Skip to content

Gotham Security Daily Threat Alerts

by on July 7, 2014

July 3, Securityweek – (International) Enhanced KIVARS malware now attacks 64-bit systems. Researchers with Trend Micro analyzed a new version of the KIVARS malware that is capable of targeting systems running 64-bit operating systems. The malware is distributed using the TROJ_FAKEWORD.A dropper and is capable of several data-stealing and remote actions. Source

July 3, The Register – (International) Oh SNAP! Old-school ’80s Unix hack to smack OSX, iOS, Red Hat? Researchers with DefenseCode released a white paper outlining how Unix-based systems could be vulnerable to hijacking via a class of vulnerabilities involving ‘wildcard’ characters in filenames. The vulnerability could allow attackers to inject arbitrary arguments to shell commands run by other users. Source

July 3, Softpedia – (International) Ruby on Rails receives security fixes. Updates for the Ruby on Rails Web application framework were released that include fixes for two vulnerabilities that affected PostgreSQL. Source

July 2, The Register – (International) Running Cisco’s VoIP manager? Four words you don’t want to hear: ‘Backdoor SSH root key’. Cisco warned users of its Unified Communications installations that a vulnerability exists in its Unified Communications Domain Manager (Unified CDM) software that can allow an unauthenticated attacker to gain root access by exploiting a default SSH key designed for use by Cisco support representatives. The vulnerability is present in all versions of Cisco Unified CDM prior to version 4.4.2 and users were advised to update the software, or to filter SSH access as a stopgap measure. Source

July 2, Securityweek – (International) New Android malware targets banking apps, phone information: FireEye. FireEye researchers identified a piece of Android malware known as HijackRAT that disguises itself as a ‘Google Service Framework’ and is capable of disabling antivirus applications, stealing banking credentials and personal information, and remotely accessing infected devices. The malware is currently targeting banks in Korea but can be easily modified to target others. Source

July 2, IDG News Service – (International) Critical flaw in WordPress newsletter plug-in endangers many blogs. Researchers with Sucuri identified a vulnerability in the MailPoet (formerly wysija-newsletters) plugin for WordPress that could allow attackers to take control of sites using the plugin. The vulnerability was patched July 1 in an update for MailPoet and all users were advised to upgrade as soon as possible. Source

July 2, The Register – (International) MONSTER COOKIES can nom nom nom ALL THE BLOGS. A security researcher identified and reported a method that could be used to prevent users from accessing Web sites by setting cookies with header values so large that they trigger Web server errors. The researcher demonstrated the attack against the Google Blog Spot network and showed that users given the altered cookies were not able to see any blogs on the service. Source

July 2, SC Magazine – (International) MS No-IP takedown hits 25% of APT attackers. Kaspersky stated that the takedown by Microsoft of several domains belonging to the No-IP Internet service also disrupted in some form the operations of around 25 percent of advanced persistent threat (APT) groups the company is tracking. Microsoft also stated that service was restored to legitimate customers July 1, however No-IP stated that domains were still experiencing outages July 2. Source

July 2, The Register – (International) Redmond’s EMET defense tool disabled by exploit torpedo. Researchers with Offensive Security demonstrated how an exploit code can be uploaded which disables and bypasses version 4.1 of Microsoft’s Enhanced Mitigation Toolkit (EMET) security tool. Source

July 1, Help Net Security – (International) Number and diversity of phishing targets continues to increase. The Anti-Phishing Working Group (APWG) released a report on phishing during the first quarter of 2014 and found that the number of phishing sites increased by 10.7 percent over the previous quarter, among other findings. Source

July 1, Help Net Security – (International) Geodo infostealer gets help from worm. A security researcher identified a new version of the Cridex information-stealing malware known as Geodo that works in conjunction with a worm to spread. The researcher found that the malware is completely new code but uses the same botnet, command and control infrastructure, and distribution mechanisms as the previous Feodo version of Cridex. Source

July 1, IDG News Service – (International) Microsoft boosts anti-snooping protection in Outlook.com, OneDrive. Microsoft announced that it added encryption protection to its Outlook.com webmail service and OneDrive cloud storage service in order to better protect users’ privacy. Source

July 1, Help Net Security – (International) Facebook SDK flaw allows unauthorized access to Facebook accounts. MetaIntell researchers identified a vulnerability in the Facebook SDK for Android and iOS that could allow an attacker to compromise users’ Facebook accounts due to insecure storage of the Facebook Access Token. The vulnerability is present in 31 of the top 100 Android apps and 71 of the top 100 iOS apps. Source

July 1, BankInfoSecurity – (National) POS vendor: Possible restaurant breach. Vancouver, Washington-based point of sale (POS) vendor Information Systems & Supplies notified restaurant customers June 12 that it experienced a LogMeIn remote-access compromise three times between February and April, potentially exposing the payment card data of the restaurants’ customers who used the POS devices. Source

From → Security

Comments are closed.

%d bloggers like this: