in the USA, security problems of an election analysis software in Switzerland become public. Several cantons are using outdated and vulnerable software and make it clear that IT security has not been a major issue in recent years. Together with the Swiss online magazine Republik, IT … continue reading

Bar association affected by ransomware – perpetrators demand ransom!

5. January 202213. October 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

The Bar Association’s electronic lawyer mailbox (BeA) has apparently fallen victim to a ransomware attack. A misconfigured database now allowed the attackers to demand ransomware, among other things. Bar association hit by ransomware 2 weeks ago The news website Golem already reported about 2 weeks ago that the information page … continue reading

Duckduckgo directions are now available!

5. January 202212. October 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

The Internet search engine Duckduckgo has now integrated directions. The possibility to access a map and directions directly via different search engines, such as Google, is already known. But now the search engine Duckduckgo can also shine with this feature.

Second factor automated confirmation – programmer develops a robot finger!

5. January 20226. October 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

A software developer of the messenger Slack has developed a robot finger in times of home office, which helps him to confirm the second factor. With the help of the robot finger, a small sensor is activated, which is connected to the laptop of the developer via USB-C.

Pentest Tool #5 – Naabu

5. January 20222. October 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

In week 5 we will introduce the Pentest Tool #5 Naabu. Naabu is a scanner like the tools we already know. We are still in the reconnaissance phase, in which we as attackers try to get to know the target system as well as possible. Using Naabu, the goal is to detect open ports on the target system with a very fast scan.

Windows XP source code released – New possibilities for attackers!

5. January 20221. October 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

Exactly one week ago, an anonymous user shared a link on the 4chan message board. This link led to a file archive of about 3GB, where parts of the source code of Windows XP and Windows Server 2003 are located. Although these Windows versions have been out of date for years, the open source code poses a threat to current systems.

Big Covid19 scam has been exposed!

5. January 202230. September 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

A major Covid19 scam that caused a sensation in mid-April of this year has now finally been completed. At the beginning of September the two criminals behind the big scam were arrested in the Netherlands.

Internal Hacker Attack – Several companies report security incidents!

5. January 202228. September 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

Hacker attacks are more and more in the spotlight, as the number of expensive attacks is increasing. In a hacker attack, most people imagine that a criminal finds a security hole in the system from a distance and exploits it. However, there is also a so-called internal hacker attack, in which the own employees cause damage. This is exactly what happened recently at the three companies Shopify, Tesla and Instacart.

Pentest Tool #4 – Arjun

5. January 202225. September 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

In the fourth week of the blog series, in which we present various hacking tools, we will deal with Arjun, but we are still in the reconnaissance phase, which means that we want to get to know our target system as well as possible. Unlike the previous tools, our pentest tool #4 Arjun is not pre-installed in Kali Linux.

Phish Scale – A new way of weighting phishing emails!

5. January 202224. September 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

Phishing is the most common attack vector currently used by hackers. Phishing refers to the sending of e-mails that are intended to intercept sensitive information. For this purpose, these e-mails are disguised as if they come from a trusted person. Since phishing is a well-known problem, many companies train their employees with phishing campaigns. A US institute has now created a new form of evaluation, the so-called Phish Scale, which is intended to help to better understand the results of such phishing campaigns.