Exactly one week ago, an anonymous user shared a link on the 4chan message board. This link led to a file archive of about 3GB, where parts of the source code of Windows XP and Windows Server 2003 are located. Although these Windows versions have been out of date for years, the open source code poses a threat to current systems.
M.Sc. Jan Hörnemann
Big Covid19 scam has been exposed!
A major Covid19 scam that caused a sensation in mid-April of this year has now finally been completed. At the beginning of September the two criminals behind the big scam were arrested in the Netherlands.
Internal Hacker Attack – Several companies report security incidents!
Hacker attacks are more and more in the spotlight, as the number of expensive attacks is increasing. In a hacker attack, most people imagine that a criminal finds a security hole in the system from a distance and exploits it. However, there is also a so-called internal hacker attack, in which the own employees cause damage. This is exactly what happened recently at the three companies Shopify, Tesla and Instacart.
Pentest Tool #4 – Arjun
In the fourth week of the blog series, in which we present various hacking tools, we will deal with Arjun, but we are still in the reconnaissance phase, which means that we want to get to know our target system as well as possible. Unlike the previous tools, our pentest tool #4 Arjun is not pre-installed in Kali Linux.
Phish Scale – A new way of weighting phishing emails!
Phishing is the most common attack vector currently used by hackers. Phishing refers to the sending of e-mails that are intended to intercept sensitive information. For this purpose, these e-mails are disguised as if they come from a trusted person. Since phishing is a well-known problem, many companies train their employees with phishing campaigns. A US institute has now created a new form of evaluation, the so-called Phish Scale, which is intended to help to better understand the results of such phishing campaigns.
Microsoft products do not comply with German data protection laws!
Microsoft products have become an integral part of most companies and schools. Due to the Corona pandemic, Microsoft teams in particular gained users in addition to the usual products, such as Microsoft Word or Microsoft Power Point. At the data protection conference, data protection activists from Germany have now announced that Microsoft products do not comply with data protection laws in Germany.
Bluetooth security vulnerability – BLURtooth is dangerous for Bluetooth 4.2 to 5.0!
A new Bluetooth security vulnerability has been discovered by the organization behind the Bluetooth wireless technology. All devices using Bluetooth versions 4.2 to 5.0 are affected by this vulnerability. A feature in Bluetooth version 5.1 can be used to ensure that this device is not vulnerable to the discovered vulnerability.
Pentest Trends 2020 – You can expect these topics in the webinar on 25.09!
On Friday 25.09.2020, AWARE7 will host a webinar on the Pentest Trends 2020. Matteo Große-Kampmann will provide current figures and internal details on penetration tests performed from 10:00 a.m. How to register for this free webinar and what topics you can expect to hear is explained in this blog post.
Pentest Tools #3 – SSLScan
In the third week of the blog series, in which we present various hacker tools, we are still in the reconnaissance phase, in which the attacker collects as much information as possible about the targets. The Pentest tool #3 is SSLScan. This scanner provides quick information about which encryption methods are used on the scanned server. So it can be quickly determined whether the encrypted connection is still at the current security standard.
Corona Grandchild Trick – An old scam in a new form!
Last week there was a report in Essen about a new scam, the so-called Corona grandchild trick. An elderly gentleman was cheated out of several thousand Euros by the perpetrator faking a disease of the corona virus. How exactly this scam took place and how you can protect yourself and your family members from this attack is explained in the following blog post.
