Cyber Security: Hot Weekly News – September 19, 2014
#1. Virus Citadel has become an instrument for making targeted attacks
Banking Trojan got a number of new features and is currently used in the attacks on the Middle East petrochemical companies.
Hackers who commit targeted attacks, began to use an improved version of the malware Citadel to conduct cyber attacks on several Middle Eastern petrochemical companies. This is reported by researchers at Trusteer.
According to head of Trusteer Corporate Security Dana Tamir, the affected companies received notice that they being targeted cyber attack.
Early versions of the Citadel malware has used to carry out attacks, “man in the middle” and the abduction of financial data, but a modified version of the malware is able to deal more damage.
A new variant of Citadel is able to intercept user names and passwords when you log on to corporate e-mail, record keystrokes, capture screenshots, embed malicious code in the web-page and give hackers complete control over the victim’s PC. Moreover, the virus uses advanced anti-detection technology and obfuscation code. Because of this, it is much more difficult to discover and explore.
See more at: http://securityintelligence.com/
#2. Well-known companies and brands are favorite targets for fraudsters
The specialists of “Kaspersky Lab” analyzed phishing and malicious emails sent by fraudsters on behalf of international delivery services. The most popular of these are DHL, FedEx and United Parcel Service, TNT.
The phishers’ goals include: theft of confidential data, mainly with the help of fake web pages imitating official pages of the site; installing various malicious programs on users’ computers to monitor user online activity, for steal personal information, to distribute spam and launch DDoS attacks.
See more at: https://securelist.com/
#3. AppBuyer – a new iOS malware affecting jailbroken iOS devices
According to researchers from Palo Alto Networks, the malware steals your Apple ID and password to make purchases in the App Store.
Information Security Researchers from Palo Alto Networks fixed mass distribution of malicious programs AppBuyer, affecting iOS devices, whose owners have implemented Jailbreak smartphone.
The virus was first detected in May this year, when one of the clients of the company turned to the experts. Ultimately, on the device was found two suspicious file functionality which allows you to download, execute, and delete other executable files.
As a result of infection in the system directories «/System/Library/LaunchDaemons/com.archive.plist» and «bin / updatesrv» there are two files. In this com.archive.plist is a configuration file, whose task every 2 hours to check and verify that «/ bin / updatesrv» loaded and running.
The virus is able to function only on Jailbreak smartphones, and its ultimate goal is the acquisition of the various programs in the official App Store.
Read the report of Palo Alto Networks here: http://researchcenter.paloaltonetworks.com/
#4. The first vulnerabilities in iOS 8 were detected immediately after the public release
Apple removed third-party applications that use HealthKit, because they were found previously unknown vulnerabilities.
Almost immediately after the public release of the new version of the operating system iOS the developers from Cupertino have withdrawn software what uses HealthKit. This is due to the fact that in bibiliotek was detected several previously unknown errors.
Moreover, from the App Store to be removed using several HealthKit applications, including MyFitnessPal and CARROT Fit. The developers of these programs intend to publish in the store the previous version of the software to allow users to download them, without waiting for when Apple will eliminate these problems.
It is also worth noting that according to sources The Next Web, the American corporation has not established internal deadlines for the release of relevant fixes.
Read more at: http://thenextweb.com/
#5. eBay redirect attack puts buyers’ credentials at risk
Hackers managed to use XSS-vulnerability on a popular site eBay, to redirect online-auction users to a fake page and get their accounts and financial data.
The vulnerability was discovered by an employee of BBC. He advised the administration of the site on the detected flaws, but on the removal of entries that exploit this vulnerability, it took more than 12 hours.
“EBay is a large company and it should have a 24/7 response team to deal with this – and this case is unambiguously bad,” said Dr Steven Murdoch from University College London’s Information Security Research Group.
The eBay Press Secretary said what this was an isolated case, as the malicious code was detected in only one ad. However, the BBC argued that currently on the site taken 2 more web pages that exploit this vulnerability.
Read more at: http://www.bbc.com/