Skip to content

Gotham Security Daily Threat Alerts

April 22, Help Net Security – (International) Supposedly patched router backdoor was simply hidden. A security researcher who discovered a backdoor vulnerability in several popular home routers found that the firmware update issued by manufacturer Sercomm does not close the vulnerability but instead hides the backdoor. The backdoor can then be opened after sending a specific network packet to the router from the local area network (LAN) or the Internet service provider (ISP), allowing attackers reset the device’s configuration, username, and password to default settings. Source:

April 22, Softpedia – (International) Verizon publishes 2014 Data Breach Investigations Report. Verizon published its 2014 Data Breach Investigations Report, focusing on cyber and physical data breaches across several industries. The report found 198 point of sale (POS) intrusions during 2013, with retail, accommodation, and food services industries the most targeted, among other findings. Source:

April 22, Softpedia – (International) Django 1.6.3 released to address 3 security issues. The developers of the Django framework for Python released new versions of the framework, closing three security vulnerabilities. Source:

April 21, Threatpost– (International) Oracle gives Heartbleed update, patches 14 products. Oracle released updates for five products April 21, closing vulnerabilities related to the Heartbleed vulnerability in OpenSSL. Source:

April 21, SC Magazine – (International) Critical update makes P2P Zeus trojan even tougher to remove. Fortinet researchers found that the peer-to-peer (P2P) Zeus banking trojan recently received an update that also installs a rootkit driver, making the trojan difficult to remove from infected systems. Source:


Gotham Security Daily Threat Alerts

April 21, Dark Reading – (International) Heartbleed attack targeted enterprise VPN. Researchers at Mandiant identified a successful attack campaign that utilized the Heartbleed vulnerability in OpenSSL to target an undisclosed organization’s virtual private network (VPN) and obtain VPN session tokens. The attack began April 8, hijacked several active user sessions, and allowed the attackers to attempt to escalate their privileges within the organization. Source:

April 19, Softpedia – (International) Sophos names spam-relaying “dirty dozen” countries for Q1 2014. Sophos released its list of top spam-relaying countries for the first quarter of 2014, with the U.S. accounting for the most spam by volume at 16 percent of all spam, followed by Spain and Russia. Source:

April 18, Threatpost – (International) ICS-CERT warns of Heartbleed vulnerabilities in Siemens gear. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning that the Innominate mGuard firmware and several Siemens industrial control systems are vulnerable to the Heartbleed vulnerability in OpenSSL. Innominate issued a patch for the vulnerable firmware, while Siemens identified affected systems. Source:

April 18, The Register – (International) Reddit users discover iOS malware threat. Reddit users identified a piece of malware for iOS devices known as Unflod Baby Panda which can target jailbroken iOS devices. Researchers at SektionEins found that the malware listens to SSL traffic and searches for Apple ID information to steal. Source:

April 18, CSO – (International) Major security flaws threaten satellite communications. Researchers at IOActive released a paper outlining critical vulnerabilities in satellite communication gear from several major manufacturers that could allow attackers to disrupt or eavesdrop on communications systems used in the maritime, energy, aeronautics, and media industries as well as those used by government and emergency services. Affected manufacturers were notified and details will not be publicly released until the second half of 2014 to allow manufacturers to close the vulnerabilities. Source:

Gotham Security Daily Threat Alerts

April 18, Softpedia – (International) Cybercriminals can hijack Steam accounts with Steam Guard enabled. Researchers at Malwarebytes found that attackers have been able to compromise Steam accounts with the Steam Guard verification service enabled by using phishing pages that ask users to upload the .ssfn file from their Steam folder, allowing the Steam Guard security feature to be bypassed. Source:

April 18, Softpedia – (International) Trojan-SMS.AndroidOS.Stealer.a is one of the most widespread mobile trojans. Kaspersky Labs researchers found that the Trojan-SMS.AndroidOS.Stealer.a trojan accounted for almost a quarter of attempted infections of Android devices running the company’s security software during the first quarter of 2014, with the highest amount of infections found in Russia. The trojan is capable of opening Web pages, sending SMS messages, installing applications, and other functions. Source:

April 17, Charleston Post and Courier – (South Carolina) Bomb threat reported at Google Data Center in Berkeley County. The Google Data Center in Berkeley County, South Carolina, was evacuated for several hours April 17 after a bomb threat was found in a note left at the facility. Workers were allowed to return after police cleared the building. Source:


The Power of Database Portability in Exchange 2010 and 2013

Exchange 2010 and Exchange 2013 offer several different methods to recover from mailbox server failures. One such method is known as database portability, which allows a mailbox database that was mounted on one mailbox server to be remounted on a different mailbox server.

