Skip to content

Gotham Security Daily Threat Alerts 

by on July 8, 2014

July 7, IDG News Service – (International) Attack on Dailymotion redirected visitors to exploits. Symantec researchers reported that beginning June 28 attackers injected malicious code into video-sharing Web site which redirected visitors to a malicious Web site hosting the Sweet Orange Exploit Kit. Computers compromised by the exploit kit were then infected with the Trojan.Adclicker artificial traffic generator malware. Source:

July 5, Softpedia – (International) 4th of July malware campaign targets travel websites. Researchers with Proofpoint identified several travel Web sites being compromised and altered to serve an unknown exploit kit to visitors. The attacks were timed to take advantage of the 4th of July holiday and feature an exploit kit that was detected by only four antivirus engines on VirusTotal. Source:

July 3, Securityweek – (International) Security vulnerabilities fixed with release of Python 2.7.8. The Python Software Foundation released Python 2.7.8 July 1, closing three security vulnerabilities. Source:

July 3, Securityweek – (International) ‘CosmicDuke’ malware emerges as update to MiniDuke espionage trojan. Researchers with F-Secure and Kaspersky Lab identified a new version of the MiniDuke information-stealing malware dubbed CosmicDuke that shares code with the Cosmu malware. The researchers stated that the group behind the CosmicDuke malware appears to be the same group that used the MiniDuke malware to steal information from European governments in 2013. Source:

July 3, The Register – (International) Your Android phone is a SNITCH: Wi-Fi bug makes you easy to track. Researchers with the Electronic Frontier Foundation found that Android devices running Android 3.1 and later may disclose the 15 most recent WiFi networks a user connected to, potentially compromising privacy by allowing attackers to discern a user’s movements or identity. The issue is present on some Android devices but not others, and is also present on all OS X laptops and some Windows 7 laptops. Source:

July 3, The Register – (International) You CAN’T bust into our login app’s password vault, insists Roboform. RoboForm announced that it adjusted security for the mobile version of its password manager after a security researcher reported that the security of the RoboForm mobile app for Android and iOS can be bypassed by deleting a line in the app’s preferences file. The researcher also claimed that the way the private key is shared with parent company Siber System’s servers could also compromise security. Source:

July 3, Softpedia – (International) Bitcoin phishing ads present in Bing search engine. Netcraft researchers found two links to phishing sites targeting Bitcoin users in Bing search result ads. One malicious ad linked to a phishing page, while the other was non-functional due to the attackers using an incorrect top-level domain in the address. Source:

July 7, Securityweek – (International) Researchers hack smartphone-controlled LED light bulbs. Researchers with Context Information Security demonstrated how WiFi-enabled LED light bulbs manufactured by LIFX can be compromised and controlled remotely by an attacker. The researchers found that most wireless communication protocols were unencrypted, allowing them to inject traffic and control the light bulbs. Source:

Comments are closed.

%d bloggers like this: