Skip to content

Gotham Security Daily Threat Alerts

by on April 11, 2014

April 9, Softpedia – (International) Companies advise users to change passwords due to possible Heartbleed attacks. Several private companies and government organizations advised users to change their passwords in the wake of the Heartbleed vulnerability in OpenSSL that could expose usernames, passwords, and other secure communications. Security researchers also began posting analyses of the vulnerability as organizations worked to close the vulnerability on their systems. Source: http://news.softpedia.com/news/Companies-Advise-Users-to-Change-Passwords-Due-to-Possible-Heartbleed-Attacks-436704.shtml

April 9, Softpedia – (International) Four vulnerabilities fixed with the release of Adobe Flash Player 13.0.0.182. Adobe issued an update for its Flash Player, closing four security issues. Source: http://news.softpedia.com/news/Four-Vulnerabilities-Fixed-With-the-Release-of-Adobe-Flash-Player-13-0-0-182-436600.shtml

April 9, Softpedia – (International) WordPress 3.8.2 addresses 2 vulnerabilities, includes 3 security hardening changes. A new version of WordPress was released for download containing fixes for two security vulnerabilities and three changes that enhance security. Source: http://news.softpedia.com/news/WordPress-3-8-2-Addresses-2-Vulnerabilities-Includes-3-Security-Hardening-Changes-436613.shtml

April 8, Threatpost– (International) Last call for XP, Office 2003 updates: April Patch Tuesday fixes 11 vulnerabilities. Microsoft released its monthly Patch Tuesday round of updates April 8, including the final updates for Windows XP and Office 2003, with 4 bulletins closing 11 vulnerabilities. Source: http://threatpost.com/last-call-for-xp-office-2003-updates-april-patch-tuesday-fixes-11-vulnerabilities/105329

April 8, IDG News Service – (International) Cybercriminals use sophisticated PowerShell-based malware. Researchers at Symantec identified a new malicious PowerShell script that contains several ways to hide itself and can inject malicious code into rundll32.exe. The finding follows the discovery of another malicious PowerShell script by Trend Micro researchers known as CRIGENT or Power Worm during March. Source: http://www.networkworld.com/news/2014/040814-cybercriminals-use-sophisticated-powershell-based-280521.html

April 8, Threatpost – (International) Google patches 31 flaws in Chrome. Google released a new version of its Chrome browser, closing 31 vulnerabilities, 19 of which were rated as high priority. Source: http://threatpost.com/google-patches-31-flaws-in-chrome/105326

April 8, Softpedia – (International) 2013 threat report: 8 mega data breaches, 552 million identities exposed. Symantec published its Internet Security Threat Report for 2013, showing a 62 percent increase in data breaches from organizations during the year, with 552 million identities exposed, among other findings. Source: http://news.softpedia.com/news/2013-Threat-Report-8-Mega-Data-Breaches-552-Million-Identities-Exposed-436508.shtml

April 8, IDG News Service – (International) Yahoo email anti-spoofing policy breaks mailing lists. Security researchers reported encountering an issue with mailing lists after Yahoo introduced a new Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy to prevent email spoofing. Source: http://www.networkworld.com/news/2014/040914-yahoo-email-anti-spoofing-policy-breaks-280500.html

April 10, Softpedia – (International) Deltek suffers data breach, hackers gain access to credit card information. Deltek reported that attackers breached the company’s GovWin IQ Web site, exposing personal and financial details of around 80,000 employees of federal contractors and about 25,000 payment card details belonging to customers of the site’s eCommerce platform. The breach was first discovered March 13 but occurred sometime between July 3, 2013 and November 2, 2013. Source: http://news.softpedia.com/news/Deltek-Suffers-Data-Breach-Hackers-Gain-Access-to-Credit-Card-Information-436861.shtml

April 10, The Register – (International) Not just websites hit by OpenSSL’s Heartbleed – your PC, phone and more may be in peril. A researcher from the SANS Institute reported in a presentation that the Heartbleed vulnerability in OpenSSL could also affect devices and applications on the client side as well as the server side, potentially allowing attackers to obtain passwords and cryptographic keys from PCs, phones, routers, and other devices. Source: http://www.theregister.co.uk/2014/04/10/many_clientside_vulns_in_heartbleed_says_sans/

April 10, Softpedia – (International) SQL injection vulnerability fixed in Orbit Open Ad Server. High-Tech Bridge researchers identified and reported a SQL injection vulnerability in the popular open-source ads server Orbit Open Ad Server that could have allowed attackers to compromise Web sites running vulnerable installations. OrbitScripts fixed the vulnerability after being notified by the researchers. Source: http://news.softpedia.com/news/SQL-Injection-Vulnerability-Fixed-in-Orbit-Open-Ad-Server-436925.shtml

April 9, Threatpost – (International) BlackBerry patches remote code execution vulnerability. BlackBerry released an update April 9 which closes a remote code execution vulnerability in BlackBerry 10 that could be exploited in a limited number of scenarios. Source: http://threatpost.com/blackberry-patches-remote-code-execution-vulnerability/105373

April 9, The Register – (International) Uh oh! Here comes the first bug in the Windows 8.1 Update. Microsoft suspended distribution of the Windows 8.1 Update for April after some enterprise customers using Windows Server Update Services (WSUS) 3.0 Service Pack 2 reported that the update prevented machines’ abilities to receive future updates. Source: http://www.theregister.co.uk/2014/04/09/windows_81_update_bug/

 

From → Security

Comments are closed.

%d bloggers like this: