Security Brief: Mac Malware, Anonymous
The main events of the week between July 15 - July 21
Some time has passed since experts identified new threats designed to target Apple devices. However, over the past week, researchers have discovered two samples: a piece of malware and a ransomware.First, F-Secure researchers have spotted a piece of malware (Janicab) that leverages the right-to-left override (RLO) trick to make it appear as if the malicious file is a harmless PDF document.
Then, Malwarebytes experts found a piece of FBI ransomware designed to lock the browsers of Mac OS X users. Although it only locks up the browser, the threat is not easy to remove.
If you’re a victim, here’s a video that will show you how to get rid of it with only three clicks.
After learning that the OS X ransomware is leveraging its name, the FBI issued an advisory to warn users.
Anonymous hacktivists have been busy this week. First, they leaked some data allegedly stolen from the US Federal Emergency Management Agency (FEMA).
The attack came in response to last year’s cyber security exercise in which an Anonymous attack was simulated. The hackers have leaked two parts of the data they possess, but they claim there’s more to come.
Shortly after, the hackers published around 1,800 email addresses and clear text passwords of US Congress staffers. It later turned out that the data wasn’t stolen from the government’s systems, but from iConstituent, a firm that provides communication services for elected officials.
The government has downplayed the seriousness of the incident, claiming that the login credentials are not accurate, many of them being expired.
This week, Anonymous has also targeted Spain’s ruling party and Gabon’s presidency. In addition, the hackers have announced their plans for November 5, 2013.
On the other hand, there’s also some bad news for hacktivists. Darren Martyn and Donncha O’Cearrbhail, both alleged members of the LulzSec group, have pleaded guilty. This marks Ireland’s first successful prosecution of hackers.
Other hack attacks worth mentioning are the ones against the UAE’s National Transport Authority, the Nasdaq Community Forum, MSI.com, and the Peruvian government.
And since we’re talking about hacks, it’s worth noting that the Syrian Electronic Army has been busy over the past week.
First, they hacked the systems of global phone directory Truecaller. The company confirmed the breach, but downplayed the damages, claiming that the hackers haven’t gained access to any sensitive information.
On Friday, the Syrian Electronic Army hacked the systems of mobile messaging service Tango, allegedly stealing the details of millions of users and 1.5 TB of backups. The firm has taken down its website following the incident.
Here are some other stories in case you’ve missed them:
Instagram account of singer Christina Milian hacked
MIT fears that hackers might turn against its community if the Aaron Swartz Secret Service documents are released
GitHub hit by another DDOS attack
New vulnerability found in Java 7 Update 25 - the attack vector has been known for over 10 years
Network Solutions suffers another DDOS attack
ReKey app patches “master key” vulnerability in Android
Tumblr updates iOS apps to prevent hackers from stealing passwords
South Korean officials accuse North Korea for cyberattacks on government