Skip to content

Gotham Security Daily Threat Alerts

by on August 12, 2016

August 10, Softpedia – (International) Data of nearly 2 million users exposed in Dota2 forum hack. Researchers from LeakedSource reported that the Dota2 official developers forum was breached after hackers stole the usernames, email addresses, user identifiers, passwords, and IP addresses of nearly 2 million of the forum’s users July 10 by hashing and salting the password with the MD5 algorithm. Forum administrators patched the vulnerability and reset all user account passwords. Source

August 10, SecurityWeek – (International) Microsoft patches flaws in Windows, Office, browsers. Microsoft released 9 security bulletins patching a total of 27 important and critical vulnerabilities including 9 critical vulnerabilities in Internet Explorer and 8 critical flaws in Edge that can be exploited for remote code execution and information disclosure by tricking a targeted user into visiting a malicious Website, remote code execution issues in Windows, Office, Skype for Business and Lync caused by the way Windows font library handles specially crafted embedded fonts, and critical flaws in Office that can be leveraged for remote code execution if a victim opens a malicious file, among other vulnerabilities. Source

August 10, SecurityWeek – (International) Juniper starts fixing IPv6 processing vulneraibility. Juniper Networks released hotfixes for its JUNOSe F3 and F2 products resolving a vulnerability in its JUNOSe and Junos routers after Cisco researchers discovered the flaw can be exploited to cause a denial-of-service (DoS) condition by sending a flood of specially crafted IPv6 Neighbor Disovery (ND) packets from non-link-local sources to affected devices in order to fill up the packet processing queue and cause legitimate IPv6 ND packets to drop. The company was working to release patches for the issue. Source

August 9, Softpedia – (International) Researchers hide malware inside digitally signed files without breaking hashes. Security researchers from Deep Instinct discovered attackers could inject malware inside a digitally signed binary without affecting the overall file hash after finding that Microsoft Windows does not include three fields from a file’s Portable Executable (PE) headers during the file hash validation process and that modifying these fields does not break the certificate’s validity, allowing the malicious files to avoid detection by security and antivirus software. Researchers stated the technique does not require attackers to hide the malicious code via packers and bypasses any secondary checks of security software. Source

August 9, SecurityWeek – (International) Go-based Linux trojan used for cryptocurrency. Doctor Web researchers reported that a new Linux trojan, dubbed Linus.Lady.1 allows hackers to earn a profit by exploiting infected systems for cryptocurrency mining after finding that the trojan collects information on an infected machine, including the operating system, central processing unit (CPUs), and processes, and sends the harvested data back to a command and control (C&C) server, which then provides a configuration file for downloading a cryptocurrency mining application designed for Monero (XMR) mining. Researchers also found the trojan is capable of spreading to other Linux computers on an infected network by connecting to remote hosts over port 6379 without a password and downloading a script from a specified Uniform Resource Locator (URL) which is responsible for downloading and installing a copy of the trojan. Source

August 9, Softpedia – (International) Criminal group uses LogMeIn to compromise PoS systems with malware. Researchers from PandaLabs discovered a criminal group was using compromised LogMeIn accounts belonging to systems running point-of-sale (PoS) software and connected to PoS terminals to access over 200 devices and infect them with the PunkeyPOS, Multigrain, or PosCardStealer malware. The researchers reported that the hackers exploited weak login credentials or discovered the login credentials from other sources.  Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

From → Security

Comments are closed.

%d bloggers like this: