Skip to content

Gotham Security Daily Threat Alerts

by on April 11, 2013

April 10, The H – (International) Social Media Widget for WordPress a source of spam. Researchers at Securi discovered that WordPress Social Media Widget version 4.0 had malicious code added to it that injects spam advertisements into Web sites and recommended that over 900,000 users disable or remove the widget. Source: http://www.h-online.com/security/news/item/Social-Media-Widget-for-WordPress-a-source-of-spam-1838405.html
(Ed. Note – the Gotham Blog does not use the Social Media Widget referred to in this alert.)

April 9, IDG News Service – (International) Glitch hits Apple’s iMessage, Facetime. Apple’s Facetime and iMessage services experienced disruptions for several hours April 9. Source: http://www.networkworld.com/news/2013/040913-glitch-hits-apple39s-imessage-268563.html

April 9, CNET News – (International) Vudu resets users’ passwords after hard drives lost in office burglary. Video service Vudu reset user passwords after April 9 following a March 24 break-in at the company’s offices in which thieves made off with hard drives containing sensitive customer information. Source: http://news.cnet.com/8301-1009_3-57578766-83/vudu-resets-user-passwords-after-hard-drives-lost-in-office-burglary/

April 9, CSO Online – (International) CAMP for Chrome catches 99% of malware, Google says. Google researchers presented a paper at the Network and Distributed System Security Symposium showing how their content-agnostic malware prediction system (CAMP) uses client- and server-side techniques to block almost all malware. Source: http://www.networkworld.com/news/2013/040913-camp-for-chrome-catches-99-268529.html

April 9, V3.co.uk – (International) Adobe posts fixes for ColdFusion, Flash and Shockwave. Adobe released patches closing several vulnerabilities in its Flash, ColdFusion, and Shockwave products. Source: http://www.v3.co.uk/v3-uk/news/2260334/adobe-posts-fixes-for-coldfusion-flash-and-shockwave

April 9, Threatpost – (International) Pwn2Own IE vulnerabilities missing from Microsoft Patch Tuesday updates. The patches released for Microsoft’s Internet Explorer (IE) browser in an April 9 Patch Tuesday update did not include fixes for vulnerabilities discovered during the February Pwn2Own competition. Source: http://threatpost.com/en_us/blogs/pwn2own-ie-vulnerabilities-missing-microsoft-patch-tuesday-updates-040913

April 9, TechWorld – (International) SQL injection flaws easy to find and exploit, Veracode report finds. Veracode’s latest State of Software Security report revealed a number of findings on software security, including that only 13 percent of submitted Web applications passed a generic list of security problems. Source: http://www.networkworld.com/news/2013/040913-sql-injection-flaws-easy-to-268539.html

April 9, PC Magazine; Ars Technica – (International) LulzSec hackers plead guilty to hacks on Nintendo, Sony, more. Three members of the LulzSec hacking group that attacked media, government, and security firms pleaded guilty to computer security charges in the U.K. Source: http://www.pcmag.com/article2/0,2817,2417574,00.asp

From → Security

Comments are closed.

%d bloggers like this: