September 20, Softpedia – (International) Three Symantec employees fired for issuing fake Google SSL certificates. Symantec fired three employees for issuing rogue Secure Sockets Layer (SSL) certificates after Google engineers working for the Certificate Transparency project discovered that the company had issued fake Google.com certificates with “extended validation” labels. Source
September 20, IDG News Service – (International) Apple removes malware-infected iOS apps from store. Apple officials reported that the company had taken down about 40 iOS applications that were affected by a new form of malware called XcodeGhost, which modifies the Xcode integrated development environment and collects information on devices. Source
September 19, Softpedia – (International) Ghost Push Android malware infects 600,000 new users per day. Security researchers from Cheetah Mobile discovered that a new type of boot-persistent Android malware called Ghost Push is being packaged with 39 applications distributed through unofficial channels. The malware has infected 14,847 phone types and models across 3,658 brands worldwide. Source
September 18, Softpedia – (International) Infographic: Over 170,000 Magento shops are still vulnerable to Shoplift bug. Security researchers from Byte reported that 173,547 Magento stores are still vulnerable to the Shoplift vulnerability discovered in February, which resulted in stolen customer data and diverted payments. Source
September 18, Softpedia – (International) Thousands of WordPress sites hijacked to distribute malware in the last two days. Security researchers from Sucuri discovered a new malware campaign affecting thousands of WordPress websites, called VisitorTracker, in which hackers are hijacking sites and adding malicious JavaScript code that uses iframe calls to direct users to a site hosting the Nuclear Exploit Kit (EK). Source
September 18, Threatpost – (International) Google details plans to disable SSLV3 RC4. Google officials announced the company’s formal intent to move away from the Rivest Cipher 4 (RC4) and Secure Sockets Layer version 3 (SSLv3) protocols due to security concerns, and laid out future standards for Transport Layer Security (TLS) clients. Source