Skip to content

Gotham Security Daily Threat Alerts

by on March 27, 2015

March 26, Softpedia – (International) Microsoft revokes rogue digital certificate for Google and other web domains. Microsoft updated its Certificate Trust List (CTL) for Windows operating systems, and pushed automatic updates to revoke a certificate fraudulently issued by Egypt-based MCS Holdings. The fraudulent certificates affected several Google domains, as well as other domains, and left Windows users vulnerable to Web content spoofing, phishing, and man-in-the-middle (MitM) attacks. Source

March 26, Softpedia – (International) Apple customers lured to disclose Apple ID and card data. Security analysts at Bitdefender discovered a phishing scheme in which Apple device users are being targeted with emails that link to a hoax site requesting Apple ID credentials, personal information, payment card information, and a 3D Secure password. After users fill out the form, they are notified of a bogus two-factor authentication (2FA) process and are given an option to change their password. Source

March 26, Securityweek – (International) Cisco fixes DoS vulnerabilities in IOS software. Cisco Systems released security updates patching 16 vulnerabilities in IOS and IOS XE software components, including Autonomic Network Infrastructure (ANI), Common Industrial Protocol (CIP), multicast Domain Name System (mDNS), transmission control protocol (TCP), Virtual Routing and Forwarding (VRF), and Internet Key Exchange version 2 (IKEv2). The vulnerabilities allowed remote, unauthenticated attackers to trigger denial-of-service (DoS) conditions on targeted systems. Source

March 25, Threatpost – (International) Default setting in Windows 7, 8.1 could allow privilege escalation, sandbox escape. A Google Security Project Zero researcher identified certain default authentication settings in Microsoft’s Windows versions 7 and 8.1 that could allow attackers to use cross-protocol NT LAN Manager (NTLM) reflection to attack a local Server Message Block (SMB) server and leverage Web Distributed Authoring and Versioning (WebDAV) to elevate privileges or escape application sandboxes. Microsoft urged users to implement Extended Protection for Authentication (EPA) to mitigate the vulnerability. Source



From → Security

Comments are closed.

%d bloggers like this: