XcodeGhost continues to haunt users of the iOS App Store

One of the big malware stories of the last few days has been the discovery that legitimate developers had uploaded apps to Apple’s App Store, without realising that their code had been compromised.

The malicious code, known as XcodeGhost, managed to insert itself into the developers’ apps via a circuitous route.

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Zero-Day Exploit
Means OS X / iOS
Passwords at Risk Now!

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Beebone Is Sinkholed
Whitehats Take Evil Morphing
Malware Down for Now

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus …

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Dyre Wolf Banking
Malware Is Robbing You Blind.
Beware the Spear Phish!

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus …

> Read More

Android users exposed to malware by installer hijacking vulnerability

Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware.

In other words, a user might attempt to install a legitimate version of “Angry Birds” but instead end up with a Flashlight app that’s harbouring malware.

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Pre-Installed Malware?
Lenovo Superfish Is
Adware Run Amok

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

This One Is Not Good:
‘Skeleton Key’ Malware Will
Now Unlock Networks

 

### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus …

> Read More

Dirty sex website xHamster exploited in malvertising campaign

For anyone thinks that they can get their sexual kicks surfing the seedier parts of the internet, rather than lurking about your city’s red light district, I’ve got some bad news for you. You can catch an infection in real life, and you can catch one on your computer too.

xHamster, one of the world’s most visited adult video websites,

> Read More

State of the Endpoint Identifies Risky Users as Top Threat

For years, security pros have complained joked about over-zealous users who click on everything. With today’s release of the sixth annual State of the Endpoint study by Ponemon Institute, and commissioned by Lumension, the joke is reality for many and unfortunately it isn’t all that funny.

Negligent and/or careless employees who do not follow security policies are ranked the #1 threat to an organization’s IT security said 78% of the new study’s responding IT security professionals.

> Read More

German steel works suffered “massive damage” after hack attack

Hackers who compromised a German steel works inflicted serious damage on one of its blast furnaces, according to a newly released report from the German Federal Office of Information Security.

Once again, according to the German report [PDF], the initial infection took place because a member of staff was tricked by a spearphishing email that used social engineering techniques to lull them into a false sense of security.

> Read More