Skip to content

Gotham Security Daily Threat Alerts

by on May 6, 2013

May 3, Softpedia – (International) g01pack: First exploit kit to deliver payload via multistage attack. Researchers at Trusteer found a variant of the g01pack Java exploit kit that delivers its payload in a multistage attack to help avoid security programs. Source: http://news.softpedia.com/news/g01pack-First-Exploit-Kit-to-Deliver-Payload-via-Multistage-Attack-350700.shtml

May 3, SC Magazine – (International) Vulnerability data shows majority of websites are susceptible to a serious flow. Vulnerability data analyzed by WhiteHat Security found that 86 percent of all Web sites contain one or more serious vulnerabilities that exposed it to attack. Source: http://www.scmagazineuk.com/vulnerability-data-shows-majority-of-websites-are-susceptible-to-a-serious-flaw/article/291825/

May 3, Softpedia – (International) OAuth vulnerabilities allowed hackers to access private photo on Instagram. A researcher at Break Security identified two methods to hijack Instagram accounts by exploiting OAuth flaws. The flaws were reported to Instagram’s owner, Facebook, and were addressed. Source: http://news.softpedia.com/news/OAuth-Vulnerabilities-Allowed-Hackers-to-Access-Private-Photos-on-Instagram-Video-350730.shtml

May 3, The H – (International) Android virus scanners are easily fooled. Researchers at North Carolina State University and Northwestern University developed a tool that modifies existing Android malware apps in minor ways and found that ten antivirus programs tested could be tricked into registering the malware as harmless. Source: http://www.h-online.com/security/news/item/Android-virus-scanners-are-easily-fooled-1856133.html

May 3, The H – (International) Certificate bug in open source IPsec VPN. The developers of the strongSwan open source IPsec VPN software found its software may accept invalid digital signatures and certificates if the OpenSSL crypto backend is enabled. Source: http://www.h-online.com/security/news/item/Certificate-bug-in-open-source-IPsec-VPN-1855695.html

May 3, Softpedia – (International) CakePHP 1.2.12, 1.3.16, 2.2.8, and 2.3.4 released to prevent SQL injections. The Cake Software Foundation released updates to several versions of CakePHP to address a vulnerability that could allow SQL injection attacks. Source: http://news.softpedia.com/news/CakePHP-1-2-12-1-3-16-2-2-8-and-2-3-4-Released-to-Prevent-SQL-Injections-350709.shtml

From → Security

Comments are closed.

%d bloggers like this: