Gotham Security Daily Threat Alerts

September 25, Softpedia: (International) Tumblr fixes DOM XSS vulnerability 2 months after being notified. Tumblr fixed a DOM-based cross-site scripting (XSS) vulnerability that could be used for spam, spreading malware, and phishing attacks 2 months after a security researcher informed Tumblr of the issue. Source: http://news.softpedia.com/news/Tumblr-Fixes-DOM-XSS-Vulnerability-2-Months-After-Being-Notified-385986.shtml

September 24, Softpedia: (International) Phone numbers harvested from Craigslist used in SMS scam. Symantec researchers identified a scam campaign targeting individuals who have posted ads on Craigslist that appears to be using automated harvesting tools to collect phone numbers in posts and then send SMS messages to the numbers which attempt to get targets to access a link on their PC. The link then takes the user to a fake version of GIMP that installs several additional pieces of software used by scammers to generate money via affiliate programs. Source: http://news.softpedia.com/news/Phone-Numbers-Harvested-from-Craigslist- Used-in-SMS-Scam-385869.shtml

September 24, Threatpost: (International) After botched update, Apple releases Apple TV 6.0, fixes 50+ bugs. Apple re-released an update for its Apple TV product September 23, addressing 57 bugs. The 6.0 update was originally released September 22, but several users complained that the update caused issues for their devices. Source: http://threatpost.com/after-botched-update-apple-releases-apple-tv-6-0-fixes-50-bugs/102399