End-of-Day report
Timeframe: Freitag 01-06-2018 18:00 - Montag 04-06-2018 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
News
Mobile Devs Making the Same Security Mistakes Web Devs Made in the Early 2000s
Mobile app developers are going through the same growing pains that the webdev scene has gone through in the 90s and 2000s when improper input validation led to many security incidents.
https://www.bleepingcomputer.com/news/security/mobile-devs-making-the-same-security-mistakes-web-devs-made-in-the-early-2000s/
SMiShing with Punycode
Cybercriminals keep coming up with new ways to steal and profit from personal user data. Because mobile devices are so prevalent, and so capable, they are becoming the targets of a variety of cyberattacks that were previously limited to computers. One such attack technique is SMS phishing-SMiShing-in which attacks are delivered via text messages.
https://www.zscaler.com/blogs/research/smishing-punycode
Scammers Targeting Booking.com Users with Phishing Messages
Scammers recently targeted Booking.com customers with phishing messages designed to steal their sensitive financial information. According to The Sun, criminals sent out WhatsApp messages and text messages to customers claiming that a security breach had occurred and that recipients needed to change their passwords. The attack correspondence came with a link that, when clicked, gave [...]
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/scammers-targeting-booking-com-users-with-phishing-messages/
Warnung vor SEPA-Lastschriftbetrug bei Unternehmen
Unternehmen, die ihre Bankdaten öffentlich haben, werden Opfer eines Betrugs, bei dem Kriminelle ihre Bankverbindung für Verbrechen nutzen. Die Täter/innen greifen auf das SEPA-Lastschriftverfahren zurück und täuschen einen Einzugsermächtigung oder einen Abbuchungsauftrag vor. In anderen Fällen nennen sie bei betrügerischen Einkäufen die Bankdaten des Unternehmens. Es droht ein hoher Geldverlust.
https://www.watchlist-internet.at/news/warnung-vor-sepa-lastschriftbetrug-bei-unternehmen/
Zahlen - Visa-Kreditkarten aufgrund Hardware-Fehlers unbenutzbar
Der Betrieb laufe nun wieder wie normal - es gebe keinen Hinweis auf einen kriminellen Angriff
https://derstandard.at/2000080869035/Visa-Kreditkarten-aufgrund-Hardware-Fehlers-unbenutzbar
Vulnerabilities
Apple Security Updates, (Sun, Jun 3rd)
Summary (MacOS, iOS, tvOS, watchOS)
https://isc.sans.edu/diary/rss/23727
Security updates for Monday
Security updates have been issued by CentOS (procps, xmlrpc, and xmlrpc3), Debian (batik, prosody, redmine, wireshark, and zookeeper), Fedora (jasper, kernel, poppler, and xmlrpc), Mageia (git and wireshark), Red Hat (rh-java-common-xmlrpc), Slackware (git), SUSE (bzr, dpdk-thunderxdpdk, and ocaml), and Ubuntu (exempi).
https://lwn.net/Articles/756489/
Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
https://adv-archiv.dfn-cert.de/adv/2018-1064/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security AppScan Enterprise
http://www-01.ibm.com/support/docview.wss?uid=swg22016709