[CERT-daily] Tageszusammenfassung - 04.06.2018

Mon Jun 4 18:13:55 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 01-06-2018 18:00 − Montag 04-06-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Mobile Devs Making the Same Security Mistakes Web Devs Made in the Early 2000s ∗∗∗
---------------------------------------------
Mobile app developers are going through the same growing pains that the webdev scene has gone through in the 90s and 2000s when improper input validation led to many security incidents.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mobile-devs-making-the-same-security-mistakes-web-devs-made-in-the-early-2000s/


∗∗∗ SMiShing with Punycode ∗∗∗
---------------------------------------------
Cybercriminals keep coming up with new ways to steal and profit from personal user data. Because mobile devices are so prevalent, and so capable, they are becoming the targets of a variety of cyberattacks that were previously limited to computers. One such attack technique is SMS phishing—SMiShing—in which attacks are delivered via text messages.
---------------------------------------------
https://www.zscaler.com/blogs/research/smishing-punycode


∗∗∗ Scammers Targeting Booking.com Users with Phishing Messages ∗∗∗
---------------------------------------------
Scammers recently targeted Booking.com customers with phishing messages designed to steal their sensitive financial information. According to The Sun, criminals sent out WhatsApp messages and text messages to customers claiming that a security breach had occurred and that recipients needed to change their passwords. The attack correspondence came with a link that, when clicked, gave [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/scammers-targeting-booking-com-users-with-phishing-messages/


∗∗∗ Warnung vor SEPA-Lastschriftbetrug bei Unternehmen ∗∗∗
---------------------------------------------
Unternehmen, die ihre Bankdaten öffentlich haben, werden Opfer eines Betrugs, bei dem Kriminelle ihre Bankverbindung für Verbrechen nutzen. Die Täter/innen greifen auf das SEPA-Lastschriftverfahren zurück und täuschen einen Einzugsermächtigung oder einen Abbuchungsauftrag vor. In anderen Fällen nennen sie bei betrügerischen Einkäufen die Bankdaten des Unternehmens. Es droht ein hoher Geldverlust.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-sepa-lastschriftbetrug-bei-unternehmen/


∗∗∗ Zahlen - Visa-Kreditkarten aufgrund Hardware-Fehlers unbenutzbar ∗∗∗
---------------------------------------------
Der Betrieb laufe nun wieder wie normal – es gebe keinen Hinweis auf einen kriminellen Angriff
---------------------------------------------
https://derstandard.at/2000080869035/Visa-Kreditkarten-aufgrund-Hardware-Fehlers-unbenutzbar


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Apple Security Updates, (Sun, Jun 3rd) ∗∗∗
---------------------------------------------
Summary (MacOS, iOS, tvOS, watchOS)
---------------------------------------------
https://isc.sans.edu/diary/rss/23727


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (procps, xmlrpc, and xmlrpc3), Debian (batik, prosody, redmine, wireshark, and zookeeper), Fedora (jasper, kernel, poppler, and xmlrpc), Mageia (git and wireshark), Red Hat (rh-java-common-xmlrpc), Slackware (git), SUSE (bzr, dpdk-thunderxdpdk, and ocaml), and Ubuntu (exempi).
---------------------------------------------
https://lwn.net/Articles/756489/


∗∗∗ Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1064/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security AppScan Enterprise ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016709

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily