Skip to content

Gotham Security Daily Threat Alerts

by on August 20, 2014

August 18, Threatpost – (International) New attack binds malware in parallel to software downloads. Researchers at Ruhr University developed a proof-of-concept attack that can inject malicious code into a legitimate download that runs parallel to the original and does not modify the code, taking advantage of security deficiencies present in some free and open source software. An attacker using the attack would need to control an intermediate network node between the client and the download server, such as compromising a router, using a network redirection attack, or compromising an insider through social engineering. Source: http://threatpost.com/new-attack-binds-malware-in-parallel-to-software-downloads

August 18, Securityweek – (International) Four-year old flaw exploited by Stuxnet still targeted. Kaspersky Lab researchers found that vulnerability CVE-2010-2568 leveraged in the Stuxnet attacks was still present on many systems 4 years after it was patched, with tens of millions of exploits targeting the vulnerability observed between November 2013 and June 2014. The researchers also found that other older vulnerabilities are still frequently targeted, and that around 53 percent of 15.06 million detected exploits targeted Java vulnerabilities. Source: http://www.securityweek.com/four-year-old-flaw-exploited-stuxnet-still-targeted

 

From → Uncategorized

Comments are closed.

%d bloggers like this: