Archiv

Google Analytics – no data validation?

/ November 29, 2016/ IT Security, IT Security News&Updates/ 0Kommentare

Recently, one of our clients contacted about something rather strange: a „language“ value in his newly Google Analytics setup that stated: „Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!“ Of course, we all know that browser headers/requests can be easily altered, but we still wonder why Google allows such values in it’s [non-bot]

Weiterlesen

New IoT Malware? Anime/Kami

/ September 5, 2016/ IoT Devices&Security, IoT Security/ 0Kommentare

During August 2016, we came across several devices that were infected with a new malware that we couldn’t identify – for now. It resides in a read-write partition of some CCTV devices (most partitions on these devices are read-only), in a folder called .anime under the name .kami. It seems the attack used hard-coded telnet credentials and then downloaded the

Weiterlesen