Salted Links: 13 December 2013

The week's recap and InfoSec links for the late shift workers, and weekend warriors.

So today's one of those days that the superstitious among us are a bit on edge. I'm not a fan of Friday the 13th myself, as a date, but I loved the movies. Still, it's Friday though, and so it's a good time to recap some interesting stories, and share a few links with those of you working the late shift or over the weekend.

Advertising SDK can be hijacked (BitDefender)

On Tuesday BitDefender's Vlad Bordianu and Tiberius Axinte published research detailing how some advertising SDKs used in Android app development can pose a serious privacy risk to consumers. At the time the report was published, of the 1,600 malicious apps that the Romanian security firm discovered, only 1,100 of them had been removed from Google Play. BitDefender focuses on the Widdit for their latest research, but they're quick to note that this isn't the only framework vulnerable. [SOURCE]

The NSA owns your mobile presence (Salted Hash)

It's rare that I will pimp my own posts, and I promise not to spam too often. However, what the NSA is doing impacts everyone, whether you agree with agency or not.

This week, the Washington Post reported that the NSA was targeting data delivered to mobile app advertising networks in order to collect location data and infer relationships. The questionable aspect to this ties into the risk that some mobile app advertising platforms pose to consumers, because they sometimes collect information without informed consent. However, content doesn't matter in this case, as the NSA is collecting whatever the advertisers have and using it to their advantage. Moreover, the documents leaked by Edward Snowden confirm that A5/1 poses no issue whatsoever to the agency. [SOURCE]

French government caught spoofing Google certificates (Google)

Google posted to their security blog last weekend, informing the public that the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), France's network and information security agency, were spoofing certificates for several Google domains. Google revoked the certificates, and informed the other browser vendors about the incident. In a statement, the ANSSI said that human error was to blame, and that there was not consequence to the overall state of network security of the public. [SOURCE]

Malware poses as IIS module (Trustwave)

Researchers at Trustwave have discovered malware that passes itself off as a module for Microsoft's IIS software. Making things worse, at the time their report was written few, if any, of the major AV vendors were detecting the problem. The malware targets credit card data. But unlike the recently exposed Pony malware, which targets end-users, this code goes after IIS directly. [SOURCE]

ENISA examines threats and trends in security for 2013

From the end of 2012, until now, the European Union Agency for Network and Information Security (ENISA) examines the threat landscape and notes both the good and bad developments. Included in the overview are incidents that focused on interconnected devices and big data, as well as attack trends and positives such as law enforcement successes throughout the year. The entire report is available for download here.

As usual, if you have suggestions feel free to leave a comment or email me links and story ideas.

New! Download the State of Cybercrime 2017 report