Skip to content

Gotham Security Daily Threat Alerts

by on June 6, 2016

June 3, Softpedia – (International) One in ten NFS servers worldwide is misconfigured, exposes sensitive files. Fortinet researchers found that tens of thousands of inattentive system administrators are using older versions of the Network File System (NFS) protocol, such as insecure NFSv3, which can expose private or sensitive files to the Internet including server logs, server backups, the source code of various Web sites, and server image files. Researchers recommended companies to switch to NFSv4 protocol which has been modified to use Kerberos to provide a basic level of authentication. Source

June 3, Softpedia – (International) WordPress sites under attack from new zero-day in WP mobile detector plugin. Security researchers from Plugin Vulnerabilities discovered that hackers were exploiting an arbitrary file upload vulnerability in WP Mobile Detector plugin, which handles image uploads, to upload Hypertext Preprocessor (PHP)-based backdoors on WordPress Web sites after finding that the plugin lacks basic input filtering, allowing attackers to pass a malicious file to upload it to the plugin’s /cache directory. Source

June 2, Softpedia – (International) Researchers find 5,275 login credentials for top 100 companies on the Dark Web. A U.K.-based security firm, Anomali reported that over 5,000 login credentials including email addresses, cleartext passwords, and usernames were posted online via the Dark Web, potentially allowing hackers to use the stolen information to access various sections of an Information Technology (IT) network owned by the top 100 international companies. The firm stated that the credentials were primarily from the oil and gas industry, pharmaceuticals, consumer goods, banking, telecommunications, and military sectors. Source

June 2, Reuters – (National) Two men plead guilty in U.S. to hacking, spamming scheme. Officials reported June 2 that two men pleaded guilty in New Jersey for their involvement in a hacking and spamming scheme that generated more than $2 million in illegal profits after the duo and a co-conspirator targeted and stole the personal information of 60 million people, hacked into corporate email accounts, seized control of corporate mail servers, and created their own software to exploit vulnerabilities in numerous corporate Web sites via specially crafted code in computer programs, which hid the origin of the spam and bypassed spam filters. Source

Reprinted from the USDHS Daily Open Source Infrastructure Report

From → Security

Comments are closed.

%d bloggers like this: