Skip to content

Gotham Security Daily Threat Alerts

August 25, Softpedia – (International) 263.35 Gbps of traffic aimed at one Sony server during DDoS attack. Users of Sony’s PlayStation Network and Sony Online Entertainment services experienced issues and were unable to sign in August 24 after the services were hit by a distributed denial of service (DDoS) attack that was claimed by the attacker to peak at 263.35 Gbps. A separate group attempted to take credit for the attack and tweeted a bomb scare regarding a Dallas-to-San Diego flight that was carrying a Sony executive. Source: http://news.softpedia.com/news/263-35-Gbps-of-Traffic-Aimed-At-One-Sony-Server-During-DDoS-Attack-456205.shtml

August 25, Softpedia – (International) FlashPack exploit kit shared through social media buttons add-on. Researchers with Trend Micro observed the FlashPack exploit kit being distributed to users through social media sharing buttons on Web sites. The exploit kit attempts to exploit vulnerabilities in Adobe Flash and is mostly targeting users in Japan at present. Source: http://news.softpedia.com/news/FlashPack-Exploit-Kit-Shared-Through-Social-Media-Buttons-Add-On-456317.shtml

August 23, Softpedia – (International) MeetMe social network systems breached. Social network MeetMe reported that it was compromised by attackers between August 5 and August 7 who were able to obtain an unspecified number of users’ encrypted user names, passwords, and email addresses. The company advised users to change their passwords as a precaution. Source: http://news.softpedia.com/news/MeetMe-Social-Network-Systems-Breached-456085.shtml

August 24, KTCT 11 Fort Worth – (Arizona) Bomb threat tweets cause AA plane to be diverted. An American Airlines fight en route to San Diego from Dallas was diverted to Phoenix Sky Harbor Airport August 24 due to a security-related issue when a hacker group called Lizard Squad tweeted to the airline about reports of an explosive onboard. The 185 passengers and crewmembers on board were evacuated off the plane as federal authorities investigated and determined the aircraft was clear. Source: http://dfw.cbslocal.com/2014/08/24/hackers-bomb-threat-tweets-cause-american-airlines-plan-to-be-diverted/

August 24, WEAU 13 Eau Claire – (National) Charter: Internet services restored following outage. Internet services were restored to hundreds of thousands of Charter Communications Inc. customers throughout the nation August 24 following a widespread outage August 23. Source: http://www.weau.com/home/headlines/Charter-Communications-working-on-internet-outage-272445941.html

 

 

Gotham Security Daily Threat Alerts

August 22, Softpedia – (International) Credentials can be stolen in UI state inference attack. Researchers presenting at the USENIX Security Symposium published a paper outlining a new form of attack called a user interface (UI) inference attack that can steal Android users’ credentials by conducting a side-channel attack relying on a common shared-memory mechanism used by window managers. The attack uses a malicious app that does not require permissions and the researchers believe that the same vulnerability likely exists in other operating systems such as iOS, Windows, and OSX. Source: http://news.softpedia.com/news/Credentials-Can-Be-Stolen-In-UI-State-Inference-Attack-456028.shtml

August 22, Securityweek – (International) Vulnerability found in Google Wallet, Alipay payment SDKs. Researchers with Trend Micro identified and reported a security vulnerability in the in-app payment SDKs for Google Wallet and Alibaba Alipay in Android that can be exploited by attackers using intent-filters to display phishing messages and obtain user credentials. Alibaba and Google both released updates to their apps after being informed by the researchers May 27. Source: http://www.securityweek.com/vulnerability-found-google-wallet-alipay-payment-sdks

August 22, Softpedia – (International) Vulnerability in Akeeba Backup for Joomla went undetected for years. Sucuri researchers found a vulnerability in the Akeeba Backup extension for Joomla that has existed for years and could allow a skilled attacker to access backup files created with Akeeba and download them. The researchers stated that the security risk presented by the vulnerability was low due to the difficulty in exploiting it, and the newest version of Akeeba is no longer vulnerable. Source: http://news.softpedia.com/news/Vulnerability-in-Akeeba-Backup-for-Joomla-Went-Undetected-for-Years-455961.shtml

 

Gotham Security Daily Threat Alerts

August 21, Softpedia – (International) 38-day long DDoS siege amounts to over 50 petabits in bad traffic. Incapsula reported that a video game company client experienced a distributed denial of service (DDoS) attack that lasted 38 days between June 21 and July 28, used several attack vectors, and peaked at over 110 Gbps. The attack used techniques separately or at the same time and was mitigated by Incapsula using a scrubbing server. Source: http://news.softpedia.com/news/38-Day-Long-DDoS-Siege-Amounts-to-Over-50-Petabits-in-Bad-Traffic-455722.shtml

August 21, Help Net Security – (International) Most popular Android apps open users to MITM attacks. FireEye researchers conducted an analysis of the 1,000 most popular free Android apps in the Google Play store and found that many contain one or more vulnerabilities that could leave users vulnerable to man-in-the-middle (MitM) attacks. Source: http://www.net-security.org/secworld.php?id=17279

August 20, Securityweek – (International) Graphic library flaw exposes apps created with Delphi, C++ Builder. Researchers with Core Security reported identifying a security vulnerability that can affect software with a specific version of Embarcadero C++ Builder XE6, Embarcadero Delphi XE6, and possibly other versions. Embarcadero products are used by organizations and companies in industries including healthcare, financial services, and other industries to develop in-house applications. Source: http://www.securityweek.com/graphic-library-flaw-exposes-apps-created-delphi-c-builder

 

Gotham Security Daily Threat Alerts

August 20, The Register – (International) Cryptolocker flogged on YouTube. Two researchers reported that cybercriminals have been observed to use purchased ad space on YouTube in order to redirect users to malicious sites serving the Cryptolocker ransomware. The researchers are scheduled to present at the Virus Bulletin 2014 conference detailing how legitimate ad networks could be used to spread malware. Source: http://www.theregister.co.uk/2014/08/20/cryptolocker_flogged_on_youtube/

August 20, Securityweek – (International) Vulnerability in WordPress Mobile Pack exposes password-protected posts. Researchers with dxw Security identified and reported a vulnerability in the Mobile Pack plugin for WordPress that could allow access to password-protected posts. The vulnerability was reported July 24 and closed August 19 with the release of Mobile Pack version 2.0.2. Source: http://www.securityweek.com/vulnerability-wordpress-mobile-pack-exposes-password-protected-posts

August 19, IDG News Service – (International) ‘Reveton’ ransomware upgraded with powerful password stealer. Avast researchers analyzed a new variant of the Reveton ransomware that now includes the Pony password and virtual currency stealer and a Papras family password stealer that can also disable security programs. The new variant was also programmed to check if an infected user had visited the Web sites of 17 German banks. Source: http://www.networkworld.com/article/2466981/reveton-ransomware-upgraded-with-powerful-password-stealer.html

August 19, SC Magazine – (International) Bug in iOS Instagram app fixed, impacts Facebook accounts. IOActive researchers reported that an issue in the Instagram app for iOS could leave users open to having their Facebook access token intercepted over public Wi-Fi due to the app sending the token in plain text. The issue was fixed in Instagram version 6.0.4 and users were advised to update to the latest version. Source: http://www.scmagazine.com/bug-in-ios-instagram-app-fixed-impacts-facebook-accounts/article/367039/

 

Windows 2003 EOL – The new XP

Windows XP end-of-life (EOL) was highly publicized. Some companies have been in the clear for awhile, others made a mad dash to the finish, while a few are still struggling (http://www.crn.com/news/applications-os/300072525/irs-misses-windows-xp-deadline-inks-extended-support-deal-with-microsoft.htm). But, I can say it has been on people’s radar for awhile.

Windows 2003 seems to be the sleeper. Windows 2003 will reach EOL in July 2015. Server upgrades are a different type of challenge, as they support applications and services. These are typically of two breeds; vendor and homegrown. But for either to be run on a newer server platform like Windows 2012 R2, a new version is often required, which may also trigger a client application upgrade, data migration, and more.

Fortunately, Gotham has done this before. We have a proven methodology which includes this phased approach:

1

Read more…

Citrix Receiver X1

If you’ve been a Citrix customer for a long time, you have been through the many access iterations over the years:

  1. Program Neighborhood
  2. NFuse
  3. Web Interface
  4. StoreFront

Starting with NFuse, we have been asked by our clients to customize the interface to integrate corporate branding. Each iteration of the web-based access solutions had the capability to customize the user interface. Each of course had its own method, development languages, and extent of customization capability. But once a user launched an application or desktop, the Citrix logo and branding were evident.

Citrix Receiver X1 was announced at Citrix Synergy 2014. The goal of the new Receiver is to provide a single interface across all the device platforms by leveraging HTML5 for the UI and the client components. Since HTML5 will be the standard, customizing the Receiver X1 will allow for both the interface and the client. This will allow customers to have their branding throughout the experience, from log in to application/desktop launch.

This video from Synergy 2014 shows the user experience:

Here is the mobile interface:

I believe this new level of customization will quickly become the standard and will give customers a compelling reason to upgrade their Web Interface platform. Hope we see this released soon!

 

Gotham Security Daily Threat Alerts

August 18, Threatpost – (International) New attack binds malware in parallel to software downloads. Researchers at Ruhr University developed a proof-of-concept attack that can inject malicious code into a legitimate download that runs parallel to the original and does not modify the code, taking advantage of security deficiencies present in some free and open source software. An attacker using the attack would need to control an intermediate network node between the client and the download server, such as compromising a router, using a network redirection attack, or compromising an insider through social engineering. Source: http://threatpost.com/new-attack-binds-malware-in-parallel-to-software-downloads

August 18, Securityweek – (International) Four-year old flaw exploited by Stuxnet still targeted. Kaspersky Lab researchers found that vulnerability CVE-2010-2568 leveraged in the Stuxnet attacks was still present on many systems 4 years after it was patched, with tens of millions of exploits targeting the vulnerability observed between November 2013 and June 2014. The researchers also found that other older vulnerabilities are still frequently targeted, and that around 53 percent of 15.06 million detected exploits targeted Java vulnerabilities. Source: http://www.securityweek.com/four-year-old-flaw-exploited-stuxnet-still-targeted

 

%d bloggers like this: