Skip to content

Gotham Security Daily Threat Alerts

by on November 14, 2013

November 13, The Register – (International) IE 0-day plugged up by TIFF terror continues in November Patch Tuesday. Microsoft released its November Patch Tuesday round of patches, closing a total of 19 vulnerabilities in Windows and Office products, including three marked as critical. A TIFF image handling vulnerability remained unaddressed but a workaround is available. Source: http://www.theregister.co.uk/2013/11/13/november_patch_tuesday/

November 13, Softpedia – (International) Second version of Hlux/Kelihos botnet getting smaller, Kaspersky says. Researchers at Kaspersky reported progress in their attempts to disrupt the second version of the Hlux/Kelihos botnet, and found that most of the remaining bots in the botnet are running Windows XP, among other findings. Source: http://news.softpedia.com/news/Second-Version-of-Hlux-Kelihos-Botnet-Getting-Smaller-Kaspersky-Says-399824.shtml

November 13, The Register – (International) Facebook makes Adobe fans change their horrible, horrible passwords. Facebook scanned millions of email addresses and passwords released as part of a major breach of Adobe customer emails and passwords, identified Facebook users with the same passwords, and alerted users to the need to change their passwords to prevent account hijacking. Source: http://www.theregister.co.uk/2013/11/12/facebook_forces_adobe_users_to_change_their_horrible_passwords/

November 13, Softpedia – (International) Adobe Flash Player 11.9.900.152 addresses critical vulnerabilities. Adobe released a new update for Flash Player, closing two critical memory corruption vulnerabilities. Users were advised to install the updates as soon as possible. Source: http://news.softpedia.com/news/Adobe-Flash-Player-11-9-900-152-Addresses-Critical-Vulnerabilities-399642.shtml

November 12, Sophos – (International) Smartphone PINs skimmed with microphone and camera. Researchers at the University of Cambridge created a program called PIN Skimmer which can utilize a smartphone’s camera and microphone to guess a high proportion of PINs, demonstrating how a malicious program could harvest device PINs and passwords. Source: http://nakedsecurity.sophos.com/2013/11/12/smartphone-pins-cracked-with-microphone-and-camera-a-game-changer-for-phone-security/

November 12, Softpedia – (International) Google Chrome 31.0.1650.48 Stable fixes 25 vulnerabilities. Google released a new major version of its Chrome browser, fixing a total of 25 issues. Source: http://news.softpedia.com/news/Google-Chrome-31-0-1650-48-Stable-Fixes-25-Vulnerabilities-399565.shtml

November 12, Softpedia – (International) Vulnerabilities in RunKeeper allowed cybercriminals to run XSS worm. A security researcher found and reported a cross-site scripting (XSS) and a cross-site reference forgery (CSRF) vulnerability in the RunKeeper app that could have allowed cybercriminals to develop a worm capable of stealing user cookies, collecting private data, or distributing malware. RunKeeper fixed the vulnerabilities after being notified. Source: http://news.softpedia.com/news/Vulnerabilities-in-RunKeeper-Allowed-Cybercriminals-to-Run-XSS-Worm-399517.shtml

From → Security

Comments are closed.

%d bloggers like this: