Skip to content

Gotham Security Daily Threat Alerts

by on November 4, 2014

November 3, The Register – (International) VMware: Yep, ESXi bug plays ‘finders keepers’ with data backups. VMware confirmed an issue reported by users of its ESXi 4.x and ESXi 5 hypervisor where virtual machines with Changed Block Tracking (CBT) enabled and that have been increased in size by more than 128GB show an inaccurate list of allocated virtual machine disk sectors, which could cause backed-up data to be unrecoverable. VMware recommended that users disable and then re-enable CBT and stated that the company is working on a permanent solution. Source

November 3, SC Magazine – (International) Researchers notice uptick in ‘Poweliks’ trojan infections. Symantec researchers observed an increase in reported Poweliks trojan infections, with the malware delivered by spam emails, exploit kits, and a spam campaign that impersonates the U.S. Postal Service and Canadian Post. Source

October 31, Securityweek – (International) New RAT hijacks COM objects for persistence, stealthiness. Researchers at G DATA Software’s SecurityLabs identified a new remote access trojan (RAT) dubbed COMpfun that hijacks legitimate Component Object Model (COM) objects to evade detection by security software. The RAT is capable of executing code, logging keystrokes, downloading or uploading files, and other tasks. Source

October 31, Softpedia – (International) RIG Exploit Kit used in Drupal CMS exploit incidents. RiskIQ researchers observed the RIG Exploit Kit being used in attacks that exploit a critical SQL injection vulnerability in the Drupal content management system (CMS) to redirect users to the exploit kit. The researchers found that all instances of the exploit kit are hosted on a machine at a Selectel datacenter in Russia. Source

October 31, Securityweek – (International) iOS app vulnerability exposed GroupMe accounts. A researcher identified and reported a vulnerability in the GroupMe app for iOS that could have allowed an attacker to hijack the account of another user due to the sign-up process for new accounts lacking rate limiting or a security lockout mechanism on a phone number verification process. The issue was reported August 28 and patched September 17, and the researcher stated that there was no evidence it was exploited before being fixed. Source

October 31, Help Net Security – (International) Android dialer hides, resists attempts to remove it. Researchers with Dr. Web identified a malicious dialer for Android dubbed Android.Dialer.7.origin that places calls to a paid service at regular intervals after infecting devices disguised as an app. The malware attempts to hide itself by deleting its shortcut, disabling the device earpiece during calls, and removing evidence of the calls from the call and system logs. Source

October 30, The Register – (International) Danish court finds Pirate Bay cofounder guilty of hacking CSC servers. A court in Denmark found a cofounder of the Pirate Bay Web site guilty of working with an anonymous accomplice to compromise servers belonging to U.S. company CSC that contained data for European governments between February and August 2012. Source

From → Security

Comments are closed.

%d bloggers like this: