March 3, Help Net Security – (International) Phishers target victims of iOS device theft. Security researchers at Malwarebytes discovered an elaborate phishing campaign that targets victims of iOS device theft by using spoofed messages and a fake iCloud log-in Web page, which is available in 10 different languages, to steal users’ log-in credentials, enabling the thieves to unlock the stolen devices. Source
March 3, Securityweek – (International) Lossy image compression can hide malicious code in PDF files: Researcher. A security researcher at CSIS discovered that lossy image compressors, such as DCTDecode, could be used to embed malicious code in high-quality grayscale JPEG images found in PDF files. Source
March 3, Help Net Security – (International) Mass infection malware attack targets Android. AdaptiveMobile security researchers uncovered a massive new malware attack directed at Android users that uses victims’ mobile device contacts to send emails, and SMS messages with links to spoofed Amazon vouchers containing the Gazon malware. The attack has infected thousands of devices worldwide and generated over 16,000 click-throughs across multiple channels, such as Facebook, since it began in the U.S. February 25. Source
March 3, Softpedia – (International) D-Link fixes router flaws following public disclosure. D-Link released a firmware update for its DIR-820L router that fixed a flaw that allowed attackers to gain root access to routers through cross-site request forgery (CSRF) attacks by tricking victims into visiting malicious Web pages, allowing unauthorized access to domain name system (DNS) configuration. The company will release updates for other vulnerable routers by March 10. Source