Skip to content

Gotham Security Daily Threat Alerts

by on November 18, 2014

November 17, Softpedia – (International) BusyBox devices compromised through Shellshock attack. Researchers with Trend Micro identified a new version of the Bashlite malware that identifies devices on an infected system’s network that use the BusyBox software for Linux, including routers, and can then attempt to compromise them using the Shellshock vulnerability. Source

November 17, Softpedia – (International) Steam password stealer is stored on Google Drive. A researcher with Panda Security analyzed and reported a piece of malware designed to steal passwords for the Steam gaming service that is being delivered from a Google Drive account. The account was still active when the researcher reported the malware November 16 and targets victims via a fraudulent link in Steam chat that downloads an executable file. Source

November 17, The Register – (International) WinShock PoC clocked: But DON’T PANIC… It’s no Heartbleed. Researchers released a proof-of-concept (PoC) exploit for a SChannel crypto library flaw that was patched the week of November 10 in a Microsoft patch release. The flaw can still be exploited in unpatched Windows Server 2012, 2008 R2, and 2003 installations to run arbitrary code. Source

November 17, The Register – (International) Attack reveals 81 percent of Tor users but admins call for calm. A paper released by researchers at the Indraprastha Institute of Information Technology outlined a traffic confirmation attack method that the researchers stated could be used to identify users of the Tor anonymity network in 81 percent of cases if an attacker has sufficient resources. Source

November 17, Securityweek – (International) Alleged creators of WireLurker malware arrested in China. Authorities in China arrested three individuals for allegedly creating and distributing the WireLurker malware targeting Mac OS X, iOS, and Windows devices and shut down the Web site used to distribute the malware. Source

November 17, Securityweek – (International) Majority of top 100 paid iOS, Android apps have hacked versions: Report. Arxan Technologies released their annual State of Mobile App Security report which found that there were cloned or repackaged versions of 97 percent of the top 100 paid Android apps and 87 percent for top 100 paid iOS apps, and that repackaged or cloned financial services apps existed for 95 percent of apps on Android and 70 percent in iOS, among other findings. Source

November 16, Softpedia – (International) New variant of Dofoil trojan emerges with strong evasion features. Fortinet researchers identified a new variant of the Dofoil botnet malware that contains several changes aimed at preventing the malware from being detected and analyzed. Source

November 15, Softpedia – (International) New encryption ransomware offers file decryption trial. Researchers at Webroot identified a new piece of encryption ransomware dubbed CoinVault that encrypts victims’ files using AES-256 encryption, demands a ransom, and offers a free trial of the decryption performed if a ransom is paid. Source

November 14, Softpedia – (International) Google misses trojan SMS app in Play Store for more than a year. An SMS trojan named Thai Fun Content was identified by Malwarebytes researchers on the Google Play Store and was available for download for over 1 year. The app subscribes victims to a paid SMS service and charges victims $0.37 per day. Source


November 14, Securityweek – (International) OnionDuke APT malware distributed via malicious Tor exit node. Researchers with F-Secure identified a piece of sophisticated malware dubbed OnionDuke that was distributed by a Russia-based Tor exit node and uses the same command and control infrastructure as the MiniDuke malware used in advanced persistent threat (APT) campaigns. Source

November 13, Threatpost – (International) Internet voting hack alters PDF ballots in transmission. Researchers at Galois published a paper demonstrating how an attacker could conduct an attack against home routers by altering the router firmware that would allow them to intercept a PDF voting ballot and modify it before sending it to the election authority. Source

November 12, Associated Press – (National) US confirms climate agency websites hacked. A National Oceanic and Atmospheric Agency spokesman confirmed November 12 that four of its Web sites were compromised by an Internet-sourced attack after staff detected the intrusion and began incident response efforts. The agency performed unscheduled maintenance and all services were fully restored. Source

November 13, Securityweek – (International) Mobile Pwn2Own 2014: iPhone 5s, Galaxy S5, Nexus 5, Fire Phone hacked. Researchers participating in the Mobile Pwn2Own mobile device hacking competition in Tokyo November 12-13 were able to compromise several popular smartphones and mobile devices, achieving a full sandbox escape on an iPhone 5s, successful near field communications (NFC) attacks on the Galaxy 5S, and several other successful compromises. Source

November 12, WTNH 8 New Haven – (Connecticut) Coast Guard contractor pleads guilty to stealing personal information. A Pawcatuck man who ran a computer repair business and also worked as a contractor for the U.S. Coast Guard pleaded guilty November 12 to stealing personal information and data over 250 times from computers and other devices brought to him for repairs. Source

November 12, Softpedia – (International) 18-year-old remotely exploitable vulnerability in Windows patched by Microsoft. Microsoft released a patch November 11 for a data manipulation vulnerability that has existed in Windows operating systems starting with Windows 95. Researchers with IBM’s X-Force discovered and reported the vulnerability in May, which could have been used by attackers to gain control of affected systems for the last 18 years. Source

November 12, Help Net Security – (International) Microsoft patches Windows, IE, Word, SharePoint and IIS. Microsoft released its monthly Patch Tuesday round of updates for its products, which includes 14 bulletins including one patching a zero-day vulnerability in the Windows OLE packager for Windows Vista and newer Windows operating systems. Source

November 12, Softpedia – (International) 18 critical vulnerabilities patched in Flash Player Adobe released a new version of its Flash Player software, closing 18 critical security issues, 15 of which could allow an attacker to execute arbitrary code. Source

November 12, Network World – (International) Google DoubleClick down, leaving sites ad-free. The Google DoubleClick for Publishers service experienced an outage November 12, preventing ads from being displayed on several Web sites. Google stated that the company was working to resolve the issue. Source

November 12, Softpedia – (International) Air-gapped systems targeted by Sednit espionage group. Researchers with ESET stated that the Sednit espionage group (also known as APT28 or Sofacy) have employed a tool known as Win32/USBStealer since at least 2005 that can exfiltrate data from air gapped systems. The tool is added to a compromised system connected to the Internet and then plants the tool on any removable storage device, collects information on the air gapped system, and then transmits it back to the attackers whenever the storage device is next connected to an Internet-connected system. Source

November 11, Softpedia – (International) Uroburos espionage group is still active, relies on new remote access trojan. G Data researchers found that the Uroburos espionage group (also known as Turla or Snake) remains active and is using two similar versions of a new remote access trojan (RAT) known as ComRAT that includes increased obfuscation and anti-analysis capabilities. Source

November 10, Securityweek – (International) SQL injection vulnerability patched in IP.Board forum software. Invision Power Services released patches for its IP.Board forum software November 9, closing a SQL injection vulnerability several hours after its discovery on versions 3.3.x and 3.4.x. Source

November 10, Securityweek – (International) iOS security issue allows attackers to swap good apps for bad ones: FireEye. Researchers with FireEye identified a new attack dubbed a Masque Attack that can allow attackers to replace a legitimate iOS app with a malicious one if both applications use the same bundle identifier. Victims targeted by the attack must be lured into installing the malicious app which can then be replaced by the malicious app on jailbroken and non-jailbroken iOS devices. Source


From → Security

Comments are closed.

%d bloggers like this: