Security hole

Bar association affected by ransomware – perpetrators demand ransom!

5. January 202213. October 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

The Bar Association’s electronic lawyer mailbox (BeA) has apparently fallen victim to a ransomware attack. A misconfigured database now allowed the attackers to demand ransomware, among other things. Bar association hit by ransomware 2 weeks ago The news website Golem already reported about 2 weeks ago that the information page … continue reading

Bluetooth security vulnerability – BLURtooth is dangerous for Bluetooth 4.2 to 5.0!

5. January 202222. September 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

A new Bluetooth security vulnerability has been discovered by the organization behind the Bluetooth wireless technology. All devices using Bluetooth versions 4.2 to 5.0 are affected by this vulnerability. A feature in Bluetooth version 5.1 can be used to ensure that this device is not vulnerable to the discovered vulnerability.

WhatsApp failure due to unreadable message!

5. January 202214. September 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

The popular Messenger WhatsApp is frequently featured in our blog posts. In today’s blog post, we discuss a WhatsApp failure that could cause the app to crash and require reinstallation. This WhatsApp vulnerability is worth mentioning because it can be triggered by an unreadable message. How this message looks like and how you can protect yourself from this attack is explained in this article.

Cyber security in shipping – BSI warns!

5. January 202210. September 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

Digitization affects almost all industries. This includes the entire shipping and logistics industry that goes hand in hand with it. A large and costly example of this is the ransomware wave from 2017, when cyber security was affected by the malware “NotPetya” from many logistics companies and shipping lines in the shipping industry, and lost many millions as a result. Now the German Federal Office for Information Security has published a guide on how to improve IT security in this industry.

Security gap in learning platform Mebis!

5. January 202228. August 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

Learning platforms get in Covid19 times more and more attention and win strongly at users. However, not all of these platforms are secure and protect the users’ data sufficiently. This is also the case with the platform Mebis, which was developed by the Bavarian Ministry of Culture. A group of hackers has now published an article in which several vulnerabilities are mentioned that are contained in the Mebis platform.

Mailto-Link can be exploited to grab sensitive files!

5. January 202227. August 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

Email is still the main means of communication when you are in business. So-called mailto links ensure that the default email program automatically opens and an email with a predefined sender appears. Researchers of the Ruhr University Bochum have now discovered that in such links not only the recipient can be set, but also attachments can be defined.

GlueBall security gap was only closed after 2 years!

5. January 202225. August 2020 by M.Sc. Jan Hörnemann (CeHv10, ISB according to ISO 27001 (TÜV)

A security hole that has been known since 2018 has now been closed. This vulnerability was called GlueBall by the two discoverers and was given the rating “Important” by Microsoft after it was ignored for 2 years.

Instagram Security Tool Pysa – Facebook publishes Sourcecode

5. January 202220. August 2020 by Jonas Poenicke

In order to check their own software for security relevant errors and security holes, the developers of Instagram use the security tool Pysa (this is the name it unfavorably shares with ransomware). The source code for this tool has now been disclosed and made freely available to Facebook.

Unc0ver: Jailbreak for iOS 11 to 13.5 available!

5. January 202225. May 2020 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

Since Saturday, a non-permanent and fully reversible jailbreak is available for iOS 11 to 13.5. The possibility to break out of Apple’s operating system is based on a zero-day gap which is at home in the kernel. The developers are positive that the jailbreak also works with iOS 14. With the release of the jailbreak the developers renounce the participation in a bug bounty program.

Hacker Shop – Buying hacking hardware

5. January 202219. May 2020 by M.Sc. Chris Wojzechowski (IT-Risk Manager, IT-Grundschutz Practitioner (TÜV)

In a hacker shop you can buy ready-made hardware and software for attacking IT systems. The hardware can also save time and carry out complex work faster when carrying out a professional penetration test on site.

Having received the hardware without the explicit declaration of consent can have legal consequences. The different tools range from espionage to the wilful destruction of property.