Skip to content

Gotham Security Daily Threat Alerts

by on June 13, 2016

June 9, Help Net Security – (International) Bug in Chrome’s PDF reader allows arbitrary code execution. A security researcher discovered that the PDFium, a default PDF reader in Google Chrome Web browser was susceptible to a heap-based buffer overflow vulnerability in OpenJPEG parsing library that can be exploited through a PDF file with an embedded jpeg2000 whose SIZ marker states 0 components. In addition, the vulnerability can be exploited to achieve arbitrary code execution on a victim’s system and cause disruption of service, unauthorized information disclosure, and modification. Source

June 8, ComputerWorld; TorrentFreak.com; Softpedia – (International) uTorrent forums breached via software vendor, consider passwords compromised. The uTorrent team released a security advisory warning users of an intrusion into their IP.Board forum, provided by Invision Power Services, after a client experienced a breach when an attacker downloaded user information from the forum and accessed other Invision users. The attacker’s entry point was unknown, but Invision Power Services released a security update June 1 for its IP.Board forum platform. Source

June 8, SecurityWeek – (International) RansomWeb attacks on the rise. Security researchers from High-Tech Bridge reported that RansomWeb attacks were increasing and have been targeting large organizations with business-critical Web applications by encrypting data on-the-fly before its insertion into the database, which can allow attackers to remain undetected and ensure that Web site backups are overwritten with encrypted content to prevent victims from decrypting the files. Source

June 8, WeLiveSecurity.com – (International) Mandatory password reset for some Facebook and Netflix users in wake of mega-branches. Facebook Inc., and Netflix began notifying its customers that as a precaution the companies have reset their users’ passwords after an attacker breached the Web sites of VK.com, Tumblr, MySpace, and LinkedIn and released over 750 million user records online. Source

Reprinted from the USDHS Daily Open Source Infrastructure Report

From → Security

Comments are closed.

%d bloggers like this: