Skip to content

Gotham Security Daily Threat Alerts

by on December 12, 2013

December 11, Softpedia – (International) Flash Player vulnerabilities patched by Adobe. Adobe released patches for its Flash Player closing two security vulnerabilities. Source: http://news.softpedia.com/news/Flash-Player-Vulnerabilities-Patched-by-Adobe-408035.shtml

December 11, Softpedia – (International) Newly patched Office 365 vulnerability used in “Ice Dagger” targeted attacks. Researchers at Adallom identified a sophisticated targeted attack using a recently-patched vulnerability in Microsoft Office 365 dubbed “Ice Dagger” that can allow an attacker to gain access to a target’s private Office 365 authentication token and use it to access the target organization’s SharePoint Online site and modify or download content covertly. Source: http://news.softpedia.com/news/Newly-Patched-Office-365-Vulnerability-Used-in-Ice-Dagger-Targeted-Attacks-Video-408052.shtml

December 11, Softpedia – (International) Hackers can launch MitM attacks on apps bundled with Widdit advertising SDK. Bitdefender researchers analyzed an Android advertising framework called Widdit and found that the advertising software development kit (SDK) can leave users vulnerable to man in the middle (MitM) attacks. Source: http://news.softpedia.com/news/Hackers-Can-Launch-MITM-Attacks-on-Apps-Bundled-with-Widdit-Advertising-SDK-408173.shtml

December 11, Softpedia– (International) Experts identify 164 fraudulent domains similar to the ones of antivirus vendors. A study by High-Tech Bridge found 946 domain names similar to those of antivirus companies, with 164 containing phishing Web sites, advertising sites, or sites selling suspicious products and services. Source: http://news.softpedia.com/news/Experts-Identify-164-Fraudulent-Domains-Similar-to-the-Ones-of-Antivirus-Vendors-407973.shtml

December 10, Help Net Security – (International) Microsoft fixes 24 vulnerabilities. Microsoft released its monthly Patch Tuesday round of updates December 10, addressing 24 vulnerabilities for a variety of products, including five advisories with critical ratings. Source: http://www.net-security.org/secworld.php?id=16084

December 10, Threatpost – (International) Firefox 26 makes Java plugins click-to-play, fixes 14 security flaws. Mozilla released the newest version of its Firefox browser, closing 14 security issues and adding new features. Source: http://threatpost.com/firefox-26-makes-java-plugins-click-to-play-fixes-14-security-flaws/103146

December 10, IDG News Service – (International) Disqus scrambles after leak fuels Swedish tabloid expose. Disqus began updating its comments platform after a Swedish tabloid was able to obtain the email addresses of several users by using the Disqus API and the third-party service Gravatar. Source: http://www.computerworld.com/s/article/9244701/Disqus_scrambles_after_leak_fuels_Swedish_tabloid_expose

December 11, The Register – (International) Quadrillion-dollar finance house spam Reg reader with bankers’ private data. An individual reported that the Depository Trust & Clearing Corporation (DTCC) mistakenly emailed him around 20,000 automated emails that contained sensitive information including session IDs, transfers, and account details for financial services customers. DTCC confirmed that the issue was inadvertently caused by human error and limited to the individual who reported it. Source: http://www.theregister.co.uk/2013/12/11/quadrillionaire_finance_house_spams_iregi_reader_with_clients_data/

December 11, Softpedia – (International) Researchers spot 64-bit version of ZeuS malware. Researchers at Kaspersky identified a 64-bit version of the Zeus banking trojan which now includes the ability to communicate with command and control servers over The Onion Router (TOR) network. Source: http://news.softpedia.com/news/Researchers-Spot-64-Bit-Version-of-ZeuS-Malware-408148.shtml

December 11, Boston Globe – (National) Conventioneers’ credit card data stolen in Boston. Around 300 attendees at two conventions at the Boston Convention & Exhibition Center in Massachusetts reported fraudulent or attempted fraudulent transactions on their payment cards in several States and abroad. Local, State, and federal authorities were notified, and it was unclear where or how the payment card information was stolen. Source: http://www.bostonglobe.com/business/2013/12/11/data-breach-hits-city-convention-visitors/hkCpq5vW6w71gw6ewgHU2J/story.html

From → Security

Comments are closed.

%d bloggers like this: