Gotham Security Daily Threat Alerts

July 5, Softpedia – (International) Private Exploit Pack: New browser exploit kit advertised on hacker forums. A new browser exploit kit named Private Exploit Pack was found being advertised on hacker forums. The exploit pack works on Windows XP, 7, and 8, and contains exploits for Java, Internet Explorer, PDF, and Microsoft Data Access Components.
Source: http://news.softpedia.com/news/New-Browser-Exploit-Pack-Private-Advertised-on-Hacker-Forums-366008.shtml

July 5, Softpedia – (International) Opera 12.16 replaces code signing certificate. Opera Software released version 12.16 of its Opera browser containing a new code signing certificate following a security breach where attackers were able to obtain an older certificate. Source: http://news.softpedia.com/news/Opera-12-16-Replaces-Code-Signing-Certificate-365932.shtml

July 4, V3.co.uk – (International) Android master key leaves 99 percent of Google smartphone and tablet users open to attack. Bluebox Security researchers reported a vulnerability in Android 1.6 and later that can allow an attacker to modify APK code without breaking legitimate apps’ cryptographic signatures, turning a legitimate app into a malicious one. Source: http://www.v3.co.uk/v3-uk/news/2279495/android-master-key-leaves-99-percent-of-google-smartphone-and-tablet-users-open-to-attack

July 4, Softpedia – (International) Customizable mobile number harvesting service found on underground market. Researchers at Webroot identified a mobile number harvesting service for sale on underweb markets that allows the user to customize the type of information they collect, which can then be utilized to drive SMS spam campaigns. Source: http://news.softpedia.com/news/Customizable-Mobile-Number-Harvesting-Service-Found-on-Underground-Market-365696.shtml

July 4, Help Net Security – (International) Trojanized Android app collects info, comments on NSA surveillance. A trojanized version of a legitimate music app was identified that on July 4 was triggered to display an image and run a service criticizing National Security Agency data collection programs. The app also attempts to send device information to a remote server upon restart. Source: https://www.net-security.org/malware_news.php?id=2535

July 4, Help Net Security – (International) Critical Cryptochat group chat bug fixed. The developers of the Cryptochat secure chat program advised users to update to the latest version that fixes a vulnerability in the program’s group chat function that could allow conversations to be cracked via brute for attacks. Source: https://www.net-security.org/secworld.php?id=15182

July 3, The H – (International) Apple releases security update for Mac OS X. Apple released a security update for four versions of its OS X operating system, closing three QuickTime flaws that could cause crashes or allow arbitrary code execution. Source: http://www.h-online.com/security/news/item/Apple-releases-security-update-for-Mac-OS-X-1910729.html