Skip to content

Gotham Security Daily Threat Alerts

by on November 20, 2014

November 19, Securityweek – (International) Advanced variant of “NotCompatible” Android malware a threat to enterprises. Researchers with Lookout identified a new variant of the NotCompatible trojan for Android dubbed NotCompatible.C which includes several changes to avoid detection by security software, including encrypted communications and geographically distributed command and control (C&C) servers. The malware is being spread by spam emails and compromised Web sites and acts as a proxy on infected systems. Source: http://www.securityweek.com/advanced-variant-notcompatible-android-malware-threat-enterprises

November 18, Securityweek – (International) Microsoft fixes critical Kerberos flaw under attack with out-of-band patch. Microsoft released an out-of-band patch November 18 to close a vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to domain administrator privileges. The vulnerability has been exploited in limited, targeted attacks and users were advised to apply the patch as soon as possible due to the critical nature of the vulnerability. Source: http://www.securityweek.com/microsoft-fixes-critical-kerberos-flaw-under-attack-out-band-patch

November 18, SC Magazine – (International) Apple releases OS X Yosemite and iOS updates. Apple released updates November 18 for its OS X Yosemite operating system and iOS 8 mobile operating system, adding improvements and closing an unlimited passcode attempt vulnerability in iOS 8. Source: http://www.scmagazine.com/apple-releases-updates-for-os-x-and-ios/article/383995/

November 18, Securityweek – (International) Flashpack exploit kit uses ad networks to deliver Cryptowall, Dofoil malware. Trend Micro researchers identified a malicious advertisement campaign that uses free ads to attempt to redirect users to a page hosting the Flashpack exploit kit, which then attempts to serve a variant of the Dofoil trojan or the Cryptowall ransomware. Source: http://www.securityweek.com/flashpack-exploit-kit-uses-ad-networks-deliver-cryptowall-dofoil-malware

November 18, Softpedia – (International) Legit Windows Phone apps can be replaced by malicious ones through copy/paste. A researcher reported that rogue versions of legitimate apps can be installed onto Windows Phone mobile devices after the installation of the legitimate app by replacing the files with the rogue app files. Source: http://news.softpedia.com/news/Legit-Windows-Phone-Apps-Can-Be-Replaced-By-Malicious-Ones-Through-Copy-Paste-465311.shtml

From → Security

Comments are closed.

%d bloggers like this: