Skip to content

Gotham Security Daily Threat Alerts

by on February 3, 2014

January 30, Softpedia – (International) Remote code execution vulnerability impacts Wikipedia and other MediaWiki sites. Researchers at Check Point identified a critical vulnerability affecting Web sites created with the MediaWiki platform that could be exploited for remote code execution. The MediaWiki Foundation issued a patch to close the vulnerability and advised users to update their installations. Source:

January 30, The Register – (International) Security 101 fail: 3G/4G modems expose control panels to hackers. A researcher found that several 3G and 4G USB modems are vulnerable to cross-site request forgery (CSRF) attacks that could allow attackers to access the modem’s control panel Web page and tamper with the device. The vulnerabilities could be exploited to send messages to premium-rate numbers and steal user credentials. Source:

January 30, Softpedia – (International) Barracuda Networks identifies rogue SignNow version in App Store. Barracuda Labs researchers identified a rogue version of their SignNow app in Apple’s App Store, and found that developers listed as GameStruct and Tektrify are uploading rogue versions of other apps as well. Source:

January 29, SC Magazine – (International) Before shutdown, ransomware op spreading “Icepol” caused 42,000 U.S. infections. Bitdefender and Romanian authorities analyzed servers seized in relation to the Icepol ransomware and found that the ransomware was installed around 42,400 times in the U.S. between May and September 2013. An estimated $32,000 was stolen from U.S. victims. Source:

January 29, Threatpost – (International) High-volume DDoS attacks top operational threat to businesses, service providers. Arbor Networks released its Worldwide Infrastructure Security Report and found that distributed denial of service (DDoS) attacks were the largest operational threat to service providers and enterprises, reaching unprecedented levels in 2013, among other findings. Source:

January 29, Reuters – (National) Target: Hackers attacked with stolen credentials. Target Corp., reported January 29 that the attackers who perpetrated a massive breach of customer payment card data used stolen vendor credentials to access the company’s systems. Source:

January 29, SC Magazine – (National) Neiman Marcus hack involved two pieces of malware. Neiman Marcus reported that two pieces of malware were used to compromise its systems in a recent data breach, with the first inserted before July 2013 which allowed the payment card scraping malware to be uploaded later in the year. Source:

From → Security

Comments are closed.

%d bloggers like this: