Skip to content

Gotham Security Daily Threat Alerts

by on October 3, 2014

October 2, Softpedia – (International) Major security flaw in Xen hypervisor disclosed. The developers of the Xen hypervisor released a patch after a security vulnerability was disclosed October 1 that could allow an attacker to use a malicious hardware virtual machine to read data from other virtual machines or crash the host machine. Source: http://news.softpedia.com/news/Major-Security-Flaw-in-Xen-Hypervisor-Disclosed-460746.shtml

October 2, Softpedia – (International) OS X botnet malware uses Reddit to get IPs of control servers. Researchers with Doctor Web found that a piece of botnet malware for OS X known as iWorm uses the search function on Reddit to access a list of command and control (C&C) servers used to receive instructions. Over 17,000 unique IP addresses are associated with systems infected by iWorm and the C&C server addresses are disguised on Reddit by purporting to be addresses for Minecraft servers. Source: http://news.softpedia.com/news/OS-X-Botnet-Malware-Uses-Reddit-to-Get-IPs-of-Control-Servers-460766.shtml

October 2, Securityweek – (International) VMware releases software updates to fix ShellShock bug. VMware released patches for several of its products in order to close the Shellshock vulnerability in GNU Bash. Source: http://www.securityweek.com/vmware-releases-software-updates-fix-shellshock-bug

October 2, The Register – (International) Researchers bypass Redmond’s EMET, again. Researchers with Offensive Security reported that they were able to bypass the fifth version of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) security tool on several versions of the Windows operating system. Source: http://www.theregister.co.uk/2014/10/02/researchers_bypass_redmonds_emet_again/

October 1, The Register – (International) Bash bug flung against NAS boxes. FireEye researchers warned that attackers are attempting to exploit the Shellshock vulnerability in GNU Bash in order to compromise Network Attached Storage (NAS) systems before the systems can be patched. The researchers reported that NAS systems made by QNAP were especially targeted and that attackers were seeking to install backdoors. Source: http://www.theregister.co.uk/2014/10/01/sheelshock_nas_attack/

October 1, Threatpost – (International) Joomla re-issues security update after patches glitch. The developers of Joomla released a second version of a security update October 1 after an initial update designed to close critical vulnerabilities created some technical issues with users. Source: http://threatpost.com/joomla-re-issues-security-update-after-patches-glitch

October 1, V3.co.uk – (International) Four hackers accused of $100m US military software and gaming IP theft. Four individuals were indicted for allegedly stealing over $100 million worth of intellectual property from game developers and the U.S. Army including data from yet-to-be-released games and training software used to train helicopter pilots. Two of the accused pleaded guilty and reportedly used a SQL injection attack to steal the usernames and passwords of employees and software developers in order to gain access to the data. Source: http://www.v3.co.uk/v3-uk/news/2373278/four-hackers-accussed-of-usd100m-us-military-software-and-gaming-ip-theft

October 1, Softpedia – (International) Xsser mRAT, advanced spyware for iOS, discovered. Researchers with Lacoon Mobile Security identified a new remote access trojan (RAT) for iOS mobile devices dubbed Xsser that targets jailbroken iOS devices and can exfiltrate personal and device data. The researchers believe that Xsser is linked to the Chinese government and targets protestors in Hong Kong. Source: http://news.softpedia.com/news/Xsser-mRAT-Advanced-Spyware-For-iOS-Discovered-460640.shtml

October 1, Softpedia – (International) High risk vulnerability patched in Joomla. The developers of the Joomla content management system (CMS) released a patch for version 3.x closing two vulnerabilities including a remote file inclusion (RFI) issue that could allow an attacker to run remote files. Source: http://news.softpedia.com/news/High-Risk-Vulnerability-Patched-in-Joomla-460600.shtml

September 30, The Register – (International) OpenVPN open to pre-auth Bash Shellshock bug – researcher. The chief technology officer of Mullvad stated that some configurations of OpenVPN are susceptible to the Shellshock vulnerability if Bash is allowed to run scripts. A proof-of-concept for the issue was identified online. Source: http://www.theregister.co.uk/2014/09/30/openvpn_open_to_shellshock_researcher/

September 30, Softpedia – (International) Asprox botnet malware sent through fake Viber email notification. An analysis from Tech Help List identified a new spam campaign utilizing fake Viber emails to attempt to add new bots to the Asprox botnet. The analysis noted that the attackers were using several techniques to hide their malicious activity and avoid analysis by researchers. Source: http://news.softpedia.com/news/Asprox-Botnet-Malware-Sent-Through-Fake-Viber-Email-Notification-460498.shtml

From → Security

Comments are closed.

%d bloggers like this: