10Fold – Security Never Sleeps – 59

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: A google report identified how many sites still don’t use any security features. Security researchers have identified that there is new malware that can now infect apple devices that aren’t even jailbroken. A phishing attack has targeted banks in Russia by impersonating the Russian cybersecurity defense branch. Yet another android malware strand has been identified that can remotely take control of a device and spy on victims.   

Most Top Websites Still Don’t Use a Basic Security Feature – Publication: Wired – Reporter name: Brian Barrett

A new Google report shows, an alarmingly small number of the web’s most-trafficked sites use this vital security protocol. The Google audit shows that 79 of the web’s top 100 non-Google sites don’t deploy HTTPS by default, while 67 of those use either outdated encryption technology or offer none at all. The worst offenders include big names, like the New York Times and IMDB. (For what it’s worth, WIRED doesn’t currently offer HTTPS either. But we’re working on it.) That’s a big number, especially considering that these 100 sites combined comprise about 25 percent of all website traffic worldwide. It turns out that we’ve got a very vulnerable web.


This Nasty New Malware Can Infect Your Apple iPhone or iPad – Publication: Fortune – Reporter name: Jonathan Vanian

Apple’s mobile operating system just got a nasty bug. Researchers from the cybersecurity firm Palo Alto Networks said on Wednesday that they discovered new malware that can infect Apple iOS devices even if they aren’t jailbroken. The fact that the newly discovered malware, dubbed AceDeceiver, affects non-tampered iOS devices is noteworthy because it shows that hackers are “getting around Apple’s security measures,” the researchers explained.


Dozens of Russian banks Phished by crooks pretending to be FinCERT – Publication: CSO – Reporter name: Steve Ragan

Dozens of banks in Russia were targeted this week by hackers pretending to be the security arm of the Russian Central Bank, FinCERT. While Phishing attacks against banks in Russia are nothing new, one posing as the center that’s supposed to defend banks against attacks like this is worth looking at.  On March 14, shady individuals registered fincert.net, a false URL that – at a glance – would lead one to believe the domain is owned by FinCERT. However, fincert.net isn’t their domain; it’s actually cbr.ru.


New ‘Metaphor’ Android virus can hack Samsung, LG and HTC phones in 15 seconds – Publication: International Business Times – Reporter name: Jason Murdock

Millions of Android users could be at risk from another ‘Stagefright’ security flaw after researchers claim to have made a working exploit that can remotely take control of a device and spy on victims – all in under 20 seconds. Dubbed ‘Metaphor’ by the Israel-based security firm NorthBit that created the exploit, it can give hackers the ability to inject malware that could copy, steal and delete data on the device, take over the smartphone’s microphone and camera for spying purposes and even track a user’s movements via GPS.