Skip to content

Gotham Security Daily Threat Alerts

by on October 23, 2014

October 22, Securityweek – (International) Windows zero-day exploited in targeted attacks through PowerPoint. Microsoft reported that it has observed limited targeted attacks exploiting a zero-day vulnerability in the company’s Object Linking and Embedding (OLE) technology which could allow an attacker to perform remote code execution if a user opens a specially-crafted Microsoft Office file. The vulnerability affects all current Microsoft Windows releases except Windows Server 2003 and Microsoft advised users to apply a series of workarounds until a patch can be released. Source: http://www.securityweek.com/windows-zero-day-exploited-targeted-attacks-through-powerpoint

October 22, Help Net Security – (International) Koler worm spreads via SMS, holds phones for ransom. Researchers at AdaptiveMobile identified a new variant of the Koler worm for Android that spreads via a bitly link that directs users to a Dropbox page where the malware is disguised as an app. The malware then blocks infected devices’ screens with a fake law enforcement page and demands a ransom to be paid via Money Pak Voucher. Source: http://www.net-security.org/malware_news.php?id=2890

October 22, Help Net Security – (International) Attackers change home routers’ DNS settings via malicious code injected in ads. Sucuri Security researchers identified a malvertising campaign that embeds malicious code into an ad hosted on the googlesyndication.com network and attempts to change the DNS settings on users’ home routers in order to lead them to potentially malicious Web sites. Source: http://www.net-security.org/malware_news.php?id=2891

October 22, Help Net Security – (International) Malware directs stolen documents to Google Drive. Researchers with Trend Micro identified a new piece of information-stealing malware dubbed Drigo that uploads any .PDF, text, and Microsoft Word, Excel, and PowerPoint files to a Google Drive account. The researchers reported that the malware appears to be targeting government agencies and reported the Google Drive account associated with the malware to Google. Source: http://www.net-security.org/malware_news.php?id=2888

October 21, Securityweek – (International) Apple fixes security flaws with release of iOS 8.1. Apple released an update to its iOS 8 mobile operating system, closing several vulnerabilities and adding new features. Source: http://www.securityweek.com/apple-fixes-security-flaws-release-ios-81

From → Security

Comments are closed.

%d bloggers like this: