Skip to content

Gotham Security Daily Threat Alerts

by on December 17, 2014

December 16, Securityweek – (International) Banking trojan abuses Pinterest in C&C routines. Researchers with Trend Micro identified a variant of the BANKER malware known as TSPY_BANKER.YYSI that is currently targeting users of South Korean banking Web sites via redirection to a phishing site and accesses comments on the Pinterest social network instead of a command and control (C&C) server. The comments are decoded into IP addresses for the server hosting the phishing page. Source

December 16, Securityweek – (International) CA Technologies fixes vulnerable CA Release Automation. CA Technologies released a patch for its CA Release Automation continuous delivery system that closes a cross-site request forgery (CSRF), cross-site scripting (XSS), and SQL injection vulnerability in previous versions of the product. Source

December 15, Threatpost – (International) Shellshock worm exploiting unpatched QNAP NAS devices. Researchers with the SANS Institute stated that network attached storage (NAS) devices manufactured by QNAP may still be vulnerable to attackers exploiting the Bash flaw that was patched previously due to the complexity and lack of automation in the patching process. The researchers published two hashes that have been used in recent attacks to perform click fraud against the JuiceADV advertising network. Source

 

From → Security

Comments are closed.

%d bloggers like this: