Friday, September 18, 2015

Oh my God! Red Hat, the App Store and thousand of WordPress sites, hacked

Today is one of these days when we can understand, live, the status of great chaos and insecurity that we suffer in cyber space. Maybe because we're very close to the Big Bang of the new connected world and the particles crash in disorder... Be that as it may, the insecurity is more present in days like today, when we read news like the thousand of WordPress sites which are being assaulted to infect their visitors, hacks against the App Store and Red Hat and a notable hole in Bugzilla.


Netanel Rubin discovered the bug in Bugzilla
Today is difficult to discern the most serious news, so we start with the one that can concern more common cybernauts: they warn us about an active campaign which assault WordPress sites to introduce malware which will infect visitors. The campaign started 15 days ago and the number of victims is growing exponentially: if last Thursday in a day 1.000 sites were compromised, this Tuesday were 6.000. Be careful visiting sites with WordPress, do it with an updated browser.


Malware in App Store

And we go on with another malware. Chinese researchers warn about a new menaceXcodeGhost, the first malicious compilator for OS X. A lot of iOS app developers get infected downloading frm not official sites the platform of Apple Xcode, created infected apps without knowing it, these apps passed the controls and finished in the App Store. It's the sixth malware which achieve it.   

Code in doubt

Another not having a great moment are the ones from the company Red Hat, which has recently announced that the site of their developers community of open code Celph was assaulted last week. It doesn't seem that the intruders touched the code, but you never know, so Red Hat just clearly told that they cannot ensure what the users may had downloaded in the past.

Ah, Bugzilla

But there's anybody good in the cyberspace? Yes, people and enterprises that when they discover a hole warn the interested, instead making the most of it for its own benefit. It's the case of PerimeterX, that has found a way to enter as a user with privileges in the failures warehouse of Mozilla, Bugzilla, and be able to see which of them are not solved, which companies are affected, etc. The trick to enter is very easy, although Mozilla must consider it frightening.

Under this storm of virus and attacks we just finish another interesting week of IT security news. We summon our readers to visit us on Sunday morning (10.00) when we'll publish the lecture with Joxean Koret, author of the book "The Antivirus Hacker's Handbook". 

0 comments:

Post a Comment