Cyber security 2014: hot weekly news – September 19

Posted: September 19, 2014 in IT Security News
Tags: , , , , , , ,

Cyber security 2014
Cyber Security: Hot Weekly News – September 19, 2014

#1. Virus Citadel has become an instrument for making targeted attacks

Banking Trojan got a number of new features and is currently used in the attacks on the Middle East petrochemical companies.

Hackers who commit targeted attacks, began to use an improved version of the malware Citadel to conduct cyber attacks on several Middle Eastern petrochemical companies. This is reported by researchers at Trusteer.

According to head of Trusteer Corporate Security Dana Tamir, the affected companies received notice that they being targeted cyber attack.

Early versions of the Citadel malware has used to carry out attacks, “man in the middle” and the abduction of financial data, but a modified version of the malware is able to deal more damage.

A new variant of Citadel is able to intercept user names and passwords when you log on to corporate e-mail, record keystrokes, capture screenshots, embed malicious code in the web-page and give hackers complete control over the victim’s PC. Moreover, the virus uses advanced anti-detection technology and obfuscation code. Because of this, it is much more difficult to discover and explore.

See more at: http://securityintelligence.com/

#2. Well-known companies and brands are favorite targets for fraudsters

The specialists of “Kaspersky Lab” analyzed phishing and malicious emails sent by fraudsters on behalf of international delivery services. The most popular of these are DHL, FedEx and United Parcel Service, TNT.

The phishers’ goals include: theft of confidential data, mainly with the help of fake web pages imitating official pages of the site; installing various malicious programs on users’ computers to monitor user online activity, for steal personal information, to distribute spam and launch DDoS attacks.

In order to recognize a phishing email, the user needs to pay attention to some important details.

See more at: https://securelist.com/

#3. AppBuyer – a new iOS malware affecting jailbroken iOS devices

According to researchers from Palo Alto Networks, the malware steals your Apple ID and password to make purchases in the App Store.

Information Security Researchers from Palo Alto Networks fixed mass distribution of malicious programs AppBuyer, affecting iOS devices, whose owners have implemented Jailbreak smartphone.

The virus was first detected in May this year, when one of the clients of the company turned to the experts. Ultimately, on the device was found two suspicious file functionality which allows you to download, execute, and delete other executable files.

As a result of infection in the system directories «/System/Library/LaunchDaemons/com.archive.plist» and «bin / updatesrv» there are two files. In this com.archive.plist is a configuration file, whose task every 2 hours to check and verify that «/ bin / updatesrv» loaded and running.

The virus is able to function only on Jailbreak smartphones, and its ultimate goal is the acquisition of the various programs in the official App Store.

Read the report of Palo Alto Networks here: http://researchcenter.paloaltonetworks.com/

#4. The first vulnerabilities in iOS 8 were detected immediately after the public release

Apple removed third-party applications that use HealthKit, because they were found previously unknown vulnerabilities.

Almost immediately after the public release of the new version of the operating system iOS the developers from Cupertino have withdrawn software what uses HealthKit. This is due to the fact that in bibiliotek was detected several previously unknown errors.

Moreover, from the App Store to be removed using several HealthKit applications, including MyFitnessPal and CARROT Fit. The developers of these programs intend to publish in the store the previous version of the software to allow users to download them, without waiting for when Apple will eliminate these problems.

It is also worth noting that according to sources The Next Web, the American corporation has not established internal deadlines for the release of relevant fixes.

Read more at: http://thenextweb.com/

#5. eBay redirect attack puts buyers’ credentials at risk

Attacker injected malicious JavaScript-code on the product description page, which redirects the user to a foreign web-site.

Hackers managed to use XSS-vulnerability on a popular site eBay, to redirect online-auction users to a fake page and get their accounts and financial data.

The vulnerability was discovered by an employee of BBC. He advised the administration of the site on the detected flaws, but on the removal of entries that exploit this vulnerability, it took more than 12 hours.

“EBay is a large company and it should have a 24/7 response team to deal with this – and this case is unambiguously bad,” said Dr Steven Murdoch from University College London’s Information Security Research Group.

Researcher was able to determine the type of vulnerability which used hackers – it is a cross-site scripting (XSS). Using it, hackers injected malicious JavaScript code on the product page and redirects the user to a foreign web-site, which is required to enter your username and password from eBay.

The eBay Press Secretary said what this was an isolated case, as the malicious code was detected in only one ad. However, the BBC argued that currently on the site taken 2 more web pages that exploit this vulnerability.

Read more at: http://www.bbc.com/


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s