Skip to content

Gotham Security Daily Threat Alerts

by on July 23, 2014

July 22, Securityweek – (International) iOS backdoors expose personal data: Researcher. A security researcher presenting at a security conference reported that Apple’s iOS mobile operating system contains several undocumented services which could be used in some circumstances to access email, location data, media, and other personal data. Apple stated that the services are used for diagnostic purposes and can only be used to access data with user approval. Source: http://www.securityweek.com/ios-backdoors-expose-personal-data-researcher

July 21, V3.co.uk – (International) Fresh threat to critical infrastructure found in Havex malware. Researchers at FireEye analyzed a variant of the Havex malware (also known as Fertger or Peacepipe) and found that it contained an open-platform communication (OPC) scanner that could be used to target supervisory control and data acquisition (SCADA) systems used by several industries, including power plants and water utilities. Source: http://www.v3.co.uk/v3-uk/news/2356410/fresh-threat-to-critical-infrastructure-found-in-havex-malware

July 21, Help Net Security – (International) Unpatched OpenSSL holes found on Siemens ICSs. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) stated July 17 that six Siemens industrial control products contained vulnerabilities in their OpenSSL implementation that could lead to man-in-the-middle (MitM) attacks or the crashing of Web servers. Four of the vulnerabilities remain unpatched and are present in industrial control products used by the manufacturing, chemical, energy, agriculture, and water industries and utilities. Source: http://www.net-security.org/secworld.php?id=17146

July 19, Softpedia – (International) Kelihos trojan delivered through Askmen.com. Researchers with Malwarebytes reported that the online publication Askmen.com was compromised by attackers and used to redirect users to a malicious page serving the Nuclear Pack exploit kit for the purpose of infecting users with the Kelihos malware. The compromise was achieved by injecting malicious code into the Askmen.com server, and the site’s administrators were notified. Source: http://news.softpedia.com/news/Kelihos-Trojan-Delivered-Through-Askmen-com-451345.shtml

July 18, Help Net Security – (International) Fake Flash Player steals credit card information. Dr. Web researchers reported finding a new piece of Android malware dubbed BankBot that is disguised as Adobe Flash Player and persistently asks users for administrator privileges in order to display a fake credit card information form and steal any entered information. The malware is currently targeting users in Russia but can be repurposed to attack other targets. Source: http://www.net-security.org/malware_news.php?id=2812

July 18, Securityweek – (International) Researchers analyze multipurpose malware targeting Linux/Unix Web servers. Virus Bulletin published an analysis of a recently discovered piece of malware that infects Linux and Unix Web servers known as Mayhem, which has infected around 1,400 servers. The malware relies on several plugins for various capabilities, including information stealing and brute-force attacks. Source: http://www.securityweek.com/researchers-analyze-multipurpose-malware-targeting-linuxunix-web-servers

July 18, Network World – (International) Cisco counterfeiter gets 37 months in prison, forfeits $700,000. The CEO of ConnectZone.com was sentenced for his role in conspiring with a Chinese company to produce counterfeit Cisco Systems network products and then sell them as genuine products. Four people and two companies were charged in the case, with two others found guilty and a Chinese co-conspiratorremaining at large. Source: http://www.networkworld.com/article/2455477/cisco-subnet/cisco-counterfeiter-gets-37-month-prison-forfeits-700-000.html

July 18, Threatpost – (International) Critroni crypto ransomware seen using TOR for command and control. Security researchers found that a new piece of ransomware known as Critroni has been spotted in use by various attackers using the Angler exploit kit to infect users with it and other malware. The ransomware encrypts victims’ files and demands a ransom, and uses the TOR network to contact its command and control servers. Source: http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command-and-control/107306

From → Security

Comments are closed.

%d bloggers like this: