Skip to content

Gotham Security Daily Threat Alerts

by on December 18, 2013

December 17, Help Net Security – (International) Mozilla blocks rogue add-on that made computers scan sites for flaws. Mozilla added a malicious Firefox extension to its block list after it was found to be the basis for a botnet that used infected computers to search Web sites for vulnerabilities using SQL injection attacks. Source:

December 17, Softpedia – (International) Browlock cybercriminals use malvertising to lure victims to malicious site. Symantec researchers found that the cybercriminals behind the Browlock browser-based ransomware have been targeting a large number of users by using malicious advertising, or malvertising, to direct users to Web sites hosting the ransomware. Source:

December 17, Threatpost – (International) Chewbacca latest malware to take a liking to TOR. Researchers at Kaspersky Lab identified a new malware campaign dubbed Chewbacca that is using The Onion Router (TOR) to communicate with command and control servers. The malware drops a keylogger on infected systems and then relays the information back to its servers via TOR. Source:

December 17, U.S. Consumer Product Safety Commission – (National) Google and HP recall HP Chromebook 11 chargers due to fire and burn hazards; charger can overheat and melt. Google and HP announced a recall of about 145,000 HP Chromebook 11 chargers due to an issue that can cause the charger to overheat and melt, posing fire and burn hazards. Source:

December 16, IDG News Service – (International) Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware. Researchers at Trustwave reported that a remote authentication bypass vulnerability in Adobe ColdFusion was used to infect Internet Information Server (IIS) Web servers with the ISN malware. The vulnerability was previously patched by Adobe in January. Source:

December 17, Threatpost – (International) ICS-CERT warns of flaws in wind farm management app. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned wind farm operators using the Nordex NC2 control portal that the software contains a reflected cross-site scripting (XSS) vulnerability that could be exploited remotely and used by an attacker to run arbitrary code. Source:

From → Security

Comments are closed.

%d bloggers like this: