2. Who’s at the iBackDoor? FireEye researchers uncoverd a new potential backdoor version of an ad library embedded in thousands of iOS apps, that was originally published in the Apple App Store. The potential backdoors could be remotely controlled on Apple devices to capture audio and screenshots, monitor and upload device location, and even post encrypted data to remove servers.
Industry Perspectives Blog
In Case You Missed It: FireEye Top Stories 11/6
1. Details on the Haunting iOS XcodeGhost S: FireEye Labs mobile researchers discovered a new variant of a previously known malware that has infected iOS devices. Apple patched the original malware, but a new variant we call XcodeGhost S works on apps within the Apple App Store and connects to the XcodeGhost Command and Control servers, which are vulnerable to hijacking by threat actors. All organizations should notify their employees of the threat from potentially malicious iOS apps and validate their versions of xCode.
Introspection and self-awareness may not be comfortable
3. Is Your Security Team Mature?
Josh Goldfarb, FireEye VP and CTO Americas, published a new
article in Dark Reading magazine about
the maturity and confidence of security teams – and why that
matters. According to Goldfarb, “Introspection and self-awareness may
not be comfortable, but it is the best way for an organization to
develop a robust and mature security posture.” He says maturity is key
to improving an organization’s security but it’s only possible through
an honest assessment.
4. White House Breach Won’t Change
Anything: FireEye chief security strategist Richard Bejtlich said
the White House network breach may not have much of an impact on the
future of federal cyber security. In an article in FedScoop, Bejtlich
said, “The best chance cybersecurity legislation has is related to
information sharing,” and that he thinks “pretty soon no one will even
care about the breach” because there have been so many cyber attacks
which don’t get a lot of attention or spark change.