Tag Archives: security breach

Apple finds apps infected with malicious code – XcodeGhost

You’ve probably heard the news: Potentially millions of Apple iPhone and iPad users may be at risk after the first-ever major Apple hack — a breach made possible by fake developer tools used to create iOS apps that made their way onto the Apple App Store.

Developers in China sought to reduce software download times by downloading a copy of the Xcode developer tools hosted on a Chinese server instead of the official version available from Apple. Unknown to developers, this counterfeit version of Xcode automatically embedded some malware, called ‘XcodeGhost’, into their apps. According to Apple this may have led to a number of infected iOS apps leaking, “some general information such as the apps and general system information.”

Apple, which prides itself as one of the most secure OS platforms in the world, quickly responded and apparently removed over 300 pieces of malware-infected software from the App Store. It also simultaneously began working with developers to make sure they were using the correct version of Xcode, and not the fake developer code used to create the infected apps.

The full list of affected apps has not yet been disclosed, but Apple has published a list of the most popular currently-known impacted apps.

Ironically, the Apple hack occurred just as Chinese leader President Xi Jinping was arriving in the U.S. to attend a summit with President Barack Obama to discuss concerns about China’s slowing economy and cooperation on cyber security; as well as meet with top tech firms including Apple.

If you feel you’re at risk of having downloaded any infected apps, here are some things you can do:

  • Check the Apple breach list for the known infected apps and delete any of the iOS apps noted above.
  • Be on the look out of prompts asking for your name, password or other information, such as your social security number or other sensitive information from a source you cannot verify.
  • Change your passwords, including your Apple account password.
  • Make sure your apps are up to date.

Home Depot discloses that 53 million customer email addresses were stolen

Home-Depot-ApronThe Home Depot security breach last spring has gotten worse. In addition to the 56 million credit-card accounts that were compromised, around 53 million customer email addresses were also taken, according to a statement from Home Depot about the breach investigation. Home Depot assures its customers that no passwords, payment card information like debit card PIN numbers, or other “sensitive” information was stolen.

The breach occurred when cybercrooks stole a third-party vendor’s user name and password to enter their network in April 2014. The hackers then deployed unique, custom-built malware on Home Depot’s self-checkout registers in the United States and Canada.

The company said that as of September 18, the malware had been eliminated from the network.

Request your free identity protection

The Home Depot is notifying affected customers and still offering free identity protection services, including credit monitoring, to any customer who used a credit or debit card at one of its 2,266 retail stores beginning in April. Customers who wish to take advantage of these services should visit homedepot.allclearid.com or call 1-800-HOMEDEPOT (466-3337).

The Fallout

Home Depot said that customers should be on guard against phishing scams, which are designed to trick customers into providing personal information in response to phony emails.

  • Review your credit card statements carefully and call your bank if you see any suspicious transactions.
  • Be aware of phone calls or emails that appear to offer you identity theft protection but are truly phishing schemes designed to steal your information. Always go directly to The Home Depot’s website or to the AllClear ID website, or call Equifax for information rather than clicking on links in emails.

Get more information from Home Depot’s Facebook page.

// <![CDATA[
(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/all.js#xfbml=1”; fjs.parentNode.insertBefore(js, fjs); }(document, ‘script’, ‘facebook-jssdk’));
// ]]>

 

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.