March 12, Help Net Security – (International) 2,400 unsafe mobile apps found in average large enterprise. Veracode researchers found that hundreds of thousands of mobile applications installed in corporate environments across multiple industries revealed the average global enterprise contains approximately 2,400 unsafe applications in its mobile environment, including apps that expose sensitive data, perform suspicious security actions, or retrieve or share personal information about users. Source
March 12, Help Net Security – (International) Cyber crooks take advantage of ad bidding networks to deliver ransomware. Security researchers at FireEye discovered that malware distributors are leveraging Real Time Bidding networks that are either compromised or controlled entirely by attackers to deliver Cryptowall and other ransomware variants and gain information about victims’ geographic locations, operating systems (OS), and browsers. The malvertising campaign has been active since February 4. Source
March 11, SC Magazine – (International) Self-deleting malware targets home routers to gather information. Trend Micro researchers identified malware called VICEPASS that infects users’ systems via a fake Adobe Flash update, connects to their home routers using a predefined list of usernames and passwords, and attempts to spread to every device on their networks before sending information to a command-and-control (C&C) server and deleting itself. The researchers believe that the malware could be a reconnaissance tool for larger campaigns. Source
March 11, USA Today – (International) Apple’s iTunes, App Store reopen after long outage. Apple restored service to its iTunes, App Store, Mac App Store, and iBooks store March 11 after an internal domain name system (DNS) error brought the services down globally for approximately 12 hours. Source
March 11, Securityweek – (International) Dropbox Android SDK flaw exposes mobile users to attack: IBM. Researchers at IBM Security discovered a flaw, dubbed DroppedIn, in the Dropbox app’s Android software development kit (SDK) that could have enabled attackers to connect to mobile apps using the kit to a Dropbox account they control, and transfer sensitive information or inject malicious data into apps. Dropbox released a fix for the vulnerability that was distributed to other apps that use the same SDK. Source
March 11, Securityweek – (International) Intel Security launches new critical infrastructure security platform. Intel Security announced the Intel Security Critical Infrastructure Protection (CIP) platform, developed in a joint project with Wind River, designed to protect new and legacy infrastructure within electric power grids by separating security management functions of the platform from operational applications, enhancing device identity, malware, data protection, and resiliency. The company stated that CIP can be leveraged across multiple industries and uses. Source