Skip to content

Gotham Security Daily Threat Alerts

by on January 23, 2015

January 22, Help Net Security – (International) Angler exploit kit goes after new Adobe Flash 0-day flaw. A malware researcher discovered an unconfirmed zero-day vulnerability in Adobe Flash Player versions 16.0.0.235 and 16.0.0.257 that was found in the popular Angler exploit kit and exposes users of Windows XP, 7, 8 and Internet Explorer 6, 7, 8, and 10 to the Bedep trojan that makes the victims’ computer perform ad fraud calls. Source

January 22, Securityweek – (International) Google fixes 62 security bugs with release of Chrome 40. Google announced a release of Chrome 40 for Windows, Mac OS, and Linux, closing 62 vulnerabilities, including the disabling of SSL 3.0, a protocol found to be vulnerable to POODLE attacks. Source

January 22, The Register – (International) Remote code execution vulns hit Atlassian kit. Atlassian has released updates to patch a serious vulnerability, an Object-Graph Navigation Language (OGNL) double evaluation vulnerability found in all versions of its Confluence, Bamboo, FishEye, and Crucible products that could allow an attacker to execute Java code of their choice on systems that use the affected frameworks as long as they can access their Web interfaces. Source

January 22, Help Net Security – (International) Click-fraud malware brings thousands of dollars to YouTube scammers. Researchers at Symantec reported a two-component click-fraud malware dubbed Tubrosa, which could allow an attacker to compromise victims’ computers with the malware and use them to artificially inflate their YouTube video views and take advantage of the YouTube Partner Program validation process. Source

January 22, Softpedia – (International) Tesla Model S hacked to start without key. Qihoo 360 reported a vulnerability in the Tesla Model S discovered during a demonstration at the SyScan security conference in Beijing that could allow an attacker to unlock the vehicle, start the engine, and drive away with the vehicle by intercepting the communication between the key fob and the car. Tesla officials confirmed the flaw and stated that a fix would be released to close the vulnerability. Source

From → Security

Comments are closed.

%d bloggers like this: