Skip to content

Gotham Security Daily Threat Alerts

by on August 7, 2013

August 6, Softpedia – (International) Experts identify OAuth bypass vulnerability in Microsoft’s social network Yammer. A Vulnerability Lab researcher identified an OAuth bypass vulnerability in Microsoft’s enterprise social network Yammer that could be used to hijack user accounts. The vulnerability was reported to Microsoft and patched July 2013. Source: http://news.softpedia.com/news/Experts-Identify-OAuth-Bypass-Vulnerability-in-Microsoft-s-Social-Network-Yammer-Video-373394.shtml

August 6, The Register – (International) Windows Phones BLAB passwords to hackers, thanks to weak crypto. Microsoft warned users to take precautions after it was found that the encryption Windows Phones use to transmit domain credentials is cryptographically weak, allowing rogue hotspots to intercept and decrypt the information. Microsoft advised IT departments to distribute a special root certificate that allows the phones to confirm that they are connecting to a genuine access point before transmission. Source: http://www.theregister.co.uk/2013/08/06/microsoft_win_phone_wifi_vuln/

August 6, Softpedia – (International) OpenX.org hacked, backdoor injected into download files. Download files hosted on OpenX.org were found to be infected with a backdoor that could allow attackers to inject and execute arbitrary code on affected servers. OpenX representatives reported that they have removed the compromised files. Source: http://news.softpedia.com/news/OpenX-org-Hacked-Backdoor-Injected-into-Download-Files-373580.shtml

August 6, V3.co.uk – (International) Criminals hosting child pornography on 227 business websites. Researchers at the Internet Watch Foundation found that 227 small and medium-sized businesses’ Web sites were hijacked to store child pornography, possibly the first step in a ransomware or blackmail campaign. Source: http://www.v3.co.uk/v3-uk/news/2287093/criminals-hosting-child-pornography-on-227-business-websites

August 6, Softpedia – (International) DNS servers of 3 Dutch hosting firms hijacked, thousands of sites serve malware. Researchers at Fox-IT found that three Dutch Web hosts were compromised, with the servers of Digitalus and Virtual Dynamix configured to serve malware. Source: http://news.softpedia.com/news/DNS-Servers-of-3-Dutch-Hosting-Firms-Hijacked-Thousands-of-Sites-Serve-Malware-373308.shtml

August 5, IDG News Service – (International) Botnet-powered distributed file storage system uses JavaScript. A researcher from FusionX presenting at the DEF CON 21 conference demonstrated a botnet-like system called HiveMind which uses a piece of JavaScript code loaded into users’ browsers to build a distributed file storage system. Source: https://www.computerworld.com/s/article/9241364/Botnet_powered_
distributed_file_storage_system_uses_JavaScript

 

From → Security

Comments are closed.

%d bloggers like this: