Skip to content

Gotham Security Daily Threat Alerts

by on November 6, 2014

November 5, Ars Technica – (International) Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud. A researcher stated that he was able to replicate the MD5 hash collision method used in the Flame cyberespionage attacks using a GPU instance on Amazon Web Service to cause two images to have the same MD5 hash. The method was used in the Flame campaign to cause compromised Windows Update certificates to be recognized as valid on targeted systems, allowing malware to be downloaded undetected. Source: http://arstechnica.com/security/2014/11/crypto-attack-that-hijacked-windows-update-goes-mainstream-in-amazon-cloud/

November 5, Help Net Security – (International) New technique makes phishing sites easier to create, more difficult to spot. Trend Micro researchers identified a new phishing site technique targeting an e-commerce site that uses a proxy to relay user traffic to a legitimate site and then redirects users to a phishing site once they make a purchase and enter payment information. The method was observed in an attack on an online store in Japan but could be used for other sites. Source: http://www.net-security.org/secworld.php?id=17592

November 4, Softpedia – (International) Compromised EDU domain used to send out ZeuS-laden emails. Researchers with PhishMe detected a spam email campaign distributing the Zeus (also known as Zbot) information-stealing trojan through email addresses belonging to an undisclosed U.S. educational organization with around 25,000-30,000 enrolled students. Source: http://news.softpedia.com/news/Compromised-EDU-Domain-Used-to-Send-Out-ZeuS-Laden-Emails-464072.shtml

November 4, SC Magazine – (International) Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes. Symantec researchers stated November 4 that the music news Web site Spin.com was redirecting users to a page hosting the Rig Exploit Kit October 27 and that the issue has been closed. The researchers were unsure of how the compromise occurred but found that the attackers injected an iFrame into the site in order to redirect visitors. Source: http://www.scmagazine.com/the-popular-music-news-site-redirected-visitors-to-the-rig-exploit-kit/article/381364/

 

 

From → Security

Comments are closed.

%d bloggers like this: