Skip to content

Gotham Security Daily Threat Alerts

by on August 18, 2014

August 15, The Register – (International) Don’t think you’re SAFE from Windows zombies just ‘cos you have an iPhone – research. Researchers at the Georgia Institute of Technology reported finding that Apple iOS devices can be compromised with iOS malware after being connected to a Windows computer by exploiting weaknesses in the iTunes syncing process, allowing attackers to steal data, install malicious apps, and replace existing apps. The researchers plan to demonstrate their findings August 20 at the Usenix Security Symposium. Source: http://www.theregister.co.uk/2014/08/15/infecting_ipads_new_how_to/

August 15, SC Magazine – (International) 50% of corporate passwords crackable within a few minutes. Trustwave released the results of research that analyzed 620,000 passwords compiled over 2 years and found that around 50 percent of U.S. corporate passwords could be cracked using a brute force method within a few minutes, while 92 percent could be cracked within 31 days. The research found that a longer password containing only letters took much longer to brute force compared to a shorter password that also includes numbers and special characters. Source: http://www.scmagazineuk.com/50-of-corporate-passwords-crackable-within-a-few-minutes/article/366470/

August 14, ZDnet – (International) Microsoft’s Visual Studio Online outage hits users worldwide. Microsoft’s Visual Studio Online service experienced a service interruption across multiple regions for around 9 hours August 14. Source: http://www.zdnet.com/microsofts-visual-studio-online-outage-hits-users-worldwide-7000032641/

August 15, Securityweek – (International) New Bugat malware uses HTML injections taken from Gameover Zeus. A researcher from IBM Security reported August 14 that a new variant of the Bugat financial malware (also known as Cridex or Geodo) was spotted infecting computers in the U.K. and the Middle East region. The new variant uses HTML injections and scripts and an attack structure similar to that used by the Gameover Zeus malware and attempts to redirect victims to fake financial institution Web sites in order to steal login information. Source: http://www.securityweek.com/new-bugat-malware-uses-html-injections-taken-gameover-zeus

August 14, Softpedia – (International) New Gameover Zeus botnet forming, the US sees most infections. Arbor Networks researchers observed two new variants of the Gameover Zeus financial malware using 8,494 IP addresses to attempt to connect to command and control (C&C) servers in July in order to build a new botnet after a law enforcement and industry takedown of the original botnet. The new variants no longer use the peer-to-peer (P2P) command and control architecture of the original and instead utilize a domain generation algorithm (DGA) to contact C&C servers. Source: http://news.softpedia.com/news/New-Gameover-Zeus-Botnet-Forming-the-US-Sees-Most-Infections-455112.shtml

From → Security

Comments are closed.

%d bloggers like this: