Skip to content

Gotham Security Daily Threat Alerts

by on January 17, 2014

January 16, Help Net Security – (International) Starbucks iOS app stores passwords in clear text. A security researcher disclosed that the Starbucks app for iOS stores user names, email addresses, and passwords in clear text. The information can be obtained even if the phone is locked. Source: http://www.net-security.org/secworld.php?id=16215

January 16, Softpedia – (International) Highly critical vulnerability fixed with the release of Drupal 7.26 and 6.30. The developers of Drupal released Drupal versions 7.26 and 6.30, addressing a highly critical vulnerability that could be used to impersonate users and take over accounts, and a moderately critical vulnerability that could be used to access unpublished or restricted content. Source: http://news.softpedia.com/news/Highly-Critical-Vulnerability-Fixed-with-the-Release-of-Drupal-7-26-and-6-30-417568.shtml

January 16, The Register – (International) Microsoft confirms: Staff inboxes hijacked amid ‘Syrian army’ cyber-blitz. Microsoft confirmed that a small number of Microsoft employee emails were compromised via phishing attacks during recent Twitter account and blog takeovers by the Syrian Electronic Army hacktivist group. Source: http://www.theregister.co.uk/2014/01/16/sea_microsoft_email_compromised/

January 16, Softpedia – (International) Security patches released for IP.Gallery 4.2.1 and 5.0.5. Invision Power Services released patches to close a cross-site scripting (XSS) vulnerability in IP.Gallery 4.2.1 and 5.0.5 related to Shockwave Flash file uploads. Source: http://news.softpedia.com/news/Security-Patches-Released-for-IP-Gallery-4-2-1-and-5-0-5-417560.shtml

January 16, Softpedia – (International) AVG confirms one of its webservers was hacked and defaced. AVG confirmed that one of its Web servers was breached and defaced by hackers January 10. Source: http://news.softpedia.com/news/AVG-Confirms-One-of-Its-Webservers-Was-Hacked-and-Defaced-417781.shtml

January 16, The Register – (International) Fine! We’ll keep updating WinXP’s malware sniffer after April, says Microsoft. Microsoft announced that it would continue to provide updates to antimalware programs for Windows XP beyond the operating system’s April 8, 2014 end of support, through July 14, 2015. Source: http://www.theregister.co.uk/2014/01/16/microsoft_xp_security_updates_extended/

January 16, IDG News Service – (International) Spammers target Snapchat, Bitly, and Kik Messenger. Symantec researchers identified a spam campaign that sends unsolicited contact requests for Kik Messenger via Snapchat, which leads to a spam bot that sends links shortened by the Bitly service which lead to sites trying to sign up users for webcam services. Source.

January 16, Network World – (International) Cisco: Thousands of web hosting centers now launchpads for attacks. Cisco released its annual security report, which found that Web hosting centers were increasingly being compromised by cybercriminals for use in launching large-scale attacks in 2013, among other findings. Source: http://www.networkworld.com/news/2014/011614-cisco-web-hosting-centers-277621.html

January 15, Dark Reading – (International) SCADA researcher drops zero-day, ICS-CERT issues advisory. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a security alert January 15 after a researcher revealed a zero-day vulnerability in Ecava’s InegraXor supervisory control and data acquisition (SCADA) interface software. A proof-of-concept was also released for the stack buffer overflow issue. Source: http://www.darkreading.com/applications/scada-researcher-drops-zero-day-ics-cert/240165420

January 15, Softpedia – (International) Amazon, Google, and GoDaddy cloud services increasingly abused by cybercriminals. Solutionary released its SERT Quarterly Threat Analysis Report for the final quarter of 2013 and found that cybercriminals are increasingly abusing major cloud services to create, host, and delete malicious Web sites, among other findings. Source: http://news.softpedia.com/news/Amazon-Google-and-GoDaddy-Cloud-Services-Increasingly-Abused-by-Cybercriminals-417191.shtml

From → Security

Comments are closed.

%d bloggers like this: