Skip to content

Gotham Security Daily Threat Alerts

by on March 12, 2014

March 11, Softpedia – (International) 162,000 WordPress sites abused to amplify DDoS attack. Researchers at Securi found that attackers used around 162,000 WordPress sites to indirectly launch a distributed denial of service (DDoS) attack on a client’s WordPress site by abusing the sites’ XML-RPC feature, which is enabled by default on WordPress sites. Source.

March 11, Threatpost – (International) Apple iOS 7.1 fixes more than 20 code-execution flaws. Apple released an update for its iOS mobile operating system, closing several code execution vulnerabilities and other issues. The Webkit framework underlying the Safari browser also received fixes for 19 memory corruption issues. Source.

March 10, SC Magazine – (International) Saboteurs slip Dendroid RAT into Google Play. A researcher at Lookout found that the Dendroid remote access trojan (RAT) had been uploaded into the Google Play store disguised as other apps, but was quickly removed. Source.

March 10, IDG News Service – (International) Joomla receives patches for zero-day SQL injection vulnerability, other flaws. The Joomla Project released security updates for its Joomla content management system, addressing a SQL injection vulnerability that could be used to steal information from databases on Joomla-based Web sites, as well as addressing two cross-site scripting (XSS) vulnerabilities and an unauthorized log-in flaw. Source.

March 10, Krebs on Security – (International) Experian lapse allowed ID theft service access to 200 million consumer records. A Vietnamese national pleaded guilty the week of March 3 to running an identity theft service from his home in Vietnam by tricking an Experian subsidiary into giving him access to personal and financial data belonging to over 200 million U.S. citizens by claiming to be a private investigator. Source.

From → Uncategorized

Comments are closed.

%d bloggers like this: