Skip to content

Gotham Security Daily Threat Alerts

by on July 10, 2014

July 8, Softpedia – (International) Rosetta Flash attack mitigated by the new Adobe Flash Player 14.0.0.145. Adobe released an update for its Flash Player that closes a vulnerability identified by a Google researcher that could allow an attacker to abuse JSONP endpoints and cause victims to run arbitrary requests and leak sensitive data. Source: http://news.softpedia.com/news/Rosetta-Flash-Attack-Mitigated-by-the-New-Adobe-Flash-Player-14-0-0-145-449984.shtml

July 8, IDG News Service – (International) Vulnerability in AVG security toolbar puts IE users at risk. Researchers with the CERT Coordination Center (CERT/CC) found that the AVG Secure Search browser toolbar could allow attackers to execute malicious code due to an ActiveX control that exposes sensitive functionality to Web sites. The vulnerability affects AVG Secure Search versions 18.1.6 and earlier. Source: http://www.networkworld.com/article/2451861/vulnerability-in-avg-security-toolbar-puts-ie-users-at-risk.html

July 8, Securityweek – (International) NETGEAR switches exposed to attacks from hardcoded credentials. An advisory from the CERT Coordination Center (CERT/CC) warned users of Netgear GS108PE ProSafe Plus Switches that attackers can log into the switches and execute arbitrary code by using a hardcoded login and password. Source: http://www.securityweek.com/netgear-switches-exposed-attacks-hardcoded-credentials

July 7, SC Magazine – (International) Massachusetts man charged in Twitter hack. A Massachusetts man was charged July 2 for allegedly hacking into helpdesk services company Zendesk, disabling a security feature that restricted access to customer information, and exporting Twitter support tickets. The information was then allegedly used to compromise and deface Twitter’s and Zendesk’s Twitter feeds. Source: http://www.scmagazine.com/massachusetts-man-charged-in-twitter-hack/article/359704/

July 7, The Register – (International) App permissions? Pah! Rogue Android soft can ‘place phone calls at will’. Researchers with Curesec identified vulnerabilities in the Android mobile operating system that could allow malicious apps to place phone calls and send Unstructured Supplementary Service Data (USSD) codes. One vulnerability affects Android versions 4.1.1 and up, while the second affects older Android 2.3.3 and 2.3.6 versions. Source: http://www.theregister.co.uk/2014/07/07/android_dialer_vulnerabilities/

July 8, Krebs on Security – (International) Feds charge carding kingpin in retail hacks. The U.S. Department of Justice announced July 7 that the U.S. Secret Service arrested a Russian national for allegedly working with others to steal and sell payment card details from stores and restaurants throughout the U.S. between 2009 and 2011. The man and his accomplices allegedly planted malware on merchants’ point-of-sale (POS) devices in order to obtain the payment card information and then sold it through underweb forums. Source: http://krebsonsecurity.com/2014/07/feds-charge-carding-kingpin-in-retail-hacks/

From → Security

Comments are closed.

%d bloggers like this: