[CERT-daily] Tageszusammenfassung - Mittwoch 28-05-2014

Wed May 28 18:11:22 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 27-05-2014 18:00 − Mittwoch 28-05-2014 18:00
Handler:     Christian Wojner
Co-Handler:  Stephan Richter


*** Spam Campaign Spreading Malware Disguised as HeartBleed Bug Virus Removal Tool ***
---------------------------------------------
At the beginning of April, a vulnerability in the OpenSSL cryptography library, also known as the Heartbleed bug, made headlines around the world.read more
---------------------------------------------
http://www.symantec.com/connect/blogs/spam-campaign-spreading-malware-disguised-heartbleed-bug-virus-removal-tool


*** [2014-05-28] Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress ***
---------------------------------------------
Attackers are able to completely compromise the voice recording / surveillance solution "NICE Recording eXpress" as they can gain access to the system and database level and listen to recorded calls without prior authentication or exploit a root backdoor account.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140528-0_NICE_Recording_eXpress_Multiple_critical_vulnerabilities_v10.txt


*** Apple Ransomware Targeting iCloud Users Hits Australia ***
---------------------------------------------
A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware.
---------------------------------------------
http://threatpost.com/apple-ransomware-targeting-icloud-users-hits-australia/106301


*** iPhone-"Entführung" per Fernzugriff: Apple betont, dass iCloud sicher ist ***
---------------------------------------------
In einem Statement heißt es, die derzeit in Australien die Runde machenden Erpressungsversuche, bei denen Angreifer Apple-Hardware aus der Ferne sperren, hätten nichts mit Sicherheitsproblemen in der iCloud zu tun. Schlechte Passwörter seien schuld.
---------------------------------------------
http://www.heise.de/security/meldung/iPhone-Entfuehrung-per-Fernzugriff-Apple-betont-dass-iCloud-sicher-ist-2209195.html


*** Bugtraq: LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532224


*** Kali-Linux: Pentesting-Stick mit Verschlüsselung und Notfallknopf ***
---------------------------------------------
Wer Kali Linux auf einen USB-Stick installiert, kann die Datenpartition mit Version 1.0.7 endlich verschlüsseln. Das schützt brisante Daten vor neugierigen Blicken. Darüber hinaus gibt es einen Selbstzerstörungs-Mechanismus.
---------------------------------------------
http://www.heise.de/security/meldung/Kali-Linux-Pentesting-Stick-mit-Verschluesselung-und-Notfallknopf-2210716.html


Next End-of-Shift report on 2015-05-30