Skip to content

Gotham Security Daily Threat Alerts

by on June 16, 2016

June 15, Softpedia – (International) Hacker steals 45 million records from 1,100 home, sports and tech support forums. VerticalScope.com reported that its system was compromised in February after a hacker stole over 45 million user records from its database which contained details from over 1,100 tech, home, and sport support portals. Source

June 15, SecurityWeek – (International) APT group uses Flash zero-day to attack high-profile targets. Security researchers from Kaspersky Lab reported that a new advanced persistent threat (APT) group dubbed, “ScarCruft” was using a Flash Player zero-day vulnerability and Microsoft XML Core Services (MSXML) vulnerability to target high-profile people through a campaign dubbed “Operation Daybreak” and “Operation Erebus.” Kaspersky stated they will release more details on the campaigns after Adobe releases a patch. Source

June 15, The Register – (International) SAP patch batch includes fix for 3-year-old info disclosure vuln. SAP released patches for its Business Intelligence and Business Warehouse products, which addressed a three-year-old flaw and more than 20 vulnerabilities including a directory traversal vulnerability that can be exploited to access any file on the operating system (OS) and obtain critical data about the company’s finances. Source

June 14, SecurityWeek – (International) Microsoft patches critical flaws in Windows, Edge, Office. Microsoft released 16 security bulletins which patched about 40 vulnerabilities in its Windows, Edge, Internet Explorer, Office, and Exchange Server products after security researchers found a remote attacker could exploit a use-after-free vulnerability for arbitrary code execution by sending a specially crafted request to the targeted Doman Name System (DNS) server. Other patched vulnerabilities included privilege escalation flaws, remote code execution (RCE) flaws, and a denial-of-service (DoS) flaw, among others. Source

June 14, Softpedia – (International) Flash security patch coming in two days to fix zero-day used in live attacks. Adobe announced that they will release an emergency patch June 16 that will fix a zero-day vulnerability affecting all Flash Player installations after security researchers from Kaspersky found the flaw was used in targeted attacks and exploited in the wild. An attacker could exploit the flaw to crash a Flash Player installation, enabling a hacker to run malicious code on the user’s system and control the machine. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

 

From → Security

Comments are closed.

%d bloggers like this: