Skip to content

Gotham Security Daily Threat Alerts

by on June 17, 2014

June 16, Softpedia – (International) NAS boxes “pwned” by crypto currency miner. Researchers with Dell SecureWorks released a report which showed how an attacker was able to utilize vulnerabilities in the DiskStation Manager (DSM) operating system used in Synology network access storage (NAS) devices to plant the CPUMiner crypto currency mining malware. The attacker used the malware to mine over $600,000 in the Dogecoin crypto currency, though the vulnerabilities were later patched by Synology. Source: http://news.softpedia.com/news/NAS-Boxes-Pwnwed-by-Crypto-Currency-Miner-446883.shtml

June 13, Threatpost – (International) ISC patches critical DoS vulnerability in BIND. The Internet Systems Consortium (ISC) reported June 11 that a vulnerability exists in some BIND domain name system (DNS) servers that could allow attackers to perform denial of service (DoS) attacks by sending a specially designed query. The ISC advised users to update to the newest version of BIND, which is not vulnerable. Source: http://threatpost.com/isc-patches-critical-dos-vulnerability-in-bind/106653

June 16, Threatpost – (International) Dyreza banker trojan seen bypassing SSL. Researchers identified a new banking trojan known as Dyre or Dyreza that uses browser hooking to intercept traffic moving between victims’ systems and their intended Web site, allowing attackers to bypass SSL protections and redirect traffic through the attackers’ servers. Researchers at CSIS Group found that the trojan is spread through spam messages and then contacts command and control servers, some of which are located in Latvia. Source: http://threatpost.com/dyreza-banker-trojan-seen-bypassing-ssl/106671

June 14, Krebs on Security – (National) P.F. Chang’s confirms credit card breach. P.F. Chang’s Chinese Bistro stated June 14 that it had confirmed that it was the victim of a customer payment card data breach affecting an unknown number of customers. The company stated that it has temporarily switched to manual payment card imprinting to process transactions while the breach continues to be investigated. Source: http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/

From → Security

Comments are closed.

%d bloggers like this: