Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On March 21, 2016

March 16, The Register – (International) Middle-aged US bloke pleads guilty to iCloud celeb nude photo hack. The U.S. Department of Justice reported March 16 that a man from Lancaster pleaded guilty to one count of unauthorized access to a protected computer after he illegally accessed and downloaded images from 50 iCloud accounts and 72 Gmail accounts via phishing attacks from November 2012 – September 2014. Source

March 16, Softpedia – (International) AceDeceiver iOS trojan abuses Apple’s Fairplay DRM System to infect users. Researchers from Palo Alto Networks reported that a new iOS trojan dubbed AceDeceiver was targeting Apple, Inc.’s FairPlay digital rights management (DRM) system and can allow attackers to infect both jailbroken and non-jailbroken devices by using a FairPlay Man-in-the-Middle (MitM) attack to spread pirated apps by allowing attackers to request authorized code and distribute the code to any device of choice, enabling hackers to act as a middleman between a victim’s personal computer (PC) and the App store. Source

March 16, Help Net Security – (International) Malvertising campaign hits, NY Times, BBC, AOL. Security researchers from Malwarebytes and Trustwave discovered that a malvertising campaign was targeting popular websites such as the New York Times, Microsoft’s MSN Web site, and The Hill, among other websites, by using the ad networks hosted on each website to serve malicious ads that could lead users to other sites hosting an exploit kit (EK). Source

March 16, Softpedia – (International) Database of abandoned iOS app exposes details for 198,000 users. Security researchers from MacKeeper discovered that the MongoDB database associated with the discontinued Kinoptic iOS app exposed 198,000 users’ information online including usernames, email addresses, and hashed passwords, among other data, via a default MongoDB configuration that allowed the public to access its content without any form of authentication. Source


Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.