Skip to content

Gotham Security Daily Threat Alerts

by on October 17, 2013

October 16, The Register – (International) Oracle drops shedload of CRITICAL vuln-busting Java patches. Oracle released its October Critical Patch Update (CPU) which includes patches for 127 security vulnerabilities across a range of products. Fifty-one vulnerabilities were addressed in Java, including 12 that could allow attackers to take full control of targeted machines without authentication. Source: http://www.theregister.co.uk/2013/10/16/oracle_quarterly_patch_batch/

October 16, Softpedia – (International) 5 vulnerabilities fixed with release of Chrome 30.0.1599.101. Google released the latest update for its Chrome browser, closing five security issues. Source: http://news.softpedia.com/news/5-Vulnerabilities-Fixed-with-Release-of-Chrome-30-0-1599-101-391599.shtml 27.

October 16, Softpedia – (International) Researchers identify two sandbox escape vulnerabilities in IBM SDK for Java 7.0. Researchers from Security Explorations identified and reported two Java sandbox escape vulnerabilities affecting Java SDK for Java Technology Edition, version 7.0 SR5. The researchers sent a report and proof-of-concept to IBM October 16. Source: http://news.softpedia.com/news/Researchers-Identify-Two-Sandbox-Escape-Vulnerabilities-in-IBM-SDK-for-Java-7-0-391740.shtml

October 16, CNET – (International) Microsoft-DS no longer hackers’ top target. Akamai stated in their “State of the Internet” report that Microsoft-DS, also known as Port 445, was no longer the primary path of attack for attackers, for the first time since Akamai began gathering data on attack vectors in 2008. Cybercriminals have instead changed to targeting users through HTTP Port 80 and SSL Port 443. Source: http://news.cnet.com/8301-1009_3-57607722-83/microsoft-ds-no-longer-hackers-top-target/

October 16, Softpedia – (International) Rapid7.com hijacking: Theft of employee credentials, not faxed DNS change request. Rapid7 reported that a recent attack by hacktivist group KDMS Team did not use a fax request to Register.com to change Rapid7 and Metasploit’s DNS records, as previously reported. Instead, Rapid7 found that the attackers used social engineering to obtain employee credentials for use in the DNS record change. Source: http://news.softpedia.com/news/Rapid7-com-Hijacking-Theft-of-Employee-Credentials-Not-Faxed-DNS-Change-Request-391641.shtml

October 15, Softpedia – (International) Info stealer trojan Nemim used against organizations from the U.S. and Japan. Symantec researchers found that the Nemim trojan is being used in a campaign targeting U.S. and Japanese organizations to collect information from infected computers, and that the campaign and trojan appear similar to the Egobot trojan that has been used to target South Korean organizations since 2009. Source: http://news.softpedia.com/news/Info-Stealer-Trojan-Nemim-Used-Against-Organizations-from-the-US-and-Japan-391292.shtml

From → Security

Comments are closed.

%d bloggers like this: