A take on the security news, week 39 2015
Monday
XchodeGhost infects iOS and OSX applications
A trojanized version of XCode have been used to insert malware into iOS and OSX applications. Some of the infected apps have made it through Apples control regime and hit the AppStore, available for public download.
The trojanized version of XCode is downloaded by developers through other places than the official Apple AppStore. So the lesson to learn is "do not use pirate software for production tasks". And why bother use pirate software of XCode anyway? Its free!
Spy agency puts 1m bounty for iOS9 hack
A security firm called Zerodium is announcing that they will pay 1M dollar for the exclusive rights to an iOS9 hack.
Zerodium is probably going to sell the hack to all those who want to pay the right amount for it. This show us a new business model that is being more and more popular.
http://www.wired.com/2015/09/spy-agency-contractor-puts-1m-bounty-iphone-hack/
TestSSL, a command line utility for SSL probing
TestSSL is a free command line tool that you can use to check a servers TLS/SSL ciphers, protocols and more. It can also check for common SSL vulnerabilities
https://github.com/drwetter/testssl.sh
Tuesday
Mozilla update
Eight vulnerabilities were found by researcher Ronald Crane. Vulnerabilities are fixed in Firefox 41 and Firefox Er 38.3
The advisories are rated as high, so affected software should be updated as soon as possible. https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
Popular app on Google play is spreading malware
The Android game "Brain Test" is shown to be downloading an exploitkit after installation. The exploitkit will then use four different priviliege escalation attacks to gain root access to the device.
The application has been pulled from Google play once, but apperaed in a slighly new variant only short time after the first variant was pulled.
http://blog.checkpoint.com/2015/09/21/braintest-a-new-level-of-sophistication-in-mobile-malware/
Wednesday
Sertificate transparency in Chrome detects another problematic google certificate
Since Google Chrome start requiring Certificate Transparency (CT) on all EV certs in Chrome from 1.january 2015, a couple of suspect Google certs have been detected.
This time it was a google.com certificate that was issued by Symantec Thawte CA that was discovered and reported to Google. The certificate was intended for internal testing only, and had was valid for only one day.
http://www.symantec.com/connect/blogs/tough-day-leaders
http://googleonlinesecurity.blogspot.no/2015/09/improved-digital-certificate-security.html
http://www.certificate-transparency.org
Ransomware is changing tactics from private to business
The criminals behind ransomware is changing their targets from average-joe consumer to small and mediumsize business (SMBs).
SMBs are less likely to have sophisticated detection mechanism, and often lack the sophisticated backupsolutions that the enterprise use.
SMBs also have the economic to pay the ransom, which is not always the case when targeting consumer market.
The last month TorrentLocker and CryptoWall attacks show this trend.
Malvertising attack from Forbes
Fireeye detected that malicious ads were served from the Forbes website. The ads were serverd from a third-party advertising service and was redirecting to Angler and Neutrino exploit kits. The exploit kits were mostly targeting known Flash vulnerabilities.
https://www.fireeye.com/blog/threat-research/2015/09/malvertising_attack.html
Thursday
Vulnerabilities in Kaspersky products
The Project Zero team at Google has discovered multiple problems with the Kaspersky engine. The article walks through one of the vulnerabilities, related to how Kaspersky is treating thinstall containers.
Several other vulnerabilites were found and reported to Kaspersky. The article also honour Kaspersky for fast response on the reported vulnerabilities.
http://googleprojectzero.blogspot.no/2015/09/kaspersky-mo-unpackers-mo-problems.html
Lenovo still collect userdata without permission
The article author has found that his new refurbished Lenovo Thinkpad is sending usage date to a third-party online-marketing company.
If you are running Windows 7 on your Lenovo Thinkpad you should probably see if your machine is also sending data, and disable the service if you want your usage data to stay private.
Friday
Smartphone codes protected by law
A US court have decided that you can not be forced to unlock your smartphone via your passcode.
This is because you can not be forced to give away something that is in your head. However, if your phone are protected with biometric you can be forced to unlock it.
Use SIRI to bypass your Apple device passcode
A design flaw in the lockscreen of your Apple device makes it possible to leverage SIRI to bypass your lockscreen and get access to the Clock application. From the Clock you can get to the Search and Share functionality and if you know your Apple device you can from there get access to contacts and photos.
http://www.theregister.co.uk/2015/09/23/ios_9_contacts_snooped/