Skip to content

Gotham Security Daily Threat Alerts

by on January 22, 2015

January 21, Securityweek – (International) Siemens fixes vulnerabilities in SCALANCE, SIMATIC solutions. Siemens released firmware updates for the SCALANCE X-300 switch family and SCALANCE X408 running firmware versions prior to 4.0 to address denial of service (DoS) vulnerabilities that can be exploited by an unauthenticated attacker to cause a device to reboot by sending malformed HTTP requests or sending specifically crafted network packets to the device’s FTP server. Source

January 21, Softpedia – (International) Ransomware incidents on an upward trend, FBI warns. The FBI issued an alert January 20 and warned computer users of a newer variant of the CrytoWall data encryption malware that infects computers and restricts users’ access to files until a fee is paid and the files are unlocked. The malware has been spotted in the wild, featuring localized ransom messages and trying to connect to decryption services hidden in the Invisible Internet Project (I2P) network. Source

January 21, Krebs on Security – (International) Java patch plugs 19 security holes. Oracle released its quarterly patch update for Java, closing at least 19 security vulnerabilities including 13 flaws that are remotely exploitable. Source

January 21, Threatpost – (International) Hard-coded FTP credentials found in Schneider Electric SCADA Gateway. Schneider Electric released an update to address 2 flaws for their ETG3000 FactoryCast HMI Gateway, which is used in manufacturing, energy, water, and other industries as a Web-based SCADA system that could allow unauthenticated remote access to the device’s FTP server and configuration files. Source

January 19, Threatpost – (International) Potential code execution flaw haunts PolarSSL library. Researchers at Certified Secure discovered a vulnerability in PolarSSL, an open-source SSL library, which could enable an attacker to execute remote code execution and a denial of service (DoS) attack. Source

From → Security

Comments are closed.

%d bloggers like this: