About
"Distrust and caution are the parents of security" - Benjamin Franklin
A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week.
The Government Communications Headquarters (GCHQ), one of Britain’s top intelligence agencies, has admitted it sometimes emails passwords in plain text to those who apply for jobs on its site.It was revealed in the last week that those who apply for jobs through the GCHQ’s recruitment portal are emailed their password in plain text after filling out the forgotten password feature on the site.
The bulk of “unknown” malware is being delivered to systems via Web-based attacks, proxies and FTP sessions, according to a study released by Palo Alto Networks this week.
A new variant of Android.Enesoluty, the Android data-stealing Trojan that spreads through spam messages, has recently surfaced in Japan. This time the malware is reportedly being spread through a malicious app, Lime Pop, that disguises itself as a popular game.
Apple has implemented a deadline for when it will reject apps that access devices’ unique device identifier numbers, or UDIDs. Apple has been phasing out the 40-character string of letters and numbers over the last year, yet according to a post on Apple’s Developers site yesterday, this appears to be the final word: Any new apps or app updates that access UDIDs will not be accepted beginning May 1.
Attackers have long had an affinity for having their way with Android phones, but the hammer seems to have really come down over the last few months when it comes to devices manufactured by Samsung.
The developers of Ruby on Rails, the popular web app framework, released four new versions of the product yesterday, complete with fixes for a series of vulnerabilities that could have lead to denial of service attacks and XSS injections.Four vulnerabilities in total are addressed in versions 3.2.13, 3.1.12 and 2.3.18 of Rails, according to a post to the company’s blog on Monday. “All versions are impacted by one or more of these security issues,” according to the post.
The United States Government Accountability Office (GAO) believes that “serious weaknesses remain” in the ways that the Internal Revenue Service handles its internal network, problems that could directly implicate taxpayer data according to a report the regulatory group released on Friday.
Third-party applications accounted for a whopping percentage of vulnerabilities last year, many more than security flaws found in Microsoft programs according to a report released this week by Danish vulnerability research firm Secunia.
The website of the National Vulnerability Database (NVD) remains down today, six days after malware was reportedly found on its servers.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
