Skip to content

Gotham Security Daily Threat Alerts

by on August 10, 2015

August 7, Securityweek – (International) Mozilla patches Firefox zero-day exploited in the wild. Mozilla released Firefox version 39.0.3 to address a zero-day vulnerability in the browser’s mechanism that enforces JavaScript’s same origin policy and Firefox’s PDF Viewer, in which an attacker can inject a JavaScript payload to steal local files containing sensitive information. The attack was observed being exploited in the wild, targeting certain types of files hosted on Windows and Linux systems. Source

August 6, Help Net Security – (International) Zero-day disclosure-to-weaponization period cut in half. Security researchers from Malwarebytes reported a trending decrease in time between the disclosure and weaponization of zero-day vulnerabilities, evident in a 50 percent drop in average weaponization times in the last 10 months, citing the fallout from the Hacking Team breach as a contributing factor. Source

August 6, IDG News Service – (International) Attackers could use Internet route hijacking to get fraudulent HTTPS certificates. Security researchers at Black Hat 2015 highlighted the threats posed by Border Gateway Protocol (BGP) hijacking attacks, also known as route leaking, in which an attacker could tailor attacks to specific geographic regions by tricking a certificate authority (CA) into issuing a valid certificate for a domain name that they do not own. Source

August 6, Softpedia – (International) 80 vulnerabilities found in iOS in 2015, 10 in Android. Secunia released findings from a report on security vulnerability trends for the first 7 months of 2015 revealing an increase of “extremely critical” and “highly critical” threats, a trending increase in zero-day exploits, and a total of 80 reported vulnerabilities in Apple’s iOS operating system (OS) versus 10 in Android devices. Researchers cited Apple’s control of its OS and patch cycle as the cause for higher number if iOS vulnerabilities. Source

August 6, Help Net Security – (International) Easily exploitable Certifi-gate bug opens Android devices to hijacking. Security researchers from Check Point’s mobile security research team discovered a set of vulnerabilities in the Android operating system (OS) dubbed “Certifi-gate” in the architecture of mobile Remote Support Tools (mRSTs) used by almost every Android device manufacturer in which an attacker can leverage hash collisions, inter-process communication (IPC) abuse, and certificate forging to gain unrestricted device access and steal personal data, track locations, and turn on microphones, among other actions. Source

August 6, IDG News Service – (International) Design flaw in Intel processors opens door to rootkits, researcher says. A security researcher from the Battelle Memorial Institute disclosed a vulnerability in the x86 processor architecture in which an attacker could install a rootkit in the processor’s System Management Mode (SMM), enabling destructive actions such as wiping the Unified Extensible Firmware Interface (UEFI) or re-infecting the operating system (OS) after a fresh install. Source

August 6, Threatpost – (International) Updated DGA Changer malware generates fake domain stream. Researchers from Seculert published findings from a report revealing that the DGA Changer downloader malware now has the capability to generate a stream of fake domains once it determines that it is being run in a virtual environment, the first reported instance of malware generating fake domain generation algorithms (DGA). Source

August 6, SC Magazine – (International) DDoS attacks rage on, primarily impacting U.S. and Chinese entities. Kaspersky Lab released findings from its DDoS Intelligence Report Q2 2015, revealing that 77 percent of the distributed denial-of-service (DDoS) attacks from April to June impacted 10 countries, primarily the U.S. and China. The report recorded the longest attack at 205 hours, and the peak number at 1,960 May 7, attributing their popularity to the ease in which the attacks can be arranged. Source

August 6, Threatpost – (International) BLEKey device breaks RFID physical access controls. Researchers at Black Hat 2015 released details from a number of proof of concept attacks highlighting the weaknesses in the Wiegand protocol used in radio-frequency identification (RFID) readers and other proximity card devices, which they were able exploit by using a device dubbed BLEKey to read cleartext data sent from card readers to door controllers to clone cards or send data to a mobile application that can unlock doors remotely at any time. Source

August 7, Infosecurity Magazine – (International) Trend Micro uncovers attacks on Internet-connected petrol stations. Trend Micro experts investigating data attacks against automated gas tank systems using a custom international honeypot dubbed GasPot presented research at Black Hat 2015 which found 12 pump identifications, 4 pump modifications and 2 denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against the systems from February – July 2015. Researchers suspect that several hacktivist groups, including the Iranian Dark Coders Team and the Syrian Electronic Army, were behind the attacks, a majority of which targeted the U.S. Source

August 6, IDG News Service – (International) Tesla patches Model S after researchers hack car’s software. Tesla issued a security update to its Model S vehicle August 6 after security researchers from Lookout and CloudFlare were able to leverage six flaws that allowed them to turn off the engine while it was in operation, change the speed and map information displayed on the vehicle’s touch screen, open and close the trunk, and control the radio. The researchers reported that the hack required physical access to the vehicle. Source

August 6, Threatpost – (International) Gone in less than a second. A security researcher unveiled a wallet-sized device, called Rolljam, that can be hidden underneath a vehicle and can intercept codes used to unlock most cars and garage doors employing rolling codes, by jamming the signal and replaying the next rolling code in the sequence. The developer previously created a device that was able to intercept communication between certain vehicles and the OnStar RemoteLink mobile application to locate, unlock, and remotely start a vehicle. Source

August 7, Bloomberg – (International) American Airlines, Sabre said to be hit in hacks backed by China. American Airlines Group Inc., is investigating a suspected hack into its system after Sabre Corp., a clearinghouse for travel reservations which shares some network infrastructure with the airline, confirmed a recent breach possibly tied to the same China-linked hackers who targeted United Airlines, major American health insurers, and U.S. Government agencies. Sabre is unsure of the extent of the breach, but warns it may expose millions of flight records, hotel bookings, and car rentals. Source

From → Security

Comments are closed.

%d bloggers like this: