Skip to content

Gotham Security Daily Threat Alerts

by on November 13, 2015

November 12, Securityweek – (International) Microsoft reissues security update due to Outlook crash. Microsoft reissued a security patch updating its KB3097877 software on Windows 7 and some versions of its KB3105213 update on Windows 10 after customer complaints revealed that the software update had an issue with its Outlook 2010 and 2013 versions which caused crashes for consumers viewing HyperText Markup Language (HTML) emails. Source

November 11, Securityweek – (International) Attackers abuse security products to install “Bookworm” trojan. Researchers from Palo Alto Networks discovered a new trojan dubbed “Bookworm” which captures keystrokes and steals the content of a clipboard, as well as load additional modules from its command and control (C&C) server to expand its abilities by using a Smart Installer Maker tool to disguise the malware as a self-extracting RAR archive, or a Flash slideshow/installer, to write a executable data definition language (DDL) file named “Loader.ddl,” and a file named “readme.txt,” to the victims’ system. Source

November 10, Softpedia – (International) Here’s the list of all security bugs that Adobe fixed in Flash Adobe released patches for 17 critical bugs in its Flash Player for Windows and Apple Mac, Flash Player for Linux systems, as well as Adobe AIR that patched vulnerabilities including a type confusion flaw, and a security bypass vulnerability that allows attackers to write data to the target’s file system with the user’s permission. Source

November 12, Securityweek – (International) “Cherry Picker” PoS malware cleans up after itself. Researchers from Trustwave discovered that a point-of-sale (PoS) malware dubbed “Cherry Picker” relies on a new memory scraping algorithm using a file infector for persistence that removes all traces of the infection from the system with updated versions of sr.exe and srf.exe, which has been used to install the malware and inject a data definition language (DLL) into processes. The latest version of the malware relies on an application programming interface (API) called “QueryWorkingSet” to scrape the memory and harvest the data. Source

From → Security

Comments are closed.

%d bloggers like this: