- Superfish Adware and SSL backdoor preinstalled on Lenovo Laptops: In case you bought a Lenovo Laptop in the last 6 month, you should check it for preinstalled malware and – even worse – a rogue root CA certificate making the system vulnerable to HTTPS spoofing…
- …CERT/CC warns in the meantime, that also other (Komodia) software installs this certificate and private keys, like for example the ‘KeepMyFamilySecure’ parental control software.
- SIM card encryption keys: According to “The Intercept”, US and British intelligence services have stolen encryption keys of the major SIM card maker Gemalto to spy on mobile voice and data communications worldwide. Gemalto produces some 2 billion SIM cards a year and also makes the chips for ‘next-generation’ credit cards.
- Android Malware: Newly discovered Android malware hijacks your (rooted) phones shutdown process. Even though the device appears to be off, it remains functional and the malware can make outgoing calls, take pictures and perform many other tasks.
- Kaspersky published information about a threat actor that ‘surpasses anything known in terms of complexity and sophistication of techniques‘. One of their tools: Malware that allows reprogramming of the hard drive firmware of all popular brands.
- Kaspersky also published their 31-page Lab Report “Financial cyber threats in 2014“
- Drive-by: Anyone who has browsed Jamie Oliver’s site recently should perform a security scan to ensure their computers were not infected. 😉
German:
- Die Digitale Gesellschaft Schweiz hat einen 24-seitigen Bericht zum Thema “Massenüberwachung durch die Geheimdienste: Wie ist die Schweiz betroffen, und welche Massnahmen sind notwendig?” (PDF) veröffentlicht.
SWITCH Security-Blog 