Skip to content

Gotham Security Daily Threat Alerts

by on October 15, 2014

October 14, Help Net Security – (International) Russian espionage group used Windows 0-day to target NATO, EU. iSIGHT Partners discovered a zero-day vulnerability used in a cyber-espionage campaign dubbed SandWorm targeting the North Atlantic Treaty Organization, the European Union, Ukrainian and Polish government organizations, and several European telecommunications and energy sectors. Microsoft is expected to release a patch for the zero-day which exploits supported versions of Microsoft Windows and Windows Server 2008 and 2012. Source: http://www.net-security.org/secworld.php?id=17491

October 14, Softpedia – (International) Dropbox denies being hacked, points to third-party services. Dropbox announced that its servers were not breached after a list of 420 username and password pairs were publicized on Pastebin with a poster claiming that more would be published with Bitcoin donations. The company reported that the information was stolen from other Web services used by the victims, who had identical usernames and passwords for Dropbox. Source: http://news.softpedia.com/news/Dropbox-Denies-Being-Hacked-Points-At-Third-Party-Services-461989.shtml

October 13, Network World – (International) The snappening: Snapsaved admits to hack that leaked SnapChat photos. Snapchat’s third-party app Snapsaved was hacked involving the release of 500MB of images containing between 90,000 and 200,000 photos and videos due to a misconfiguration in their Apache server. Snapsaved subsequently deleted the entire Web site and database associated with the breach. Source: http://www.networkworld.com/article/2825359/microsoft-subnet/the-snappening-snapsaved-admits-to-hack-that-leaked-snapchat-photos.html

October 10, Securityweek – (International) Multiple vulnerabilities found in BMC Track-It! help desk software. Researchers with the Computer Emergency Response Team Coordination Center at Carnegie Mellon University (CERT/CC) and Agile Information Security found that Track-It! version 11.3.0.355, the IT helpdesk solution created by BMC Software, contains three vulnerabilities related to permissions, privileges, and access control, missing authentication for critical function, and an exploitation using blind SQL injection. The company is working on addressing the issues. Source: http://www.securityweek.com/multiple-vulnerabilities-found-bmc-track-it-help-desk-software

October 10, SC Magazine – (International) New mobile trojan masquerading as Tic-tac-toe game targets Android devices. Kaspersky Lab researchers found that a Tic-tac-toe game available on Android devices houses the Gomal trojan which allows hackers to record audio from the microphone, steal incoming SMS messages, steal data from the device log, and obtain root privileges, among other things. Good for Enterprise researchers determined that the app was a proof-of-concept app presented at Black Hat 2013 and used only in Samsung Exynos memory access vulnerability, which has since been patched. Source: http://www.scmagazine.com/new-mobile-trojan-masquerading-as-tic-tac-toe-game-targets-android-devices/article/376722/

October 10, SC Magazine – (International) HP to remove digital signature that code-signed malware. Symantec discovered that an HP digital certificate was used to cryptographically sign (code-sign) malware shipped through HP products in May 2010. HP will revoke the digital certificate October 21 after researchers found an apparent signature on a four-year-old trojan that may have been included in the software. Source: http://www.scmagazine.com/hp-to-remove-digital-signature-that-code-signed-malware/article/376737/

From → Security

Comments are closed.

%d bloggers like this: