Skip to content

Gotham Security Daily Threat Alerts

by on June 2, 2014

May 29, The Register – (International) SAP NetWeaver flaw spews user tables. Researchers with PT Security reported a vulnerability in SAP NetWeaver versions 7.20 and earlier that could allow an attacker to gain access to Central User Administration tables, which could lead to the disclosure of user data. Source

May 29, The Register – (International) Spy platform zero day exposes cops’ wiretapped calls. Researchers at SEC Consult Vulnerability Lab disclosed nine flaws in NICE Recording eXpress voice recording products marketed to law enforcement organizations that include a root backdoor and remote unauthenticated access to intercepted voice recordings. The vulnerabilities were initially reported to NICE 6 months ago, and the company stated that it would have patches released shortly for five issues that remain unpatched. Source

May 28, Threatpost – (International) Siemens fixes DoS flaw in Rugged OS devices. Siemens issued patches to address a denial of service (DoS) vulnerability in some of its devices that run its Rugged Operating System, which could allow an attacker to crash Rugged OS by sending specially-crafted packets to the devices’ Web interface. Affected devices running Rugged OS are used in several industries, including energy, transportation, and healthcare. Source

May 30, IDG News Service – (International) New attack methods can ‘brick’ systems, defeat Secure Boot, researchers say. A security researcher at Mitre demonstrated at the Hack in the Box 2014 conference that the Unified Extensible Firmware Interface (UEFI)’s Secure Boot mechanism can be bypassed on around half of computers in order to install bootkits. The researcher also demonstrated that a specific UEFI variable could be modified directly from the computer’s operating system to make the system unusable. Source

May 30, Help Net Security – (International) Malware creation breaks all records! 160,000 new samples every day. Panda Security reported that new malware creation occurred at record rates during the first quarter (Q1) of the year, with more than 15 million new samples observed during Q1. The researchers found that trojans made up 71.85 percent of new samples, and that some of the largest data thefts ever occurred during Q1, among other findings. Source

From → Security

Comments are closed.

%d bloggers like this: