Skip to content

Gotham Security Daily Threat Alerts

by on November 4, 2014

October 30, The Register – (International) Drupalocalypse! Devs say it’s best to assume your CMS is owned. The developers of the Drupal content management system (CMS) warned that Drupal Web sites that were not patched within 7 hours of the disclosure of a critical SQL injection vulnerability October 15 should be considered compromised due to the simplicity of the vulnerability and how quickly it was leveraged by attackers. The developers advised affected admins to restore their sites from backup since applying the patch would only close the vulnerability to future use, not remove any malware already in place. Source

October 30, Threatpost – (International) Popular Science website infected, serving malware. Researchers from Websense Security Lab discovered and reported that the Web site of Popular Science magazine was compromised and injected with a malicious iFrame that redirects users to a site hosting the RIG Exploit Kit. Source

October 30, Securityweek – (International) “AirHopper” malware uses radio signals to steal data from isolated computers. Researchers at the Ben Gurion University created a proof-of-concept malware dubbed AirHopper that was used to demonstrate a data exfiltration attack against air gapped systems using radio signals produced by the target system’s graphics card. The attack requires adding the malware to the target system and installing malicious code onto a nearby mobile device in order to set up the channel for transmitting the data sent from the target system. Source

October 29, Softpedia – (International) Gmail drafts used to exfiltrate data and send malicious instructions. Shape Security researchers identified and reported a new variant of the IcoScript remote access trojan (RAT) that uses draft Gmail email messages to communicate with its operator and receive instructions in order to avoid detection. The researchers stated that the malware strain appears limited to use in targeted attacks. Source

October 29, Securityweek – (International) ICS-CERT warns of ongoing attack campaign targeting industrial control systems. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning about an ongoing attack campaign targeting human machine interface (HMI) products used in industrial control systems including GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC products. The campaign uses a variant of the BlackEnergy malware and shares the same command and control infrastructure as the Sandworm campaign team. Source

October 29, Securityweek – (International) Microsoft releases Fix It tool to disable SSL 3.0 in IE to muzzle Poodle attack. Microsoft released a Fix It tool that allows users to disable SSL 3.0 in all supported versions of Internet Explorer, closing the vulnerability used in the POODLE attack. The company also announced that it will disable SSL 3.0 and fallback to SSL 3.0 by default in its products in the months ahead. Source

October 30, Softpedia – (International) Mobile payment app contender CurrentC sees testers’ details stolen. Merchant Customer Exchange (MCX) notified adopters of CurrentC, a mobile payment app currently hosted in a trial phase, of an intrusion that revealed the email addresses of those with accounts for the testing program. The company reported that it is investigating and believes the intrusion was a result of a third-party vulnerability. Source

From → Security

Comments are closed.

%d bloggers like this: