Skip to content

Gotham Security Daily Threat Alerts

by on October 25, 2013

October 23, Softpedia – (International) Experts warn of critical flaws in Netgear ReadyNAS storage devices. Researchers at Tripwire identified several critical vulnerabilities in Netgear ReadyNAS RAIDiator firmware that could allow attackers to inject their own commands without authentication. Newer versions of the firmware address the vulnerabilities, but the researchers found that 73 percent of the appliances connected to the Internet were not patched. Source: http://news.softpedia.com/news/Experts-Warn-of-Critical-Flaws-in-Netgear-ReadyNAS-Storage-Devices-393679.shtml

October 23, Softpedia – (International) Network Solutions apologizes to customers after DNS incident. Network Solutions informed users experiencing DNS and email issues October 21 that the problems were caused by spam abuse that resulted in blacklisting by four organizations. Source: http://news.softpedia.com/news/Network-Solutions-Apologizes-to-Customers-After-DNS-Incident-393738.shtml

October 23, Softpedia – (International) Apache Shindig 2.5.0 updated to address XXE vulnerability. The Apache Software Foundation released Apache Shindig 2.5.0-update 1 which closes an XML external entity (XXE) vulnerability that could allow a malicious gadget author to perform actions that would display the content in a gadget iframe. Source: http://news.softpedia.com/news/Apache-Shindig-2-5-0-Updated-to-Address-XXE-Vulnerability-393575.shtml

October 22, SC Magazine – (International) U.S. enterprises in path of data-hijacking Sazoora campaign, firm finds. A researcher at Seculert reported that more than 1,800 machines in the U.S. were infected by the latest version of the Sazoora data-hijacking trojan, Sazoora.B. The malware has affected around 23,000 machines globally and the newest variant contains new features to help it avoiddetection and botnet hijacking. Source: http://www.scmagazine.com/us-enterprises-in-path-of-data-hijacking-sazoora-campaign-firm-finds/article/317417/

October 22, CNET News – (National) Aaron’s computer rental chain settles FTC spying charges. Rent-to-own computer chain Aaron’s agreed to settle Federal Trade Commission charges that the company installed spyware on customers’ computers that took photos and used keyloggers to steal login credentials. Under the agreement, the company is prohibited from using monitoring programs and must obtain customer consent to use location-tracking software on its rental computers. Source: http://news.cnet.com/8301-1009_3-57608838-83/aarons-computer-rental-chain-settles-ftc-spying-charges/

October 22, Network World – (International) Apple quietly releases iOS 7.0.3, with new fixes and features. Apple released an update for its iOS 7 mobile operating system which closes a security issue where a ‘supervised’ device could revert to ‘unsupervised’ status during an update, as well resolving several other functional issues. Source: http://www.networkworld.com/news/2013/102313-apple-quietly-release-ios-703-275129.html

October 21, Threatpost – (International) Simple bug exposed Verizon Wireless users’ SMS history. A researcher found and reported a vulnerability in Verizon Wireless’s customer portal that enabled anyone to use a subscriber’s phone number to download that user’s SMS history by modifying the portal URL. Source: http://threatpost.com/simple-bug-exposed-verizon-wireless-users-sms-history

From → Security

Comments are closed.

%d bloggers like this: