Skip to content

Gotham Security Daily Threat Alerts

by on May 29, 2013

May 28, The H – (International) PayPal vulnerable to cross-site scripting again. A student in Germany disclosed a cross-site scripting (XSS) vulnerability in PayPal’s German language version of the site. Source: http://www.h-online.com/security/news/item/PayPal-vulnerable-to-cross-site-scripting-again-1871763.html

May 28, Softpedia – (International) Experts find multiple security flaws in Trend Micro’s DirectPass 1.5.0. A researcher from Vulnerability Lab found two vulnerabilities in Trend Micro’s DirectPass password management software that could allow arbitrary code injection, hijack sessions, or perform other actions. Source: http://news.softpedia.com/news/Experts-Find-Multiple-Security-Flaws-in-Trend-Micro-s-DirectPass-1-5-0-356425.shtml

May 28, SC Magazine – (International) ITV and Sky both hit by the Syrian Electronic Army. Members of the Syrian Electronic Army hacktivist group compromised the Twitter account of U.K. broadcaster ITV News and hacked at least six Android apps for U.K. broadcaster Sky in the Google Play Store. Google later removed the compromised apps. Source: http://www.scmagazineuk.com/itv-and-sky-both-hit-by-the-syrian-electronic-army/article/295053/

May 28, Akron Beacon Journal – (Ohio) Turkish group hacks into Akron-Canton Airport website. A cyber group from Turkey hacked into Ohio’s Akron-Canton Airport Web site May 25 and leaked the personal information of about 15,000 customers online that had entered a contest for travel giveaways. Social Security numbers and financial information were not exposed. Source: http://www.ohio.com/news/break-news/turkish-group-hacks-into-akron-canton-airport-website-1.400738

May 27, The H – (International) 0-days in Novell Client for Windows. Two zero day vulnerabilities were discovered by eEye researchers in Novell Client for Windows that can allow local code execution within the kernel. Source: http://www.h-online.com/security/news/item/0-days-in-Novell-Client-for-Windows-1870712.html

May 24, IDG News Service – (International) Researchers find unusual malware targeting Tibetan users in cyberespionage operation. ESET researchers found a piece of cyberespionage malware dubbed Win32/Syndicasec that bypasses Windows User Account Control (UAC) to run arbitrary commands without prompting users to confirm. Source: http://www.networkworld.com/news/2013/052413-researchers-find-unusual-malware-targeting-270133.html

May 24, SC Magazine – (International) Attackers use Skype, other IM apps to spread Liftoh trojan. The Liftoh trojan is being spread via shortened links in Skype instant messages, with malicious links being clicked more than 170,000 times, according to Symantec researchers. Source: http://www.scmagazine.com/attackers-use-skype-other-im-apps-to-spread-liftoh-trojan/article/294860/

May 24, IDG News Service – (International) Researchers warn of increased Zeus malware activity this year. Researchers from Trend Micro warned that activity associated with the Zeus/ZBot financial malware has increased in recent months, with new Zeus variants and capabilities. Source: http://www.networkworld.com/news/2013/052413-researchers-warn-of-increased-zeus-270142.html

From → Security

Comments are closed.

%d bloggers like this: