Skip to content

Gotham Security Daily Threat Alerts

by on November 15, 2013

November 14, Help Net Security – (International) Sinowal and Zbot trojan collaborate in new attack. Researchers at Trend Micro observed a variant of the ZeuS/Zbot trojan working in collaboration with a new Sinowal trojan to attempt to make ZeuS’s job easier by disabling the Trusteer Rapport security software. The two trojans are dropped by the Andromeda backdoor attached to malicious emails. Source: http://www.net-security.org/malware_news.php?id=2626

November 14, Softpedia – (International) MacRumors hacker says he will not leak the 860,000 passwords he stole. The MacRumors forums were hacked and 860,000 users’ usernames, emails, and password hashes were compromised, MacRumors confirmed November 12. However, the hacker who took credit for the breach claimed that they would not reveal the information. Source: http://news.softpedia.com/news/MacRumors-Hacker-Says-He-Will-Not-Leak-the-860-000-Passwords-He-Stole-400064.shtml

November 14, The Register – (International) Pwn2Own crackers leave iOS and Samsung mobe security IN RUINS. Two teams competing in the PacSec 2013 Pwn2Own competition demonstrated methods to compromise security and steal personal information from a Samsung Galaxy S4 running Android and an Apple device running iOS version 7.0.3 and iOS 6.1.4. Source: http://www.theregister.co.uk/2013/11/14/pwn2own_crackers_leave_ios_and_samsung_handsets_wide_open/

November 14, Softpedia – (International) Cybercriminals use new Linux backdoor to steal information from companies. Symantec researchers identified a cybercriminal operation that carried out an attack against a large hosting provider using a new Linux backdoor, dubbed Linux.Fokirtor that was able to gain access to usernames, passwords, emails, and possibly financial information. The backdoor hides inside server processes that could give the attack away and prompt security reviews. Source: http://news.softpedia.com/news/Cybercriminals-Use-New-Linux-Backdoor-to-Steal-Information-from-Companies-400203.shtml

November 14, Softpedia – (International) Remote code execution vulnerability fixed in BlackBerry Link. BlackBerry closed remote code execution and local privilege elevation vulnerabilities in its BlackBerry Link for Windows and Mac OS in a recent software update. Source: http://news.softpedia.com/news/Remote-Code-Execution-Vulnerability-Fixed-in-BlackBerry-Link-400167.shtml

November 14, Washington Post – (International) LivingSocial back online after Web site outage. An unspecified internal error caused LivingSocial’s Web site and mobile app to be inoperable for around 2 days starting November 12. The site and app were returned to service November 14. Source: http://www.washingtonpost.com/business/capitalbusiness/livingsocial-outage-continues-into-second-day/2013/11/13/ac6266c2-4c78-11e3-be6b-d3d28122e6d4_story.html

November 13, Softpedia – (International) At least 100,000 Instagram users fall victim to InstLike scam. Symantec researchers found that at least 100,000 Instagram users may have fallen victim for a scam service called InstLike that promised ‘likes’ and followers in return for providing Instagram login credentials and for buying virtual coins. The app was available in Google’s Play store and Apple’s App Store for several months and was downloaded between 100,000 and 500,000 times in the former. Source: http://news.softpedia.com/news/At-Least-100-000-Instagram-Users-Fall-Victim-to-InstLike-Scam-399959.shtml

November 13, SC Magazine – (International) Popular humor site hosted Nuclear Pack exploit kit. Barracuda Labs researchers found that popular humor site Cracked.com was compromised as of November 10 in order to host the Nuclear Pack exploit kit. Exploits were then served to visitors through a malicious Javascript targeting vulnerable versions of Java and Adobe Flash and PDF software. Source: http://www.scmagazine.com//popular-humor-site-hosted-nuclear-pack-exploit-kit/article/320833/

From → Security

Comments are closed.

%d bloggers like this: