Skip to content

Gotham Security Daily Threat Alerts

by on August 15, 2014

August 14, Securityweek – (International) Vulnerabilities found in Disqus plugin for WordPress. A researcher identified and reported three vulnerabilities in the Disqus plugin for WordPress, including a cross-site request forgery (CSRF) issue that could allow an attacker to inject an exploit. The vulnerabilities were addressed June 29 in Disqus version 2.7.6, and a new version containing additional fixes was also released as version 2.7.7. Source

August 13, Ars Technica – (International) Internet routers hitting 512K limit, some become unreliable. LastPass, Liquid Web, eBay, and other services reported outages or isolated disruptions August 12 that were believed to be related to the growth of routable networks lists, also known as border gateway protocol (BGP) tables, beyond 512K, overwhelming some older routers and switches. Source

August 13, Softpedia – (International) iOS malware hijacks revenue from 22 million ads. A researcher published a paper detailing the operation of the AdThief (also known as Spad) malware that infected around 75,000 jailbroken iOS devices and stole ad revenue from around 22 million ads. The researcher found that the revenue was diverted to the attackers using a Cydia Substrate extension to modify the ads developer ID to one used by the attackers. Source

August 13, Softpedia – (International) Kovter ransomware thrives in Q2 2014, reaches 43,713 infections in a single day. Damballa released its State of Infections report for the second quarter (Q2) of 2014 and found that the daily infection rate of the Kovter ransomware increased by around 153 percent between April and May, infecting 43,713 systems in one day. Source

August 12, Softpedia – (International) Adobe Reader and Acrobat zero-day vulnerability patched in 11.0.08. Adobe released an out-of-band patch for Adobe Acrobat and Adobe Reader to close a vulnerability in Windows versions of the software that could allow attackers to bypass sandbox protections. Attackers were observed exploiting the vulnerability in targeted attacks and all users were advised to update their installations as soon as possible. Source

August 12, IDG News Service – (International) Microsoft’s Patch Tuesday updates focus on Internet Explorer. Microsoft released its August round of Patch Tuesday updates August 12, which addressed 37 vulnerabilities in Microsoft products including 26 patches for Internet Explorer and a critical vulnerability in OneNote. Source

August 12, Softpedia – (International) Seven critical Flash Player vulnerabilities fixed in new version. Adobe released an update for its Adobe Flash Player product that closes seven critical security vulnerabilities. Source

August 12, IDG News Service – (International) 15 new vulnerabilities reported during router hacking contest. A security contest held at the DefCon 22 conference resulted in researchers identifying and reporting 15 new vulnerabilities in 5 popular models of wireless routers. Source

August 12, Dark Reading – (International) Security holes exposed in Trend Micro, Websense, open source DLP. Two researchers from Duo Security and Tumblr presenting at the Black Hat conference reported identifying several cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities in four commercial data loss prevention (DLP) products and one open-source DLP product that could allow attackers to access or manipulate data. The majority of the flaws were in the products’ Web-based interfaces. Source

August 12, Softpedia – (International) New Android malware Krysanec infects legitimate apps. Researchers at ESET identified a new remote access trojan (RAT) for Android devices known as Krysanec that is integrated into legitimate apps and can allow attackers to remotely control various device functions and steal information. The malware is being spread through several methods, including social networks and pirated content Web sites. Source

 

 

From → Security

Comments are closed.

%d bloggers like this: