Skip to content

Gotham Security Daily Threat Alerts

by on June 25, 2015

June 24, Softpedia – (International) Dyre banking malware uses 285 command and control servers. Security researchers from Symantec released a report revealing that multiple groups are running at least 285 command and control (C&C) servers, as well as 44 machines to deliver payloads and execute man-in-the-browser (MitB) attacks. The servers are located primarily in Ukraine and Russia but located worldwide, and are primarily targeting financial organizations in the U.S. and United Kingdom. Source

June 24, The Register – (International) Feds count Cryptowall cost: $18 million says FBI. The FBI reported that the U.S. Internet Crime Complaints Commission (IC3) received 992 complaints associated with the CryptoWall ransomware resulting in U.S. user and business losses of over $18 million from April 2014 – June 2015. Source

June 23, Softpedia – (International) Flash Player zero-day used by Chinese Cyber-Espionage group. Security researchers from FireEye discovered that the APT3 advanced threat group is currently exploiting a zero-day Adobe Flash Player heap buffer overflow vulnerability patched by Adobe June 23. The group’s latest campaign was dubbed Operation Clandestine Wolf, and they generally target organizations from the aerospace and defense, construction and engineering, technology, telecommunications, and transportation industries. Source

June 23, Softpedia – (International) Cheap radio device can steal decryption keys from nearby laptop. Researchers from Israel created a palm-sized radio device that can capture decryption keys from laptops just a few feet away by intercepting bit patterns in electromagnetic emanations from the targeted machine’s central processing unit (CPU). The device can be built for about $300 from readily available components, and was able to extract decryption keys within seconds. Source

June 23, SC Magazine – (International) Targeted attacks rise, cyber attackers spreading through networks, report says. Vectra Networks released findings from its Post-Intrusion Report of 40 customer and prospect networks revealing that non-linear growth in lateral movement of attacks increased 580 percent from 2014, that reconnaissance detections were up 270 percent, and that overall detections increased 97 percent. Vectra attributed the large uptick in detections partly to the increased accessibility of hacker tools. Source

June 23, Dark Reading – (International) Government, Healthcare particularly lackluster in application security. Veracode released findings from its State of Software Security Report revealing that government agencies and healthcare organizations performed the worst in industry-specific software security metrics due to issues such as slow rates in addressing identified flaws and cryptographic vulnerabilities from weak algorithms, while all industries struggled with software supply chain issues, among other findings. Source

June 23, Threatpost – (International) TCP vulnerability haunts Wind River VxWorks embedded OS. Security researchers at Georgia Tech discovered a transmission control protocol (TCP) prediction vulnerability in Wind River’s VxWorks embedded operating system (OS) used in a large number of industrial control system (ICS) products in which an attacker can leverage a predictable TCP initial sequence to spoof or disrupt connections to and from target devices. Source

June 23, Softpedia – (International) Adobe fixes Flash Player zero-day exploited in the wild. Adobe released an emergency update for its Flash Player software addressing a heap buffer overflow vulnerability that is being exploited in the wild in which an attacker could execute arbitrary code and take control of an affected system, possibly funneling in malware via drive-by download attacks. Source

June 23, Dark Reading – (International) Banks targeted by hackers three times more than other sectors. Raytheon and Websense released findings from a study on their customers revealing that financial services organizations, many of which are U.S. firms, are targeted three times more by cybercriminals than any other industry, and that these attacks are primarily utilizing the Rerdom, Vawtrack, and Geodo malware families, among other findings. Source

June 23, Bloomberg – (International) Most-wanted cybercriminal extradited to U.S. from Germany. German authorities extradited a Turkish suspect, who is considered to be one of the world’s most wanted cybercriminals, to the U.S. June 23 on charges that he allegedly organized a complex bank heist of $40 million in cash from ATMs in New York and in 23 other countries in February 2013. The suspect also reportedly stole $19 million through 25,700 ATM transactions in 20 countries from 2011 – 2012. Source

From → Security

Comments are closed.

%d bloggers like this: