Skip to content

Gotham Security Daily Threat Alerts

by on November 14, 2013

November 13, The Register – (International) IE 0-day plugged up by TIFF terror continues in November Patch Tuesday. Microsoft released its November Patch Tuesday round of patches, closing a total of 19 vulnerabilities in Windows and Office products, including three marked as critical. A TIFF image handling vulnerability remained unaddressed but a workaround is available. Source:

November 13, Softpedia – (International) Second version of Hlux/Kelihos botnet getting smaller, Kaspersky says. Researchers at Kaspersky reported progress in their attempts to disrupt the second version of the Hlux/Kelihos botnet, and found that most of the remaining bots in the botnet are running Windows XP, among other findings. Source:

November 13, The Register – (International) Facebook makes Adobe fans change their horrible, horrible passwords. Facebook scanned millions of email addresses and passwords released as part of a major breach of Adobe customer emails and passwords, identified Facebook users with the same passwords, and alerted users to the need to change their passwords to prevent account hijacking. Source:

November 13, Softpedia – (International) Adobe Flash Player 11.9.900.152 addresses critical vulnerabilities. Adobe released a new update for Flash Player, closing two critical memory corruption vulnerabilities. Users were advised to install the updates as soon as possible. Source:

November 12, Sophos – (International) Smartphone PINs skimmed with microphone and camera. Researchers at the University of Cambridge created a program called PIN Skimmer which can utilize a smartphone’s camera and microphone to guess a high proportion of PINs, demonstrating how a malicious program could harvest device PINs and passwords. Source:

November 12, Softpedia – (International) Google Chrome 31.0.1650.48 Stable fixes 25 vulnerabilities. Google released a new major version of its Chrome browser, fixing a total of 25 issues. Source:

November 12, Softpedia – (International) Vulnerabilities in RunKeeper allowed cybercriminals to run XSS worm. A security researcher found and reported a cross-site scripting (XSS) and a cross-site reference forgery (CSRF) vulnerability in the RunKeeper app that could have allowed cybercriminals to develop a worm capable of stealing user cookies, collecting private data, or distributing malware. RunKeeper fixed the vulnerabilities after being notified. Source:

From → Security

Comments are closed.

%d bloggers like this: