Happy Friday all! It turns out that a lot happened while I was playing Veracode Defender all week. Here’s some of the headlines, enjoy!
Mobile App Privacy: “New privacy guidelines for mobile app developers” by Lachlan Urquhart (@mooseabyte). In this article, Lachlan Urquhart writes for Sophos on the new standards for mobile application development put out by the GSM Association. The new policies are aimed at making privacy and user protection a main consideration when building apps. GSMA hopes that these standards are widely adopted by developers and applications will become safer for users as a result.
Duqu Trojan: “Kaspersky: Duqu Trojan uses ‘unknown programming language’” by Emil Protalinski (@EmilProtalinski). In this post, Emil Protalinski sheds some light on the Duqu Trojan. Kaspersky Labs has determined that some of the code used in the trojan is actually a new programming language that is unknown to them. The rest of the code is standard C++ and bears a resemblance to the Stuxnet worm, but this new language has experts baffled. Kaspersky has reached out to programmers in an attempt to recognize the new code.
Mass-Injection Attacks: “New Mass Injection Wave of WordPress Websites on the Prowl” by Websense (@websense). This article details Websense’s recent discovery of a widespread mass-injection attack on WordPress-hosted websites. The injection redirects users to a fake antivirus site that tricks visitors into downloading malware disguised as AV software after reporting that their computers are infected (they aren’t, yet). According to Websense, the injections have affected over 200,000 pages spanning 30,000 sites.