Skip to content

Gotham Security Daily Threat Alerts

by on January 24, 2014

January 23, Softpedia – (International) Snapchat’s account registration CAPTCHA system hacked. Two researchers separately reported that they developed scripts to automate the solving of Snapchat’s CAPTCHA system, which could allow accounts to be created automatically. Source: http://news.softpedia.com/news/Snapchat-s-Account-Registration-CAPTCHA-System-Hacked-420052.shtml

January 23, The Register – (International) When ZOMBIES go shopping; 40m Target customer breach? That’s NOTHING! An analysis of 139 U.S. retailers between November 2013 and January 12 performed by BitSight found 1,035 instances of unique malware infections actively communicating with attackers, averaging 7.5 infections per company. The Neurevt trojan was the most common piece of malware found during the analysis, among other findings. Source: http://www.theregister.co.uk/2014/01/23/retail_malware_epidemic/

January 23, SC Magazine – (International) Potentially major XSS/JavaScript flaw found in Office 365. Researchers at Cogmotive identified a vulnerability in Microsoft Office 365 that could allow a user with an organization email to use a JavaScript code to gain full administrator permissions across the organization’s Office 365 environment. The vulnerability was reported to Microsoft and patched. Source: http://www.scmagazineuk.com/potentially-major-xssjavascript-flaw-found-in-office-365/article/330685/

January 23, Softpedia – (International) Experts spot third variant of Mac trojan used by governments in targeted attacks. Researchers at Intego identified a new variant of the Crisis trojan that targets Mac OS X systems and has been used by governments in targeted cyberattacks. Source: http://news.softpedia.com/news/Experts-Spot-Third-Variant-of-Mac-Trojan-Used-by-Governments-in-Targeted-Attacks-419899.shtml

January 23, Help Net Security – (International) Facebook awards $33,500 bounty for critical flaw. Facebook awarded a security researcher $33,500 as part of its bug bounty program for disclosing an XML external entities (XXE) vulnerability that could be exploited to allow attackers to read arbitrary files on Facebook’s servers. Source: http://www.net-security.org/secworld.php?id=16251

January 23, Threatpost – (International) Chrome eavesdropping exploit published. A researcher released exploit code for a vulnerability he reported in Google’s Chrome browser that could allow a malicious Web site to use a computer’s microphone to eavesdrop without the user being aware. Source: http://threatpost.com/chrome-eavesdropping-exploit-published/103798

January 22, Softpedia – (International) World Economic Forum’s website plagued by XSS and other security issues. Researchers at High-Tech Bridge identified several security issues on the Web site of the World Economic Forum, including cross-site-scripting (XSS) vulnerabilities, an invalid SSL certificate, and a flaw that exposed the email addresses of individuals who had contacted the organization. Source: http://news.softpedia.com/news/World-Economic-Forum-s-Website-Plagued-by-XSS-and-Other-Security-Issues-419674.shtml

January 22, Threatpost – (International) Small number of malicious TOR exit relays snooping on traffic. Researchers reported in a paper that 25 exit relays in the The Onion Router (TOR) network were configured maliciously or in a way that could present a security issue. The malicious or misconfigured exit relays could allow man-in-the-middle attacks and traffic monitoring. Source: http://threatpost.com/small-number-of-malicious-tor-exit-relays-snooping-on-traffic/103771

January 23, Softpedia – (International) Mining pool “Give Me Coins” hacked, 10,000 Litecoins stolen. The administrators of the Give Me Coins virtual currency mining pool stated that the service was compromised by attackers who stole around $230,000 worth of the Litecoin virtual currency. The attackers were believed to have used a SQL injection vulnerability to breach the service. Source: http://news.softpedia.com/news/Mining-Pool-Give-Me-Coins-Hacked-10-000-Litecoins-Stolen-419921.shtml

From → Security

Comments are closed.

%d bloggers like this: