Skip to content

Gotham Security Daily Threat Alerts

July 24, Securityweek – (International) Red Hat patches “libuser” library vulnerabilities. Red Hat patched two vulnerabilities in its “libuser” library, including a race condition flaw that could lead to a denial-of-service (DoS) condition and a bug in the chfn function of the userhelper utility that an attacker could leverage to create a DoS condition and achieve privilege escalation on the system. Source

July 24, SC Magazine – (International) Sophos moves to patch Web Security Appliance flaws. A security researcher from Info-Assure Ltd discovered two vulnerabilities in Sophos Security’s Web Appliance prior to version 4.0.4 that could allow unauthenticated users to read files from the device and inject arbitrary JavaScript via its management interface. Source

July 23, FierceGovernmentIT – (National) Census Bureau confirms ‘unauthorized access’ to system; Anonymous members claim responsibility. The online activist group Anonymous claimed responsibility July 22 for a cyber-attack on the U.S. Census Bureau, which leaked non-confidential information including email addresses, phone numbers, and job titles of the organization’s 4,200 employees. The organization’s internal systems were not affected, and the compromised servers have been locked down. Source

July 24, Autoblog – (National) FCA issuing software update for 1.4M vehicles to prevent hacking. Fiat Chrysler Automobiles U.S. issued a voluntary recall and software update for 1.4 million model year 2013 – 2015 Chrysler 200 and 300, Dodge Charger, Challenger, Viper, Ram, Durango, and Jeep Cherokee and Grand Cherokee vehicles with 8.4-inch touchscreen Uconnect systems to protect vehicles from remote manipulation, following reports that a security expert remotely hacked a vehicle via a cellular connection. Source

July 24, Computerworld – (International) Firewalls can’t protect today’s connected cars. Security and automotive experts reported on the risks associated with Internet-enabled vehicles, including a lack of operational security and multiple access wireless access points to vehicles’ controller area networks (CAN). The researchers recommended alternate approaches to vehicle security such as encrypted CAN messaging or detection-software. Source

Gotham Security Daily Threat Alerts

July 23, Threatpost – (International) Four zero days disclosed in internet explorer. Hewlett Packard’s Zero Day Initiative released four new remote code execution (RCE) zero day vulnerabilities in Microsoft’s Internet Explorer, including an issue in how the browser processes arrays representing cells in Hyptertext Markup Language (HTML) tables in which an attacker could execute code under the context of the current process. Source

July 23, The Register – (International) Flash zero-day monster Angler dominates exploit kit crime market. Security researchers from SophosLabs reported that the Angler exploit kit’s (EK) prevalence in the underground malware market has ballooned from about 25 – 83 percent between September 2014 and May 2015, likely due to factors including its low cost and high traffic to Angler-infected Web sites. The EK recently incorporated three Adobe Flash zero-day flaws that were exposed in the breach of Hacking Team. Source

July 23, The Register – (International) Cyber poltergeist threat discovered in Internet of Stuff hubs. Security researchers from Tripwire’s Vulnerability and Exposure Research Team (VERT) discovered vulnerabilities in Internet of Things-enabled smart home hubs made by Wink, Vera, and SmartThings, that could allow an attacker to obtain root shell access on the device, provide entry points to the home network. Source

July 23, Help Net Security – (International) Smartwatches: a new open frontier for attack. Hewlett Packard released findings from an assessment of 10 smart-watches and their Android and iOS cloud and mobile application components revealing that each watch contained significant vulnerabilities, including insufficient authentication, lack of encryption, insecure software, firmware, interfaces, and privacy concerns. Source

July 22, Threatpost – (International) Bartalex variants spotted dropping Pony, Dyre malware. Security researchers at Rackspace reported that strains of the macro-based Bartalex malware has been observed dropping Pony loader malware along with the Dyre banking trojan. Source

July 23, Computerworld – (National) Hacker: ‘hundreds of thousands’ of vehicles are at risk of attack. A director of security research at IOActive who recently hacked into the system of a 2015 Jeep Cherokee from 10 miles away, reported that the hack could be repeated on hundreds of thousands of vulnerable model year 2013 – 2015 vehicles currently on the road, and that prior access to the vehicle is not required for a zero day-style attack, which works on any Chrysler vehicle with the Uconnect telematics system. Source

Gotham Security Daily Threat Alerts

July 22, Securityweek – (International) Siemens patches vulnerabilities in SIPROTEC, SIMATIC, RuggedCom products. Siemens released updates for its SIPROTEC 4 and SIPROTEC Compact devices addressing a vulnerability in which an attacker could cause a denial-of-service (DoS) condition, a locally exploitable flaw in its SIMATIC WinCC Sm@rtClient application for Android in which an attacker could extract credentials for the Sm@rtServer, and a flaw in RuggedCom devices leaving them vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attacks in which a man-in-the-middle (MitM) attacker could extract sensitive information from encrypted communications. Source

July 22, Help Net Security – (International) It’s official: the average DDoS attack size is increasing. Arbor Networks reported analysis from Quarter 2, 2015 global distributed denial-of-service (DDoS) attack data revealing that the average size of attacks increased, and that the majority of large volumetric attacks leveraged Network Time Protocol (NDP), Simple Service Discovery Protocol (SSDP), and Domain Name System (DNS) servers for reflecting amplification, among other findings. Source

July 22, Securityweek – (International) Researcher discloses local privilege escalation vulnerability in OS X. Security researchers from SektionEins released details on a vulnerability in Mac Operating System (OS) X in which an attacker could open or create arbitrary files owned by the root user anywhere in the file system by leveraging an environmental variable that enables error logging to arbitrary files. Source

July 22, Help Net Security – (International) Google Chrome update includes 43 security fixes. Google released an update for Chrome addressing 43 heap-buffer-overflow, use-after-free, and memory corruption vulnerabilities, among others, that could allow an attacker to take control of an affected system. Source

July 22, IDG News Service – (International) Bug exposes OpenSSH servers to brute-force password guessing attacks. Security researchers reported that OpenSSH servers with keyboard-interactive authentication enabled by default are vulnerable to unlimited authentication retries over a single connection, exposing users to brute-force password guessing attacks. Source

July 21, Nextgov – (National) Security experts point to OPM’s biggest cybersecurity failure. The Institute for Critical Infrastructure Technology released a report citing the lack of a comprehensive governing policy for cybersecurity as the greatest failure leading to the June breach of its systems, and recommended that the agency address security gaps identified by auditors and implement a behavioral analytics system to compensate for rapidly advancing advanced persistent, sophisticated threats. Source

Gotham Security Daily Threat Alerts

July 21, Securityweek – (International) Configuration issue exposes 30,000 MongoDB instances: researcher. The founder of the Shodan computer search engine reported that a default listening configuration in MongoDB exposed about 30,000 database instances containing 592.2 terabytes (TB) of data. Source

July 20, Network World – (International) Microsoft issues critical out-of-band patch for flaw affecting all Windows versions. Microsoft released an update addressing a critical remote code execution vulnerability (RCE) with the OpenType Font Driver in the Windows Adobe Type Manager Library affecting all supported versions of Windows that was being exploited in the wild. Source

July 20, SC Magazine – (International) Study: half of critical infrastructure IT professionals believe major attack looming. Findings from a survey of over 600 critical infrastructure information technology (IT) professionals in Intel Security’s “Critical Infrastructure Readiness Report” revealed that about half of all respondents believe an attack on critical infrastructure in the next three years will down systems and lead to loss of life, and that 90 percent of respondents’ organizations faced an average of 20 attacks in the last year, among other statistics. Source

July 21, Network World – (National) Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep. Fiat Chrysler Automobiles released a manual service bulletin July 16 for various model year 2013 and 2014 Ram, Cherokee, Grand Cherokee, Durango, and Viper vehicles running Uconnect systems addressing vulnerabilities that could have allowed unauthorized and unlawful access to vehicle systems. Source

July 20, Nextgov – (National) OPM changes privacy rules to let investigators inside all databases. The U.S. Office of Personnel Management announced July 16 updated privacy regulations for routine use, granting access for investigators to all its databases in the case of suspected or confirmed security breaches. The public has until August 17 to comment on these changes in confidentiality. Source

