Skip to content

Gotham Security Daily Threat Alerts

by on August 12, 2014

August 11, Help Net Security – (International) Critical 0-days found in CPE WAN Management Protocol. Check Point researchers reported finding several zero-day vulnerabilities in CPE WAN Management Protocol (CWMP/TR-069) deployments used by major Internet service providers (ISPs) to control home and business Internet equipment which could allow large-scale malware infections able to compromise privacy, steal information, or cause service disruptions. Check Point reported the vulnerabilities to ISPs and assisted in closing them before reporting their findings publicly. Source

August 11, Help Net Security – (International) Smart Nest thermostat easily turned into spying device. An independent researcher and two researchers from the University of Central Florida presenting at the 2014 Black Hat conference demonstrated how Nest smart thermostats can be compromised quickly using a USB flash drive, potentially allowing attackers to obtain information on a victim’s habits as well as network information such as WiFi credentials. Compromised thermostats could also be used to connect to the Internet and be used in a variety of malicious tasks. Source

August 9, Softpedia – (International) 10,000 impacted by resurging Facebook color changing app scam. Researchers at Cheetah Mobile reported that a resurgence of a scam that purports to change the color scheme of Facebook has affected 10,000 users recently. The campaign steals users’ Access Tokens and then attempts to install a malicious fake antivirus program or video player. Source

August 8, The Register – (International) Oracle Database 12c’s data redaction security smashed live on stage. A researcher with Datacomm TSS presenting at the Defcon 22 conference demonstrated how a remote attacker could inject SQL queries to access redacted information in Oracle Database 12c due to several coding flaws. Source

From → Security

Comments are closed.

%d bloggers like this: