July 1, Securityweek – (International) Attackers abuse RIPv1 Protocol for DDoS reflection: Akami. Security researchers from Akami discovered that malicious actors have been leveraging routers running Routing Information Protocol version 1 (RIPv1) to reflect distributed denial-of-service (DDoS) attacks by creating malicious requests for routes and then spoofing the source Internet protocol (IP) address to match the one of the targeted system. Source
July 1, Softpedia – (International) iOS 8.4 fixes 33 security vulnerabilities. Apple released iOS version 8.4 addressing 33 security vulnerabilities, including a fix for the Logjam flaw that allows a man-in-the-middle (MitM) attacker to downgrade cryptographic security, and other protection against potential arbitrary code execution. Source
July 1, Softpedia – (International) Researchers expose attack on iOS that can break system apps. Security researchers from FireEye reported two Apple iOS flaws, dubbed Manifest Masque and Extension Masque, in which an attacker could break or replace system apps and extensions on an affected device by taking advantage of apps created in Xcode outside of Apple’s App Store. The vulnerabilities behind Manifest Masque attacks were partially addressed in the release of iOS 8.4. Source
June 30, Securityweek – (International) ESET analyzes complex espionage platform used by “Animal Farm” APT. ESET released research on the Dino cyber-espionage platform used by the “Animal Farm” advanced persistent threat (APT) group revealing that Dino is capable of retrieving information, executing Microsoft Windows batch commands, searching for files, and transferring files back and forth between a command and control (C&C) server. Researchers have not determined the tool’s initial infection vector. Source