Skip to content

Gotham Security Daily Threat Alerts

by on April 28, 2014

April 25, Softpedia – (International) Heartbleed bug patched on all US government websites. Trend Micro researchers reported that less than 10 percent of Web sites remain vulnerable to the Heartbleed flaw in OpenSSL, with all U.S. government Web sites patched. Distil Networks researchers also reported that 84 percent of the top 10,000 global Web sites have applied patches to close the vulnerability. Source:

April 24, Threatpost – (International) Apache warns of faulty zero day patch for Struts. The Apache Software Foundation (ASF) released an advisory April 24 stating that a patch issued in March to close a zero day vulnerability in Apache Struts did not completely close the vulnerability. The advisory stated that a new patch would likely be released within 72 hours, and ASF provided a temporary mitigation for users to apply until then. Source:

April 24, SC Magazine – (International) No encryption means easy compromise of Viber location data, communications. Researchers with the University of New Haven Cyber Forensics Research & Education Group reported that the Viber text message and voice over IP (VoIP) service manages data in an unencrypted form that could allow attackers and service providers to intercept data being sent and stored. Source:

April 24, Threatpost – (International) NetSupport Manager vulnerability could lead to data leakage. A researcher at SpiderLabs reported finding a vulnerability in NetSupport Manager that could allow an attacker to bypass Windows and Domain credentials and remotely connect to and compromise hosts. Source:

April 24, Softpedia – (International) Spammers use non-Latin characters to evade spam filters. Kaspersky Lab researchers found that spammers have recently started replacing regular characters in spam emails with similar-looking non-Latin characters in an attempt to evade spam filters. Source:

April 26, 2014 – Microsoft Security Advisory 2963983 – Vulnerability in Internet Explorer Could Allow Remote Code Execution Version: 1.0. Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.




From → Security

Comments are closed.

%d bloggers like this: