Skip to content

Gotham Security Daily Threat Alerts

by on August 11, 2014

August 8, Softpedia – (International) Network access storage devices are highly exploitable. A researcher from Independent Security Evaluators presenting at the Black Hat 2014 conference reported finding a wide variety of vulnerabilities in network access storage (NAS) devices from several manufacturers, including directory traversal, command injection, memory corruption, authentication bypass, or back door vulnerabilities. Source

August 8, Help Net Security – (International) Critical bug in WordPress plugin allows site hijacking. Sucuri researchers identified and reported a vulnerability in the Custom Contact Forms plugin for WordPress that could allow attackers to take control of sites using the plugin. The developers of Custom Contact Forms published an update for the plugin after the issue was published by the WordPress Security team. Source

August 8, Help Net Security – (International) Two Gameover Zeus variants targeting Europe and beyond. Researchers at Bitdefender identified two Gameover Zeus variants in the wild, one botnet primarily targeting the U.S. while the second targets Belarus and Ukraine. The first botnet is generating around 1,000 domains per day while the second generates 10,000 per day but appears to currently be inactive. Source

August 8, Securityweek – (International) Cybercriminals steal cryptocurrency via BGP hijacking. Researchers with Dell SecureWorks reported finding cybercriminals using fake Border Gateway Protocol (BGP) broadcasts to redirect traffic from cryptocurrency mining pools to servers they control, diverting tens of thousands of dollars in cryptocurrency. The attackers compromised 51 mining pools hosted on 19 hosting companies. Source

August 7, Securityweek – (International) Attackers used multiple zero-days to hit spy agencies in cyber-espionage campaign. Kaspersky Lab researchers identified the infection methods used in the Epic Turla cyber-espionage campaign (also known as Snake or Uroburos) that targeted intelligence agencies, military organizations, government agencies, education institutions, pharmaceutical companies, and research groups in over 45 countries. The attackers behind the campaign used several malware platforms and zero-day exploits in Windows XP and Server 2003 and Adobe Reader to infect systems and then could upgrade the malware with additional capabilities once in place. Source

August 7, Dark Reading – (International) Attack harbors malware in images. A researcher with Dell SecureWorks reported finding the Lurk malware being distributed within a fake digital image as part of a click fraud campaign that infected around 350,000 systems. The malware in the campaign was spread through iFrames on Web sites containing an Adobe Flash exploit, and required victims to have a vulnerable version of Adobe Flash that is used to download the fake image file, which contains an encrypted URL that downloads a second malicious payload. Source

August 7, Securityweek – (International) Flaws in email and Web filtering solutions expose organizations to attacks: Researcher. A researcher at NCC Group presenting at the Black Hat 2014 conference published two whitepapers outlining how email and Web filtering solutions can be used by attackers in the reconnaissance phase of attacks to obtain information on a potential target network if the attackers can determine which products or services are being used on the target network. Source

August 8, The Register – (International) ‘Up to two BEEELLION’ mobes easily hacked by evil base station. Researchers from the security firm Accuvant announced at the Black Hat 2014 conference August 7 that up to 2 billion smartphone handsets are at risk for over the air hijacking and abuse which can be exploited through the Open Mobile Alliance Device Management (OMA-DM) protocol, used by approximately 100 mobile phone manufacturers. To access the handsets remotely the hacker only needs to know the handset’s unique International Mobile Station Equipment Identity (IMEI) number and a secret token. Source

From → Security

Comments are closed.

%d bloggers like this: