Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently.
Here’s what you don’t want to miss from the week of August 31st, 2015:
- On the one-year anniversary of ‘The Fappening,’ an incident in which hundreds of explicit images of some of Hollywood’s most well known female celebrities including Jennifer Lawrence and Jennifer Upton were leaked online, investigators still have yet to attribute who is responsible for the hack. According to The Daily Mail, the Federal Bureau of Investigations has in the past year searched several addresses and seized some electronic equipment, but little is known about those responsible beyond the fact that they allegedly used a tool to launch brute force attacks in order to guess their victims’ login credentials. In total, the hack is believed to have compromised some 500 Apple iCloud accounts.
- According to Palo Alto Networks and a group of Chinese iPhone developers named Weiptech, some 225,000 iPhones have been infected by “KeyRaider,” a piece of mobile malware that intercepts users’ iTune login credentials. This information, in turn, allows attackers to hijack victims’ payment credentials and install paid apps on other iOS devices. As of this writing, individuals who have previously jailbroken their iOS devices are most susceptible to KeyRaider, with the vast majority of victims being located in China.
- Researchers with IBM Security X-Force have discovered a new banking Trojan they have nicknamed “Shifu,” which is Japanese for “thief.” The malware, which is currently targeting 14 separate banks in Japan, is a highly sophisticated banking Trojan to the extent that it incorporates features from other malicious programs, including a domain generation algorithm (DGA) from the Shiz Trojan, string obfuscation and anti-research techniques from Zeus VM, and stealth tactics from the Gozi/ISFB Trojan.
- Xen released a patch for a vulnerability that could allow domains given partial management control to deny service to other parts of the system. The problem apparently results from XENMAPSPACE_gmfn_foreign being able to dump the p2m, on ARM, when it fails to retrieve a reference on the foreign page. Dump_p2m_lookup does not use rate-limited printk, which could therefore allow a malicious infrastructure domain to flood the Xen console. Sysadmins could reduce the hypervisor log level so that it sends out fewer messages, as The Register notes. However, patching is recommended.
- Five months after the Office of Personnel Management first discovered that it had been breached, U.S. officials stated this week that they will begin sending notification letters to the 21.5 million victims at the end of September. As of this week, those individuals will also begin receiving free credit monitoring and identity protection services from a firm called “I.D. Experts.” This $133 million contract, as well as the OPM’s overall credit monitoring strategy, has been criticized by some well known voices in the information security community.
- The Lizard Squad hacker group launched a distributed denial-of-service (DDoS) attack against Britain’s National Crime Agency’s (NCA) website this week in retaliation for the NCA having arrested six users of the group’s DDoS attack tool. The agency’s website was taken down as a result of the attack. However, a spokesman for the NCA stated that the outage in no way affected their operational capacity and in reality constituted only “a temporary inconvenience” to users wishing to visit the site.
- Security researcher Joel Land discovered a number of zero-day vulnerabilities in Belkin’s N600 routers that, if exploited, could allow an attacker to block firmware updates, gain privileged access to the device’s web management interface, and execute cross-site request forgery (CSRF) attacks. Until these vulnerabilities are fixed, the United States Computer Emergency Response Team recommends that users not allow untrusted hosts to connect to their LAN, not browse the Internet while the web management interface has an active session in a browser tab, and implement strong passwords for WiFi connectivity.
- Brian Krebs reported earlier this week that security firm Dr.Web experimented with ways to expose how anti-virus companies might be blindly accepting threat intelligence feeds from rival firms. This story mirrors the allegations of two former Kaspersky Lab employees who claim that their past employer deliberately told the antivirus scanning service Virustotal.com that 10 benign files were malicious in an attempt to cause problems for rival companies. This campaign is said to have targeted AVG, Avast, and Microsoft, among others.
- A security researcher for Check Point’s malware research team has discovered a new variant of the Simplocker Android ransomware that masquerades as a legitimate application on app stores and download pages. The ransomware requests administrative privileges upon installation, which it in turn uses to encrypt the device’s files. Victims are then told that the encryption is the result of NSA activities and that they must pay a fine of $500USD to recover their files. Check Point believes that the attackers behind this malicious program have collected hundreds of thousands of dollars in ransom payments thus far.
- Security provider Malwarebytes recently found that a malvertising campaign is targeting the UK version of the popular dating website Match.com. The campaign appears to use Google shortened URLs that lead to the Angler Exploit Kit, which is known to drop the Bedep ad fraud Trojan as well as Cryptowall ransomware. Match.com has since released a statement claiming it is not aware of any users who have reported having been affected by those malicious adverts.
Title image courtesy of ShutterStock