Skip to content

Gotham Security Daily Threat Alerts

by on January 28, 2015

January 27, Securityweek – (International) Super Bowl fans warned about vulnerable NFL mobile app. Researchers at Wandera, a mobile gateway company, reported a vulnerability in the official National Football League (NFL) mobile apps for iOS and Android that exposes users’ personal information immediately after the user signs into the mobile app in a secondary unencrypted API call, and can be intercepted through man-in-the-middle (MitM) attacks. Source

January 27, Softpedia – (International) Regin cyber-espionage platform manned by the NSA. Researchers at Kaspersky Lab discovered a link in the keylogger dubbed QWERTY, a plugin for the WARRIORPRIDE malware framework, to be identical in functionality to Regin malware plugin 50251, responsible for kernel-mode hooking. The Regin platform targets telecommunication companies, government organizations and political entities, financial institutions, academia and specific individuals. Source

January 27, Help Net Security – (International) Supposedly clean Office documents download malware. Bitdefender is warning Microsoft Office users of a new spam campaign that resembles a tax return, a remittance, or form of bill from a bank and carries a Microsoft Word or Excel attachment that will automatically execute a piece of malware with a macro code disguised to bypass traditional antivirus if downloaded. Source

January 27, Help Net Security – (International) Android Wi-Fi Direct DoS vulnerability discovered. A researcher from the CoreLabs Team discovered a Denial of Service (DoS) vulnerability in some Android devices that could allow an attacker to send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class. The Android security team was informed of the flaw in September 2014. Source

 

From → Security

Comments are closed.

%d bloggers like this: