Skip to content

Gotham Security Daily Threat Alerts

by on August 7, 2014

August 6, Softpedia – (International) 1.2 billion unique credentials, 500 million email addresses stolen by Russian cyber gang. Researchers with Hold Security found that a Russian cybercrime group dubbed “CyberVor” was able to collect 1.2 billion unique credentials from the Web sites of a wide variety of large and small businesses, as well as over 500 million email address credentials. The researchers reported that the cybercriminals used SQL injection attacks and later botnets that scanned sites on a large scale looking for SQL vulnerabilities to obtain the information. Source: http://news.softpedia.com/news/1-2-Billion-Unique-Credentials-500-Million-Email-Addresses-Stolen-by-Russian-Cyber-Gang-453677.shtml

August 6, Securityweek – (International) Synology NAS devices hit in ransomware attack, firm advises upgrade. Synology stated that it confirmed user reports of infections by the SynoLocker ransomware on the company’s Diskstation devices and found that Synology network-attached storage (NAS) servers running DSM 4.3-3810 and earlier were compromised by exploiting a vulnerability that was patched in December 2013. Users were advised to upgrade their DSM installations to close the vulnerability. Source: http://www.securityweek.com/synology-nas-devices-hit-ransomware-attack-firm-advises-upgrade

August 6, Softpedia – (International) Magnitude Exploit Kit is a well-oiled crimeware. Trustwave researchers analyzed the Magnitude Exploit Kit used to infect several high-profile Web sites and found that the malware relied on one Internet Explorer exploit and two Java exploits, and had a 20 percent infection success rate within 1 month, among other findings. Source: http://news.softpedia.com/news/Magnitude-Exploit-Kit-Is-a-Well-Oiled-Crimeware-453744.shtml

August 5, Securityweek – (International) Over 90% of enterprises exposed to man-in-the-browser attacks: Cisco. Cisco released its Midyear Security Report August 5, which found that around 94 percent of its customers have issued domain name system (DNS) requests to hostnames with IP addresses associated with the distribution of malware that contains man-in-the-browser (MitB) capabilities. The report also found that aviation, chemical, pharmaceutical, and media and publishing industries had the highest rates of malware encounters, among other findings. Source: http://www.securityweek.com/over-90-enterprises-exposed-man-browser-attacks-cisco

August 5, Softpedia – (International) Security flaw in Spotify for Android may enable phishing. Trend Micro researchers identified a vulnerability in the Spotify app for Android that could allow attackers to take control of what is displayed in the app’s interface, which could potentially be used for phishing or redirection to malicious pages. Spotify stated that they released an update that closes the vulnerability after being notified and advised all users to update to the latest version. Source: http://news.softpedia.com/news/Security-Flaw-in-Spotify-for-Android-May-Enable-Phishing-453633.shtml

 

From → Security

Comments are closed.

%d bloggers like this: