Industry Perspectives Blog

In Case You Missed It: FireEye Top Stories 11/6

| by Kara Wilson | Security News
News
Security News
apple logo grey

1. Details on the Haunting iOS XcodeGhost S: FireEye Labs mobile researchers discovered a new variant of a previously known malware that has infected iOS devices. Apple patched the original malware, but a new variant we call XcodeGhost S works on apps within the Apple App Store and connects to the XcodeGhost Command and Control servers, which are vulnerable to hijacking by threat actors. All organizations should notify their employees of the threat from potentially malicious iOS apps and validate their versions of xCode.


2. Who’s at the iBackDoor? FireEye researchers uncoverd a new potential backdoor version of an ad library embedded in thousands of iOS apps, that was originally published in the Apple App Store. The potential backdoors could be remotely controlled on Apple devices to capture audio and screenshots, monitor and upload device location, and even post encrypted data to remove servers.

Introspection and self-awareness may not be comfortable

3. Is Your Security Team Mature? Josh Goldfarb, FireEye VP and CTO Americas, published a new article in Dark Reading magazine about the maturity and confidence of security teams – and why that matters. According to Goldfarb, “Introspection and self-awareness may not be comfortable, but it is the best way for an organization to develop a robust and mature security posture.” He says maturity is key to improving an organization’s security but it’s only possible through an honest assessment.

4. White House Breach Won’t Change Anything: FireEye chief security strategist Richard Bejtlich said the White House network breach may not have much of an impact on the future of federal cyber security. In an article in FedScoop, Bejtlich said, “The best chance cybersecurity legislation has is related to information sharing,” and that he thinks “pretty soon no one will even care about the breach” because there have been so many cyber attacks which don’t get a lot of attention or spark change.

Previous Post
Next Post