This can be helpful when there is a server failure and the physical database files are still intact (and, of course, a different copy of the database is not available to be activated if the server is a member of a DAG).

In the example below we experienced a server failure and did not have database copies available to activate. This particular mailbox server experienced a hardware failure, so rebuilding the server with the RecoverServer switch was not an option until the faulty hardware was replaced (The RecoverServer option is a parameter that can executed during a server build that is used for rebuilding failed servers). As such, we decided the fastest option for restoring the databases was to mount the databases that were hosted on the failed server on a different server (as coincidence had it, this other server was going to host a second copy of the databases once additional storage was made available).

Read more…

Gotham Security Daily Threat Alerts

April 16, Softpedia – (International) Oracle fixes 104 security holes with April 2014 CPU. Oracle released its April Critical Patch Update (CPU), containing patches for 104 vulnerabilities in various Oracle products, 37 of which affect Java SE. Source:

April 16, – (International) Samsung Galaxy S5 fingerprint scanner hacked. Researchers at Security Research Labs demonstrated a method to defeat the Samsung Galaxy S5’s fingerprint scanner, which could allow an attacker to unlock the device by using a print of the owner’s fingerprint. Source:

April 16, Softpedia – (International) Adobe Reader for Android 11 updated to fix remote code execution vulnerability. Adobe released an update for its Adobe Reader for Android, closing a vulnerability that could be used to remotely execute arbitrary code when a user opens a malicious .PDF document. Source:

Gotham Security Daily Threat Alerts

April 15, Softpedia – (International) Expert finds SQL injection, RCE vulnerabilities in Flickr Photo Books. A security researcher identified and reported a SQL injection vulnerability and a remote code execution vulnerability in Flickr’s Photo Books Web site that could allow an attacker to gain access to Flickr’s databases. Yahoo closed the vulnerabilities after a second report by the researcher. Source:

April 15, Help Net Security – (International) Hardware manufacturer LaCie suffered year-long data breach. Computer storage manufacturer LaCie stated that the FBI informed the company of a data breach where malware was used to gain access to customer transactions carried out on the company’s Web site. LaCie temporarily disabled the e-commerce portion of its Web site and will be resetting users’ passwords in response. Source:

April 15, Help Net Security – (International) Heartbleed: VMware starts delivering patches. VMware announced that it began issuing patches for its products affected by the Heartbleed OpenSSL vulnerability, with patches for all affected products expected by April 19. Source:

April 14, Softpedia – (International) Flash SMS flaw in iOS can be exploited to make the lock screen unresponsive. A security researcher identified a Flash SMS flaw in iOS that can be used to make a device’s lock screen unresponsive, which could be used for ransom attacks. The flaw was fixed with the release of iOS 7.1 but devices running previous versions of the mobile operating system are vulnerable. Source:


Gotham Security Daily Threat Alerts

 April 14, IDG News Service – (International) Akamai admits issuing faulty OpenSSL patch, reissues keys. Akamai Technologies stated April 13 that a patch issued by the company designed to protect its customers from the Heartbleed vulnerability contained a fault, making it ineffective. The company then began reissuing all Secure Sockets Layer (SSL) certificates and security keys for affected sites. Source

April 14, Help Net Security – (International) Jetpack pushes update to close critical security hole. The creators of the Jetpack plugin for WordPress published an update for the popular plugin that closes a vulnerability discovered during a security audit that could allow an attacker to bypass a site’s access controls. Source

April 12, Softpedia – (International) Google rewards experts for XXE vulnerability in Toolbar Button Gallery. Google awarded two Detectify researchers $10,000 after they identified and reported an XML External Entity (XXE) vulnerability in the Google Toolbar Button Gallery that could have allowed an attacker to gain access to data on the company’s production servers. The vulnerability was closed soon after being reported. Source

April 12, Softpedia – (International) Nine people accused of stealing millions of dollars with Zeus malware. The U.S. Department of Justice unsealed an indictment against nine individuals for allegedly being involved in a criminal organization that used the Zeus banking trojan to steal millions of dollars. The alleged scheme used Zeus to steal account information and then transfer stolen money to accounts belonging to ‘mules’ who withdrew and transferred the money. Source





%d bloggers like this: