#1282545: Malware hides as iOS jailbreak, Sucuri is insecuri, and China is about to get even worse

Description: Malware hides as iOS jailbreak tool
The team over at Cisco Talos has spotted a clever bit of trickery being used by an iOS click fraud operation. Researchers say a piece of malware called "Checkrain" has been making the rounds spoofing a popular iOS jailbreaking tool called "checkra1n".

"The site even claims to be working with popular jailbreaking researchers such as “CoolStar” and Google Project Zero’s Ian Beer," Talos explains.

"The page attempts to look legitimate, prompting users to seemingly download an application to jailbreak their phone. However, there is no application, this is an attempt to install malicious profile onto the end-user device."

Fortunately, the operation doesn't do anything too destructive. The profile will pretend to perform the jailbreak, then run the phone through a number of affiliate links before finally installing a game. The attacker, meanwhile, would get an affiliate fee for the clickthroughs and game installs.

WordPress publishes security update
CMS app WordPress has posted its 5.2.4 update with a number of security fixes.

There's nothing too worrisome in the patch, mostly cross-side scripting and information disclosure flaws, but it is always worth updating your software.

Sucuri hit by DDoS flood
Web security provider Sucuri says earlier this week it had the tables turned when someone pointed a DDoS cannon at the company's own threat protection service. The result was a prolonged outage and subsequent slowdown.

Sucuri said that in addition to flooding its services with traffic, the attackers managed to take down a pair of failsafes that should have protected the network from being knocked offline.

"We experienced a large DDoS that saturated parts of our network, and a series of unforeseen circumstances throughout the chain contributed to the total impact (both in number of customers affected and global performance)," the post explains.

The security provider is declining to provide too many details, and it says the attack is still going on.

New Chinese program expands surveillance
If you thought internet surveillance in China was extensive before, it's about to get even worse. China Law Blog reports that a new program will aim to collect and analyze all raw data in the country, dramatically expanding what is collected and sifted through.

US attacked Iran, says new report
Reuters says that in the midst of last year's Saudi oil field attacks, the US launched a cyber attack against Iran that apparently was aimed at taking down communications equipment.
More info: https://www.theregister.co.uk/2019/10/21/security_roundup_181019/

Date added Oct. 21, 2019, 8:45 a.m.
Source TheRegister
Subjects
  • Apple iPhone
  • Apple iPhone - IOS
  • DOS/DDos Attack info and General information
  • Latest Global Security News
  • Sucuri