Tuesday, September 1, 2015

Apple struggles

The world of security breaches is on the daily agenda. As soon it affects a small shop in a hood, or a giant like Apple, which is in the news these days because of two malwares able to scare us to the bone. A "new technique" used for phishing campaigns is added to the equation, and an opinion article about the consequences of a scenario in which security breaches are published on highly media events.

How many times have we warned about having a jailbroken device? A new iOS exploit for jailbroken devices allowed the attackers to steal 220.000 iTunes users account credentials, which are supposedly available for the installation of different malwares using cydia, the non official market for this platform.

One tweet, one infected

What has a tweet to do with the management of OS X keychain? A lot, it looks, because an "enlightened" has found a way to make a permission request on OS X which allows him to take control of the system. And the needed code fits in just one tweet...

PDFs are the devil´s work

Or at least this is one of the classic alerts launched every day to fight against phishing campaigns. A PDF is itself a potential backdoor for malware to be installed in our devices. In today´s case, the PDF was clean, which allowed the mail to reach our inbox crossing all the security controls, but inside it includes alink to a fake banking web. So, keep an eye on where you click...

Security breaches changes everything
It has become clear in the last hackers meeting, the DefCON and BlackHat. Conferences which have evolved from a geek and technical environment, to another one in which most of the media want to be present. An environment in which the announcement of a vulnerability has to be accounted as a reputational crisis for the services and the companies involved in it, which has a positive impact on the final security of the systems.

So we are living an exciting moment in which security is no more an addition to become a critical piece on every business kernel.

0 comments:

Post a Comment