Latest news
Apple confirms being hit in recent watering hole attack
Posted on 20 February 2013.
Apple has become the latest big company to confirm they've been affected by the watering hole attacks that resulted in the compromise of Twitter and Facebook networks, Reuters reported.
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” the company said in a statement. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware."
As Twitter and Facebook before them, Apple didn't mention which website for software developers was the source of the attack, but AllThingsD reported that sources close to the Facebook hacking investigation pointed to iPhoneDevSDK, the home of iOS developer forums.
Ian Sefferman, owner and operator of the site, issued a statement saying that they've learned that the site was used in the attack via the press. "Prior to this article, we had no knowledge of this breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach," he stated.
He explained that the site is targeted for attacks frequently, and because of that they switched to Vanilla Forums last year. But after getting in touch with Facebook's security team and Vanilla, they concluded that this attack has nothing to do with their software.
"What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers. We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013," he shared, adding that they have no reason to believe user data was compromised, but have reset all user passwords just in case.
The first reaction to these breaches was that the attackers are likely Chinese, but according to Bloomberg sources, it seems that Twitter, Facebook, Apple and some 40 other companies were actually attacked by an Eastern European gang of hackers that's after company secrets they can sell.
I wonder that the investigators haven't made public the name of the compromised site sooner, as many developers from a myriad of companies and even independent ones visit the site daily. If the above claim proves to be true, the attackers were apparently out for all they could get and were probably not targeting only high-profile, big firms.
In the meantime, Apple has moved to protect their customers. Apart from patching several vulnerabilities that made this attack possible, the Java update for Mac pushed out on Tuesday also contains an updated Java malware removal tool that will check systems and remove the most common variants of malware.
Home users are advised to disable Java on their computer and browsers if they don't need it, but companies that suspect that their developers might have visited the compromised site have more to do.
Follow @zeljkazorz
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” the company said in a statement. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware."
As Twitter and Facebook before them, Apple didn't mention which website for software developers was the source of the attack, but AllThingsD reported that sources close to the Facebook hacking investigation pointed to iPhoneDevSDK, the home of iOS developer forums.
Ian Sefferman, owner and operator of the site, issued a statement saying that they've learned that the site was used in the attack via the press. "Prior to this article, we had no knowledge of this breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach," he stated.
He explained that the site is targeted for attacks frequently, and because of that they switched to Vanilla Forums last year. But after getting in touch with Facebook's security team and Vanilla, they concluded that this attack has nothing to do with their software.
"What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers. We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013," he shared, adding that they have no reason to believe user data was compromised, but have reset all user passwords just in case.
The first reaction to these breaches was that the attackers are likely Chinese, but according to Bloomberg sources, it seems that Twitter, Facebook, Apple and some 40 other companies were actually attacked by an Eastern European gang of hackers that's after company secrets they can sell.
I wonder that the investigators haven't made public the name of the compromised site sooner, as many developers from a myriad of companies and even independent ones visit the site daily. If the above claim proves to be true, the attackers were apparently out for all they could get and were probably not targeting only high-profile, big firms.
In the meantime, Apple has moved to protect their customers. Apart from patching several vulnerabilities that made this attack possible, the Java update for Mac pushed out on Tuesday also contains an updated Java malware removal tool that will check systems and remove the most common variants of malware.
Home users are advised to disable Java on their computer and browsers if they don't need it, but companies that suspect that their developers might have visited the compromised site have more to do.
Follow @zeljkazorz
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
