Week in review: iOS malware compromising Apple accounts, and fake recruiters on LinkedIn targeting infosec pros

Here’s an overview of some of last week’s most interesting news and articles:


Over 225,000 Apple accounts compromised via iOS malware
Researchers from Palo Alto Networks and China-based WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware.

CPU hardware performance counters for security
In this podcast recorded at Black Hat USA 2015, Nishad Herath, Principal Anti-Malware Technologist at Qualys, talks about CPU hardware performance counters, which allow us to do low latency performance measuring, without special runtime or compile time software instrumentation.

Should the removal of personal info posted online be a human right?
The ‘Right to Be Forgotten’ ruling in May 2014 allows EU citizens to request that search engines remove links to personal information where the information is inaccurate, inadequate, irrelevant or excessive. Russia also recently signed a ‘right to be forgotten’ bill into law, and many are now anticipating where will be next and if the U.S. will follow suit.

How Linux Foundation sysadmins secure their workstations
Sysadmins around the world have been provided with another helpful guide on how to go about hardening their Linux workstations, as Konstantin Ryabitsev, Director of Collaborative IT Services at The Linux Foundation, has released the document on GitHub for anyone to download.

Ashley Madison-themed blackmail, data deletion scams hitting inboxes
In the wake of the Ashley Madison hack and consequent data leaks, blackmailers and scammers are doing their best to extract as much money and information as it’s possible from the panicking users of the popular cheating site.

Fake recruiters on LinkedIn are targeting infosec pros
“There’s a group of fake recruiters on LinkedIn mapping infosec people’s networks. Not sure what their goal is yet, just a heads-up to others,” Yonathan Klijnsma, a threat intelligence analyst working at Dutch infosec firm Fox-IT, warned via his Twitter account.

An emerging global threat: BEC scams hitting more and more businesses
As more and more victims come forward, and the losses sustained by firms in the US and around the world passed the billion dollar mark, the FBI is once again warning businesses about Business Email Compromise (BEC) scams.

Who’s afraid of shadow IT?
Shadow IT is any system or service used inside of a company without explicit approval and deployed using non-IT resources. It was born out of business necessity – the need to be agile and adapt to change. The shadow IT movement is here, and it isn’t going anywhere any time soon.

49 new Regin backdoor modules discovered
The Regin backdoor has been used since at least 2008 to mount spying operations against government organizations, infrastructure operators, private sector businesses, but also researchers and private individuals.

What’s burning up resources for IT pros during the summer?
Over the summer months, most organizations see a significant expansion in the number of remote workers, which can make the job of a network manager or sysadmin increasingly more difficult.

95% of websites in 10 new TLDs are suspicious
There has been an explosion of new neighborhoods on the Web, many of which may be considered for web security purposes as neither safe nor friendly.

Major browser makers synchronize end of support for RC4
Mozilla, Google and Microsoft have come to an agreement: support for the increasingly vulnerable RC4 cryptographic cypher in the companies’ browsers will end in early 2016.

How data breaches are changing information security
In this podcast recorded at Black Hat USA 2015, Gautam Aggarwal, Chief Marketing Officer at Bay Dynamics, takes a look at the past year in the security space and the important events that have shaped the industry.

Should a data breach be the kiss of death for the CEO?
The fact that CEOs have tendered their resignations in the aftermath of public breaches is a clear indication that the executive level is being held more accountable for the cyber security practices of their organizations. This is a trend that will likely continue, particularly for companies like Ashely Madison whose business it is to protect their customers’ privacy.

Adware installer gives itself permission to access Mac users’ keychain
Malwarebytes researcher Adam Thomas has made an interesting discovery: an adware installer created by Genieo, a well-known distributor of unwanted software, is taking advantage of an OS X feature to access information stored in the “Safari Extension List” in the users’ keychain.

It’s undeniable, IoT will change security forever
Over 20 percent of enterprises will have digital security services devoted to protecting business initiatives using devices and services in the Internet of Things (IoT) by year end 2017, according to Gartner.

Persistent cyber spies try to impersonate security researchers
Rocket Kitten, a cyber espionage group that mostly targets individuals in the Middle East, has been spotted attempting to impersonate security researchers.

PayPal stored XSS vulnerability exposed
Bitdefender researchers have located a stored XSS vulnerability in PayPal that leaves the e-payment service open for hackers to upload maliciously crafted files, capable of performing attacks on registered users of the service.

Why collaboration is crucial in the battle for IT security
Guy Wertheim, the CTO at Comilion, talks about the importance of collaboration and data sharing in the battle for increased security.

Clever Android ransomware infects tens of thousands of devices
“We estimate that tens of thousands of devices have been infected. We have evidence that users have already paid hundreds of thousands of dollars to get their files unencrypted, and the actual infection rate may be much higher,” Ofer Caspi from CheckPoint’s malware research team warns.

Best practices for ensuring compliance in the age of cloud computing
Compliance is still largely a manual set of processes, even though the regulatory landscape is continually more complex. Finding and hiring enough qualified compliance people is difficult and, ultimately, doesn’t scale well.

Rudra: Framework for automated inspection of network capture files
In this podcast recorded at Black Hat USA 2015, Ankur Tyagi, Malware Research Engineer at Qualys, talks about Rudra, a framework for automated inspection of network capture files. It extends upon another tool called flow inspect and adds subsequent file-format aware analytics to its feature set.

More about

Don't miss