Skip to content

Gotham Security Daily Threat Alerts

by on May 13, 2014

May 12, Softpedia – (International) Bitly says hackers breached offsite database backup. Bitly enabled two-factor authentication for all its accounts on its hosted source code repository after learning hackers gained access to customer accounts from an offsite database backup storage, that was not initiated by the company, through a compromised employee account. Source: http://news.softpedia.com/news/Bitly-Says-Hackers-Breached-Offsite-Database-Backup-441677.shtml

May 9, The Register – (International) Point DNS blitzed by mystery DDoS assault. Point DNS reported a high intensity distributed denial-of-service (DDoS) attack which knocked out all of its domain name system (DNS) servers for several hours May 9. The company believes the attack originated from China and is investigating the size and techniques used. Source: http://www.theregister.co.uk/2014/05/09/point_dns_ddos/

May 9, IDG News Service – (International) Rush to defend against Heartbleed leads to mistakes with certificates, patches. Netcraft released a report May 9 stating 30,000 sites that revoked their compromised SSL certificates after the Heartbleed vulnerability reissued new ones with the same private keys as the old certificate and that around 57 percent of sites vulnerable have not revoked or reissued their SSL certificates. Source: http://www.networkworld.com/news/2014/050914-rush-to-defend-against-heartbleed-281465.html

May 9, Softpedia – (International) Bitly suffers data breach, account credentials compromised. URL-shortening service Bitly disconnected customers’ Twitter and Facebook accounts and advised them to change their passwords after the company stated that they believed that user account credentials had been compromised. Source: http://news.softpedia.com/news/Bitly-Suffers-Data-Breach-Account-Credentials-Compromised-441304.shtml

May 9, Threatpost – (International) Digi ICS gateways vulnerable to Heartbleed OpenSSL bug. The Industrial Control Systems Computer Emergency Response Team (ICS-CERT) issued an advisory May 8 alerting users that five Digi wireless Web mesh gateways used in industrial control systems and home networks are vulnerable to the Heartbleed bug in OpenSSL. The vulnerability could allow attackers to obtain login credentials and private encryption keys. Source: http://threatpost.com/digi-ics-gateways-vulnerable-to-heartbleed-openssl-bug/105999

May 9, Softpedia – (International) Customers of WordPress themes developer WooThemes report credit card fraud. WordPress themes developer WooThemes reported that it is aware of around 300 instances of fraudulent payment card activity involving its customers and was investigating a possible breach of its systems. The company does not store payment information in its systems, and the company and outside experts are working to identify how the information was taken. Source: http://news.softpedia.com/news/Customers-of-WordPress-Themes-Developer-WooThemes-Report-Credit-Card-Fraud-441470.shtml

May 9, Softpedia – (International) Cybercriminals use Viknok trojan to make money via click fraud. Symantec researchers noted a significant increase in the number of computers infected with the Viknok trojan during April, with 16,500 unique victims of the click fraud malware identified during May. Source: http://news.softpedia.com/news/Cybercriminals-Use-Viknok-Trojan-to-Make-Money-via-Click-Fraud-441443.shtml

May 9, Softpedia – (International) Cisco addresses five vulnerabilities in WebEx players. Cisco released updates for several WebEx Player multimedia applications after researchers identified and reported vulnerabilities that could be exploited to crash the applications or to perform remote code execution. Source: http://news.softpedia.com/news/Cisco-Addresses-Five-Vulnerabilities-in-WebEx-Players-441407.shtml

May 8, IDG News Service – (International) Snapchat settles FTC deception charges, will be monitored for 20 years. Snapchat entered into an agreement with the U.S. Federal Trade Commission (FTC) May 8 to settle charges that the company had misrepresented the privacy of its messaging app by claiming that messages are deleted completely after a set amount of time. The agreement prohibits Snapchat from misrepresenting the extent of users’ data privacy and security, and will require the company to be monitored by a third-party privacy group for 20 years. Source: http://www.networkworld.com/news/2014/050814-snapchat-settles-ftc-deception-charges-281433.html

 

From → Security

Comments are closed.

%d bloggers like this: