Security summary – September 2018

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. iOS 12: These privacy-protection issues remain

Apple has just brought out a new version of their operating system for iPhone, iOS 12. However, some important privacy-protection issues remain, in particular related to the voice control system Siri.

Source in English: computerworld.com

2. Swiss tax app stored user data in public cloud

The Swiss tax app Steuern59.ch stored tax statements and other highly private user documents in a public cloud hosted by Amazon Web Services (AWS). The data was freely available for all AWS users to access and read and included pay slips, birth and marriage certificates.

Source in German: heise.de

3. British Airways hacked

The website and app of British Airways was hacked causing a compromise of numerous customers’ credit card information. All affected individuals have been informed. No travel or passport data were stolen and the company reports to have repaired the data leak.

Source in German: computerworld.ch

4. Vulnerability in surveillance cameras enable misuse

A critical vulnerability in surveillance cameras can be misused to spy on and manipulate video surveillance footage. Once in the system, the attacker can spy on the connected cameras in real time, delete recordings or exchange live images.

Source in German: heise.de
Source in English: darkreading.com

5. Android and iOS spyware Pegasus deployed in more than 40 countries

A recent report from Citizen Lab reveals that the so-called Pegasus spyware, used in Android and iOS devices, has been deployed in more than 45 countries. The spyware has been designed to hack iPhone, Android phones and other mobile devices remotely allowing the attacker to access text messages, calender entries, emails, WhatsApp messages and more.

Source in English: thehackernews.com

6. GovPayNow.com portal leaks millions of customer records

Government Payment Service Inc. is a company, which is used by more than 2,000 government agencies across 35 states to accept online payments from citizens with an open state or local government fine. Now, the company has leaked 14 million customer records including names, addresses and phone numbers.

Source in English: krebsonsecurity.com

7. Ransomware: Display screens in Bristol airport shut down by hackers

A two-day blackout of flight information screens in Bristol airport is reported to have been caused by a ransomware attack. According to the airport sposkeman, no ransom was paid to the attackers.

Source in English: thehackernews.com

8. Coffee house in Bern lets you pay with bitcoins

A coffee house in Bern has announced its intention to enable bitcoin payments. If the future, customers will be able to pay their coffee and snacks with the digital currency using the so-called Bitcoin Lightning Network.

Source in German: computerworld.ch

9. iPhone apps track users and pass on data

Despite of efforts to counteract, suspicious iOS app developers still succeed in gaining access to sensitive user information such as a user’s precise location. According to US security researcher Will Strafach, tens of millions of mobile devices are being targeted. The data is sold on for profit.

Source in German: computerworld.ch