Second Floor Computers

Syrian Electronic Army claims hack of news sites, including CBC

The Syrian Electronic Army is claiming responsibility for the hacking of multiple news websites, including CBC News.

CBCNews.ca was affected Thursday by the hacking. The site returned to normal later Thursday morning.

Earlier, some users trying to access the CBC website reported seeing a pop-up message reading: "You've been hacked by the Syrian Electronic Army (SEA)."

Link to Full Article

Wirelurker is the iPhone's first serious malware threat

iPhone users are usually considered safe from malware, but a new report from Palo Alto Networks suggests that reputation may be about to change. Palo Alto's researchers have discovered a bug called Wirelurker, which the company says may have already impacted hundreds of thousands of users. The bug is primarily spreading through the Maiyadi App Store, a third-party source for OS X software in China, and researchers estimated the infected apps have been downloaded 356,104 times already. Once the computer is infected, Wirelurker spreads to iOS devices that connect over USB, rewriting existing programs on the device through binary file replacement. It's the first such bug that can infect iPhones that haven't been jailbroken, and according to Palo Alto Networks, it's also the first bug discovered in the wild that can turn legitimate iOS apps into malware without downloading additional software.

Link to Full Article

Regin Spying Software Has Been Attacking Governments And Corporations Since 2008

Symantec has found an unusual new threat called Regin aka Backdoor.Regin. The software, which is essentially a very powerful Trojan Horse, appears to have been circulating in the wild since 2008 and has been hitting governmental, industrial, and individual systems with impunity, using sophisticated encryption and targeting systems to spy on targets.

The anti-virus company has released a white paper on the new threat, noting its similarity to the specially targeted Stuxnet virus that attacked Iranian nuclear reactors.

Link to Full Article

Effective security techniques we don't follow enough

It's not all our fault, security is hard

The IT folks at Target weren't stupid or lazy. They had actually done a lot of security work, but it wasn't enough. Modern enterprises are so large and complex that applying best security practices at all times and locations is just too much to ask.

But we all can do better. As a starting point, consider these six programming techniques, products and services which tend to minimize the most common of security problems.

We know that most attackers are lazy and looking for low-hanging fruit. The harder a target you make yourself, the less likely it is that you will be compromised.

Link to Full Article