Roundup Here's your Register security roundup to kick off your week.
Malware hides as iOS jailbreak tool
The team over at Cisco Talos has spotted a clever bit of trickery being used by an iOS click fraud operation. Researchers say a piece of malware called "Checkrain" has been making the rounds spoofing a popular iOS jailbreaking tool called "checkra1n".
"The site even claims to be working with popular jailbreaking researchers such as “CoolStar” and Google Project Zero’s Ian Beer," Talos explains.
"The page attempts to look legitimate, prompting users to seemingly download an application to jailbreak their phone. However, there is no application, this is an attempt to install malicious profile onto the end-user device."
Fortunately, the operation doesn't do anything too destructive. The profile will pretend to perform the jailbreak, then run the phone through a number of affiliate links before finally installing a game. The attacker, meanwhile, would get an affiliate fee for the clickthroughs and game installs.
WordPress publishes security update
CMS app WordPress has posted its 5.2.4 update with a number of security fixes.
There's nothing too worrisome in the patch, mostly cross-side scripting and information disclosure flaws, but it is always worth updating your software.
Sucuri hit by DDoS flood
Web security provider Sucuri says earlier this week it had the tables turned when someone pointed a DDoS cannon at the company's own threat protection service. The result was a prolonged outage and subsequent slowdown.
Sucuri said that in addition to flooding its services with traffic, the attackers managed to take down a pair of failsafes that should have protected the network from being knocked offline.
"We experienced a large DDoS that saturated parts of our network, and a series of unforeseen circumstances throughout the chain contributed to the total impact (both in number of customers affected and global performance)," the post explains.
The security provider is declining to provide too many details, and it says the attack is still going on.
New Chinese program expands surveillance
If you thought internet surveillance in China was extensive before, it's about to get even worse. China Law Blog reports that a new program will aim to collect and analyze all raw data in the country, dramatically expanding what is collected and sifted through.
US attacked Iran, says new report
Reuters says that in the midst of last year's Saudi oil field attacks, the US launched a cyber attack against Iran that apparently was aimed at taking down communications equipment.
Warning issued over VPN apps
An alert has been posted over yet another crop of bugs that can make VPN stand for "very public network".
These 10 vulnerabilities cropped up in Pulse VPN. A successful exploit could allow the attacker to spy on some or all of the traffic on the targeted VPN.
Pulse has posted an update, but these fixes will need to be implemented by the providers themselves, so there's not much customers can do.
ICE using stingrays
A report from Univision has found that ICE agents in New York are now using stingray gear to track the movements of people who are suspected of immigration offenses. This isn't anything new for law enforcement agencies, but might be a first for ICE, the much-maligned customs enforcement agency.
Linux Wi-Fi flaw found
Word has surfaced of a potential remote code execution flaw in Linux that would let attackers target Wi-Fi hardware. There are no working PoCs as of yet, but users and admins should make sure to get updates for their devices as soon as a fix is developed and released.