Skip to content

Gotham Security Daily Threat Alerts

March 4, Softpedia – (International) Strong SSL/TLS ciphers downgraded to use weak crypto key in FREAK attack. A security researcher at INRIA and the Microsoft Research Team identified a serious vulnerability in the implementation of secure sockets layer (SSL) and transport layer security (TLS) protocols on Apple and Android devices that can be abused through man-in-the-middle (MitM) attacks that capitalize on abandoned policies to force the use of weak RSA keys, potentially leaving a wide range of government and other Web sites vulnerable. The researchers have dubbed the attack FREAK (Factoring RSA Export Keys), and Akamai cloud platform announced that it patched the vulnerability. Source

March 4, Securityweek – (International) Google fixes 51 vulnerabilities with release of Chrome 41. Google addressed 51 security issues and added new apps, extension application program interfaces (APIs), and stability and performance improvements in the release of Google Chrome version 41. The addressed vulnerabilities include 13 high-severity and 6-medium-severity issues discovered by external researchers. Source

March 3, Softpedia – (International) Banking malware targets almost 1,500 financial institutions in 86 countries. Security researchers from Symantec reported an analysis of 999 banking malware configurations that targeted 1,467 financial institutions worldwide in 2014, most of which were in the U.S. where consumers have been attacked with 95 percent of the trojans analyzed. The analysis also revealed that 4.1 million users’ systems had been compromised in 2014. Source

March 3, Threatpost – (International) New POS malware uses mailslots to avoid detection. Security researchers from Morphick discovered that the new LogPOS point-of-sale (PoS) malware uses Microsoft Windows’ mailslots technology to avoid detection, inject code, and act like a client while it relays stolen payment card numbers to a command and control (C&C) server. Source


Citrix XenMobile 10

Citrix announced the release of XenMobile 10 this past January although it was officially available for download in February. XenMobile 10 brings some new features and some much needed enhancements.

New Features and Enhancements

I will not go over all the new stuff (you can read that here), however I do want to go over the new features and enhancements that I have heard many customers requesting.

  • XenMobile Server – Citrix combined the AppController and XenMobile Device Manager server into a single virtual appliance (XenServer, vSphere and Hyper-V).  This is huge as architecture and administration are much easier.
  • Policy creation – in the past, XenMobile required a policy to be created for a specific mobile OS, now we can create a single policy that can be applied for IOS, Droid and Windows devices.
  • HA/DR – with previous versions setting up high availability and disaster recovery for XenMobile was, to put it nicely, a pain. With XM 10, it is much more straightforward due to the consolidation of services and the virtual appliance.
  • Worx enhancements – there are many new features within the core Worx apps (WorxMail, WorxWeb, etc.).  One I would like bring up specifically as I know it has been asked in the past is that WorxNotes now has Exchange support.

As mentioned, there are other features/enhancements that were released but I have heard customers ask for the items mentioned above. For existing XenMobile customers Citrix has an upgrade tool from version 9 to 10. For more information please contact your Gotham Account Manager.

Gotham Security Daily Threat Alerts

March 2, Help Net Security – (International) 0-day flaw in Seagate NAS devices endangers thousands. A security researcher discovered that certain firmware versions of Seagate Business Storage 2-Bay NAS devices are susceptible to an easily-exploitable zero-day remote code execution vulnerability due to outdated Web-enabled application management versions of Hypertext Preprocessor (PHP), CodeIgniter, and Lighttpd technologies that contain known security issues. The company is reportedly working on the issue. Source

March 2, Softpedia – (International) Privilege escalation glitch found in Toshiba software. SmartNet researchers discovered a path privilege escalation vulnerability in Toshiba’s Bluetooth Stack for Windows and Service Station that could allow attackers to take over control of computers by implementing malicious programs, and alter or delete information stored on hard disks. Toshiba released updates for its vulnerable products. Source

March 2, Softpedia – (International) Vulnerabilities in Blu-ray players open door for network compromise. Security researchers at NCC Group discovered security flaws in the software and hardware of Blu-ray players that could allow attackers to use poorly implemented Java to create malicious discs in order to bypass auto-run protection mechanisms through a sandbox escape and execute arbitrary code automatically. The second vulnerability was achieved by launching a library from a USB drive plugged into the device and the Web browser which could allow modifications of the firmware in order to remove anti-piracy technology. Source

March 2, Information Week Dark Reading – (International) Uber Takes Over 5 Months To Issue Breach Notification. 50,000 Uber drives just being told now that their names and license numbers were exposed. Uber, the service that allows users to hire cars or conduct ride shares via mobile app (which has been banned in several cities), announced last Friday that it had experienced a data breach that exposed the names and license numbers of approximately 50,000 current and former Uber drivers. Source

Gotham Security Daily Threat Alerts

February 27, Softpedia – (International) Apps bypass Google Play verification and spew tempest of ads. Bitdefender security researchers discovered 10 apps hosted in Google Play that use social engineering to trick users into installing ad-spewing software and relied on deceptive tactics to ensure persistence on users’ devices. None of the apps linked to Web sites hosting malware, allowing the apps to bypass Google Play quality controls. Source

February 27, Securityweek – (International) Critical vulnerability found in Jetty web server. Security researchers from Gotham Digital Science discovered a critical vulnerability dubbed JetLeak in the Eclipse Foundation’s Jetty Web server that allows remote, unauthenticated attackers to read arbitrary data from requests previously submitted by users to the server, including cookies, authentication tokens, anti-CSRF tokens, usernames, and passwords. The flaw was addressed February 24 with the release of Jetty version 9.2.9 while the Jetty development team reported an anticipated fix for the vulnerability in version 9.3.0. which is in beta. Source

February 26, Nextgov – (International) It’s official – FCC enacts expansive net-neutrality rules. The Federal Communications Commission (FCC) approved sweeping net-neutrality regulations February 26 that gives the government expanded power over Internet access, and allows the FCC to bar Internet providers from blocking Web sites, selectively slowing down any content, or offering bandwidth increases for specific content with payment. The rules also classify the Internet as a telecommunications service under Title II of the Communications Act. Source


Gotham Security Daily Threat Alerts

February 26, Securityweek – (International) Lizard Squad hijacks Lenovo website, emails. Lizard Squad hackers hijacked the Lenovo Web site and email servers by using CloudFlare IP addresses to modify DNS records in Lenovo domain registrar accounts and redirect users to defacement pages, and changed mail server records to allow the group to intercept emails sent to Lenovo email addresses. The hijacking mirrored a similar attack that targeted Google Vietnam during the week of February 23. Source

February 26, Associated Press – (Arizona) Arizona authorities probe vandalism that cut off Internet, phones for hours. Officials announced February 26 that vandalism caused an Internet, cellphone, and landline outage in northern Arizona for more than 6 hours February 25 after CenturyLink employees and Phoenix police found a cut fiber-optic cable. Crews restored services that impacted a 100-mile area stretching between Phoenix to Flagstaff. Source

February 26, Yavapai County Daily Courier; Chino Valley Review – (Arizona) Prescott-area police, fire, 911 service hit hard by outage. Emergency 9-1-1 calls to the Prescott Regional Communications Center in Arizona were rerouted February 25 to the backup dispatching center at the Yavapai County Sheriff’s Office after a CenturyLink fiber cable near New River was damaged causing an Internet and telephone outage. The Chino Valley Police Department was also impacted by the outage, along with the sheriff’s office in Yavapai County which suffered landline and Internet outages. Source


Gotham Security Daily Threat Alerts

February 25, Securityweek – (International) Mozilla fixes 17 vulnerabilities in Firefox 36. Mozilla released version 36 of its Firefox browser closing 17 vulnerabilities and flaws, including 4 rated as critical. Source

February 25, Help Net Security – (International) New DDoS attack and tools use Google Maps plugin as proxy. PLXsert security researchers discovered that attackers are exploiting a known vulnerability in Joomla’s Google Maps plugin by spoofing the sources of requests, causing results to be sent from proxies to their denial of service (DDoS) targets. Researchers identified more than 150,000 potential Joomla reflectors on the internet, many of which remain vulnerable to be used for this type of attack. Source

February 25, Threatpost – (International) Ramnit botnet shut down. Europol Cybercrime Centre (EC3) investigators, Microsoft, AnubisNetworks, and Symantec carried out an operation to shut down the Ramnit botnet’s 7 command and control (C&C) servers and redirected traffic from 300 domains used by the botnet. EC3 estimated that more than 3.2 million Windows computers have been infected with the botnet via spam campaigns, phishing scams, and drive-by downloads that installed malicious code to grant attackers access to banking credentials and other log-in information. Source

February 24, Securityweek – (International) McAfee: Popular mobile apps remain vulnerable to MitM flaws found last year. Intel Security’s McAfee Labs reported that almost 75 percent of the most popular mobile apps found vulnerable to man-in-the-middle (MitM) attacks remain exposed to attacks since they were first identified in a September 2014 analysis by the Computer Emergency Response Team (CERT) at Carnegie Mellon University. Source


%d bloggers like this: