End-of-Shift report
Timeframe: Dienstag 27-05-2014 18:00 − Mittwoch 28-05-2014 18:00
Handler: Christian Wojner
Co-Handler: Stephan Richter
Spam Campaign Spreading Malware Disguised as HeartBleed Bug Virus Removal Tool
At the beginning of April, a vulnerability in the OpenSSL cryptography library, also known as the Heartbleed bug, made headlines around the world.read more
http://www.symantec.com/connect/blogs/spam-campaign-spreading-malware-disguised-heartbleed-bug-virus-removal-tool
[2014-05-28] Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress
Attackers are able to completely compromise the voice recording / surveillance solution "NICE Recording eXpress" as they can gain access to the system and database level and listen to recorded calls without prior authentication or exploit a root backdoor account.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140528-0_NICE_Recording_eXpress_Multiple_critical_vulnerabilities_v10.txt
Apple Ransomware Targeting iCloud Users Hits Australia
A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware.
http://threatpost.com/apple-ransomware-targeting-icloud-users-hits-australia/106301
iPhone-"Entführung" per Fernzugriff: Apple betont, dass iCloud sicher ist
In einem Statement heißt es, die derzeit in Australien die Runde machenden Erpressungsversuche, bei denen Angreifer Apple-Hardware aus der Ferne sperren, hätten nichts mit Sicherheitsproblemen in der iCloud zu tun. Schlechte Passwörter seien schuld.
http://www.heise.de/security/meldung/iPhone-Entfuehrung-per-Fernzugriff-Apple-betont-dass-iCloud-sicher-ist-2209195.html
Bugtraq: LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/archive/1/532224
Kali-Linux: Pentesting-Stick mit Verschlüsselung und Notfallknopf
Wer Kali Linux auf einen USB-Stick installiert, kann die Datenpartition mit Version 1.0.7 endlich verschlüsseln. Das schützt brisante Daten vor neugierigen Blicken. Darüber hinaus gibt es einen Selbstzerstörungs-Mechanismus.
http://www.heise.de/security/meldung/Kali-Linux-Pentesting-Stick-mit-Verschluesselung-und-Notfallknopf-2210716.html
Next End-of-Shift report on 2015-05-30