======================= = End-of-Shift report = =======================
Timeframe: Dienstag 27-05-2014 18:00 − Mittwoch 28-05-2014 18:00 Handler: Christian Wojner Co-Handler: Stephan Richter
*** Spam Campaign Spreading Malware Disguised as HeartBleed Bug Virus Removal Tool *** --------------------------------------------- At the beginning of April, a vulnerability in the OpenSSL cryptography library, also known as the Heartbleed bug, made headlines around the world.read more --------------------------------------------- http://www.symantec.com/connect/blogs/spam-campaign-spreading-malware-disgui...
*** [2014-05-28] Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress *** --------------------------------------------- Attackers are able to completely compromise the voice recording / surveillance solution "NICE Recording eXpress" as they can gain access to the system and database level and listen to recorded calls without prior authentication or exploit a root backdoor account. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140...
*** Apple Ransomware Targeting iCloud Users Hits Australia *** --------------------------------------------- A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware. --------------------------------------------- http://threatpost.com/apple-ransomware-targeting-icloud-users-hits-australia...
*** iPhone-"Entführung" per Fernzugriff: Apple betont, dass iCloud sicher ist *** --------------------------------------------- In einem Statement heißt es, die derzeit in Australien die Runde machenden Erpressungsversuche, bei denen Angreifer Apple-Hardware aus der Ferne sperren, hätten nichts mit Sicherheitsproblemen in der iCloud zu tun. Schlechte Passwörter seien schuld. --------------------------------------------- http://www.heise.de/security/meldung/iPhone-Entfuehrung-per-Fernzugriff-Appl...
*** Bugtraq: LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/532224
*** Kali-Linux: Pentesting-Stick mit Verschlüsselung und Notfallknopf *** --------------------------------------------- Wer Kali Linux auf einen USB-Stick installiert, kann die Datenpartition mit Version 1.0.7 endlich verschlüsseln. Das schützt brisante Daten vor neugierigen Blicken. Darüber hinaus gibt es einen Selbstzerstörungs-Mechanismus. --------------------------------------------- http://www.heise.de/security/meldung/Kali-Linux-Pentesting-Stick-mit-Verschl...
Next End-of-Shift report on 2015-05-30