Skip to content

Gotham Security Daily Threat Alerts

by on February 14, 2014

February 13, Softpedia – (International) Oracle confirms existence of 30 security holes in Java Cloud Service. Oracle confirmed the existence of 30 security vulnerabilities in its Java Cloud Service reported to the company by Security Explorations researchers. The researchers stated that over half can be exploited to bypass the Java security sandbox. Source: http://news.softpedia.com/news/Oracle-Confirms-Existence-of-30-Security-Holes-in-Java-Cloud-Service-426666.shtml

February 13, V3.co.uk – (International) Android apps with Trojan SMS malware infect 300,000 devices, net crooks $6m. Researchers at Panda Labs identified a new Android trojan app campaign that uses fake permission notifications to get users’ devices to send SMS messages to a premium-rate number owned by the attackers behind the trojan apps. The campaign has infected at least 300,000 devices and netted the attackers at least $6 million. Source: http://www.v3.co.uk/v3-uk/news/2328691/android-apps-with-trojan-sms-malware-infect-300-000-devices-net-crooks-usd6m

February 13, Help Net Security – (International) Linksys home routers targeted and compromised in active campaign. A security researcher reported that an unknown vulnerability is allowing Linksys E1000 routers to be targeted and infected with a worm dubbed TheMoon. The vulnerability is currently being heavily exploited in attacks. Source: http://www.net-security.org/malware_news.php?id=2707

February 13, Softpedia – (International) ASUS fixes vulnerabilities in RT-N66U, RT-N66R and RT-N66W routers. ASUS released firmware updates for three RT-N66 model routers, closing five security issues. Source: http://news.softpedia.com/news/ASUS-Fixes-Vulnerabilities-in-RT-N66U-RT-N66R-and-RT-N66W-Routers-426689.shtml

February 12, Threatpost – (International) US government delivers cybersecurity framework for critical infrastructure. The National Institute of Standards and Technology (NIST) announced February 12 that it has released the Framework for Improving Critical Infrastructure Security, a document which outlines cybersecurity practices and standards for industry and government to consider when developing security programs for critical infrastructure. Source: http://threatpost.com/us-government-delivers-cybersecurity-framework-for-critical-infrastructure/104243

February 12, SC Magazine – (International) Pre-installed security software leaves computers vulnerable to remote hijack, experts reveal. Kaspersky Lab researchers released a report February 12 warning that the Absolute Computrace anti-theft software pre-installed on some desktops and laptops contains vulnerabilities which could allow attackers to remotely hijack systems. Source: http://www.scmagazine.com/pre-installed-security-software-leaves-computers-vulnerable-to-remote-hijack-experts-reveal/article/333808/

February 12, IDG News Service – (International) Denial-of-service vulnerability puts Apache Tomcat servers at risk. Researchers published a proof-of-concept exploit for a recently-disclosed vulnerability affecting Apache Tomcat servers that could allow attackers to execute denial-of-service (DoS) attacks against Web sites hosted on the servers. Source: http://www.networkworld.com/news/2014/021214-denial-of-service-vulnerability-puts-apache-tomcat-278708.html

February 12, SC Magazine – (International) Gameover Zeus most active banking trojan in 2013, researchers report. Dell SecureWorks Counter Threat Unit released a report covering banking trojans in 2013 and found that the Gameover ZeuS trojan was the most actively observed trojan during the year, with 38 percent of activity, followed by the Citadel trojan at 33 percent of activity. Source: http://www.scmagazine.com//gameover-zeus-most-active-banking-trojan-in-2013-researchers-report/article/333795/

From → Uncategorized

Comments are closed.

%d bloggers like this: