Apple Updates, Reappearing Backdoors, and iOS Malware
If you looking for a quick security news round up, subscribe to this weekly Infosec vlog. Today, I cover a number of Apple stories, from the latests patches to iOS malware; I warn about a supposedly fixed router backdoor that has re-appeared; and I talk about the trend of governments withholding zero day exploits. Watch the video below for the details, and check out the References for more information and news. Here’s a bonus security tip; If you jump out a plane (like I did), take a parachute! Have a great weekend. (Episode Runtime: 7:38) Direct YouTube Link: https://www.youtube.com/watch?v=JfJbCaLlFns
Episode References:
- iOS malware affects jailbroken devices
- First Reddit post on unflod.dylib – Reddit
- Saurik (Cydia creator) describes how to remove unflod – Reddit
- Blog post on unflod “Baby Panda” – Sektioneins
- Apple releases iOS, OS X, and Apple TV security updates – WGSC
- Ex-Apple security researcher criticizes Apple’s patching strategy – Forbes
- Sercomm hides router backdoor instead of fixing it – Geek.com
- 19-yr old arrested for the Heartbleed tax id hack – Business Insider
- Presentation describing re-discovered router backdoor [PDF] – Synacktiv
- FBI uses Sabu to attack web sites in other countries – NYTimes
- FBI does not disclose 0day flaw in Plesk web control panel – Ars Technica
Extras:
- Lots of great info in Verizon’s latest Data Breach report – Verizon
- Apple also fixes Heartbleed flaw in Airport Extreme and Time Machine – Engadget
- Security vendor alleges that out-dated Amazon VMs lead to hack – Network World
- Ships also susceptible to cyber attack – Business Insider
- Russian Android SMS trojan making moves in US – Computer World
- Hundreds of users send malicious tweets – Ars Technica
- FBI warns health care providers about cyber attacks – Reuters
- Researchers show vulnerabilities in satellite communication systems – The Register
- Latest Parallels Plesk control panel vulnerability– Seclists
- Interesting 0day vulnerability in Web scanning security tool – An7isec
- How The Silk Road bounced back from its government hack and takedown – Motherload
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply