Gotham Security Daily Threat Alerts

February 15, SecurityWeek – (International) Misconfigured database exposed Microsoft site to attacks. A researcher from MacKeeper discovered that attackers could have accessed and modified content of a MongoDB database connected to the mobile version of Microsoft’s careers website and maintained by Punchkick Interactive due to misconfigured databases as the MongoDB database was not write-protected. Attackers could insert arbitrary Hyper Text Markup Language (HTML) code to exploit a victim to a phishing page or launch watering hole attacks against visitors. Source

February 15, SecurityWeek – (International) VMware reissues patch for vCenter RCE flaw. VMware released an additional patch fixing security flaws in its vCenter Server and ESXi software after the company found that they had not properly patched flaws related to a remotely accessible JMX RMI service that could allow an attacker to execute arbitrary code on affected vCenter Server installations and allow a local attacker to elevate privileges. Source

February 15, SecurityWeek – (International) Check Point extends zero-day protection. Check Point Software Technologies released its SandBlast perimeter security and zero-day protection technology, which can leverage a remote sandbox and incorporate forensics capabilities to automate incident analysis, and add protection directly on endpoints to detect and block advanced attacks from email, removable media, and web-based threats including spear phishing emails and watering hole attacks. Source

February 13, SecurityWeek – (International) Teen arrested in Britain Linked to hack of US spy chiefs. British police reported February 12 that they arrested a hacker using the screen name, “Cracka” for conspiracy to commit unauthorized access to computer material and for conspiracy to commit unauthorized acts with intent to impair after the man was believed to have allegedly hacked into the personal information of top officials at the Central Intelligence Agency (CIA), FBI, and DHS, among other Federal agencies. An investigating is ongoing to determine the man’s involvement in Federal hacking incidences. Source

February 12, Softpedia – (International) Torrents time plugin plagued by security issues, Pirate Bay & KAT users at risk. A security researcher discovered the Torrents Time browser plugin had various security issues that allowed attackers to execute a cross-site scripting (XSS) attack and man-in-the-middle (MitM) attacks due to improper Cross-Origin Resource Sharing (CORS) implementation, which enabled hackers to create a malicious web page similar to other torrent portals, add their own malicious code, and serve victims the malicious torrent files they desirable, among other malicious actions. Source

February 16, SecurityWeek – (International) VoIP phone users warned about risks of default settings. A security researcher reported that many users with Voice over Internet Protocol (VoIP) phones failed to properly secure the devices after finding that most phones’ default configurations were rarely secure and in many cases, the administration interface of VoIP phones could be accessed with a default password without any authentication protocol, allowing attackers to hijack the phone and play recordings, upload their own firmware, spy on victims, and intercept and transfer calls. Source

February 16, SecurityWeek – (International) Attackers use fake patch to hack Magento sites. Researchers from Sucuri reported that attackers were exploiting a previously patched remote code execution (RCE) vulnerability dubbed the “shoplift bug” in Magento’s eCommerce platform after researchers found attackers created a fake patch that tricked users to download the malicious file, enabling hackers to take complete control over a vulnerable Magento website and steal payment data and user credentials. The flaw was exploited via code injection into the targeted website. Source