FireEye (FEYE) security researchers have discovered an Apple (AAPL) iOS vulnerability that enables attackers to use a fake iOS app to replace an app that is installed through the App Store. What is the impact of the "Masque Attack" iOS vulnerability? Find out in this week's IT security stories to watch.
FireEye security researchers have discovered an Apple iOS vulnerability that enables attackers to use a fake iOS app to replace an app that is installed through the App Store.
Network security firm FireEye (FEYE) last week released details about "Masque Attack," an Apple (AAPL) iOS vulnerability that allows hackers to use links to popular applications to replace these apps with fake versions that provide unauthorized access to a user's login credentials and sensitive data.
We've got that news plus updates on the Home Depot breach, new research on security in the cloud, and Kaspersky Lab updates on the Stuxnet worm. That and more security news for managed service providers (MSPs) in this week's security stories to watch.
What else do managed service providers (MSPs) need to know about Masque Attack? Find out in this week's IT security stories to watch:
1. Masque Attack puts iOS users at risk
The United States Computer Emergency Readiness Team (US-CERT) has issued a warning about Masque Attack, but Apple told the San Jose Mercury News that it was unaware of any users who have been affected by the vulnerability thus far.
Are you installing iOS apps safely? FireEye noted hackers recently have used the Masque Attack vulnerability to replace preinstalled iOS apps with malware.
"This technique takes advantage of a security weakness that allows an untrusted app -- with the same 'bundle identifier' as that of a legitimate app -- to replace the legitimate app on an affected device, while keeping all of the user's data," US-CERT wrote in its Masque Attack warning. "This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier."
FireEye pointed out it originally notified Apple about this vulnerability in July and is offering the following recommendations to help iOS users minimize Masque Attack risks:
- Don't install apps from third-party sources other than Apple's official App Store or the user's own organization.
- Don't click "Install" on a pop-up from a third-party website, regardless of what the pop-up says about an app.
- When opening an app, if iOS shows an alert with "Untrusted App Developer," click on "Don't Trust"and uninstall the app immediately.
"In this situation, we consider it urgent to let the public know, since there could be existing attacks that haven't been found by security vendors," FireEye wrote in a blog post. "We are also sharing mitigation measures to help iOS users better protect themselves."
2. Gigaom Research: Security is top cloud concern for most organizations
The report, titled "Shadow IT: Data Protection and Cloud Security," also showed that shadow IT's destination "is often the cloud."
Other report findings included:
- 83 percent of organizations have adopted the cloud for some function, but few are using the cloud to deploy complex enterprise applications.
- 81 percent of line-of-business employees admitted to using unauthorized software-as-a-service (SaaS) applications, and 38 percent said they are deliberately using unsanctioned apps because of the IT-approval process.
- 70 percent of unauthorized access to data is committed by an organization's own employees.
- Security (62 percent), application performance (44 percent) and time required to develop related skills (41 percent) top the list of cloud concerns.
"Instead of divesting itself of responsibility, IT organizations should get in front of shadow IT and prevent its spread. When IT takes control of an organization's cloud usage it provides better cloud utilization, which in turn, allows cloud compute and storage to reach its full potential. At the same time, IT keeps the organization's data better protected and more secure," researchers wrote in the report.
3. Kaspersky identifies first Stuxnet worm victims
Hackers have used the Stuxnet worm to target power plants, dams and other industrial control systems that are used to monitor and control industrial facilities, and Kaspersky Lab last week found out exactly who were the first victims of this cyber attack.
Kaspersky researchers discovered that Stuxnet initially attacked five organizations that were operating in Iran.
Researchers also noted "there was no doubt that the whole attack had a targeted nature."
"Analyzing the professional activities of the first organizations to fall victim to Stuxnet gives us a better understanding of how the whole operation was planned. At the end of the day, this is an example of a supply-chain attack vector, where the malware is delivered to the target organization indirectly via networks of partners that the target organization may work with," Alexander Gostev, Kaspersky's chief security expert, said in a prepared statement.
4. Home Depot data breach: 39 lawsuits and counting
A recent data breach continues to take its toll on The Home Depot (HD) and its customers.