Gotham Security Daily Threat Alerts

July 20, Help Net Security – (International) Ashley Madison hacked, info of 37 million users stolen. Hackers calling themselves “The Impact Team” reportedly accessed and stole personal information and financial records of 37 million of AvidLife’s Ashley Madison Web site as well as user databases for 2 other sites that thecompany owns. The hack was perpetrated in response to Avid Life’s failure to provideits offered “full delete” feature for user profiles. Source

July 17, Securityweek – (International) Eaton patches TCP/IP stack flaw affectingcontrols, relays. Eaton released software updates addressing a remotely executableTransmission Control Protocal/Internet Protocol (TCP/IP) stack vulnerability in its Cooper Power Series Form 6 recloser control and Idea/IdeaPLUS relay protection platforms that could allow an attacker to launch man-in-the-middle (MitM) attacks and execute arbitrary code or crash systems connected to the Internet. Source

July 17, SC Magazine – (International) CVS investigating possible payment card breach, shuts down photo Web site. CVS reported that the company had shut down its Web site while it investigated a possible payment card beach of the independent vendor that manages and hosts the site, PNI Digital Media. Company officials confirmed that purchases made in-store and on other CVS Web pages are not affected. Source

Gotham Security Daily Threat Alerts

July 17, Help Net Security – (International) Nearly all Web sites have serious security vulnerabilities. Acunetix released a report on 15,000 Web site and network scans of 5,500 companies revealing that almost half of Web applications scanned contained high security vulnerabilities, and 4 of 5 were affected by medium security vulnerabilities, plying that most organizations fail to comply with the Payment Card Industry Data Security Standard (PCI DSS), among other findings. Source

July 16, Help Net Security – (International) New GamaPoS malware targets U.S. companies. Security researchers from Trend Micro reported that the operators are using the Andromeda botnet to deliver a new point-of-sale (PoS) malware called GamaPoS that scrapes data via Microsoft’s .NET platform, to U.S. financial, information technology, supply, hospitality, and retail organizations nationally, among others. Source

July 16, Threatpost – (International) TotoLink routers plagued by XSS, CSRF, RCE bugs. Security researchers reported that 15 TotoLink routers contain backdoor credentials, multiple remote code execution flaws that could allow an attacker to bypass administrator authentication and execute commands, and cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities that could allow an attacker to change router network configuration settings. Source

July 16, Washington Post – (National) Federal personnel files still very vulnerable and ‘prime targets’ for hackers, audit finds. An audit by the U.S. Department of the Interior inspector general’s office found 3,000 “critical” and “high-risk” vulnerabilities in 3 unnamed key bureaus of the department, potentially allowing hackers to gain access to internal networks through hundreds of publicly accessible computers whose systems are compromised. A lack of central authority over the agency’s information technology systems is delaying fixes, according to the agency’s chief information officer. Source

Gotham Security Daily Threat Alerts

July 16, Threatpost – (International) Security support ends for remaining Windows XP machines. Microsoft ended security support for Microsoft Security Essentials customers running Windows XP as part of its July Patch Tuesday roll-out, and released security advisories for a patched race condition flaw in the Malicious Software Removal Tool (MSRT) allowing for privilege escalation, as well as an update enhancing use of Data Encryption Standard (DES) encryption keys. Source

July 16, Securityweek – (International) Siemens patches authentication bypass bug in telecontrol product. Siemens released a firmware update for its SICAM MIC modular telecontrol devices addressing an authentication bypass vulnerability in which an attacker with network access to the device’s web interface could bypass authentication and perform administrative operations. Source

July 16, The Register – (International) Thunder-faced Mozilla lifts Flash Firefox block after 0-days plugged. Mozilla lifted a block on all versions of Adobe Flash in its Firefox Web browser after Adobe released cross-platform updates addressing two zero-day vulnerabilities that were revealed in a recent breach of the Italian surveillance company, Hacking Team. Source

July 16, Securityweek – (International) Vulnerability exposes Cisco Videoscape devices to DoS attacks. Cisco released an advisory warning of a security bug in its Videoscape Distribution Suite for Internet Streaming (VDS-IS) and VDS Service Broker products in which an unauthenticated remote attacker could cause a denial-of-service (DoS) condition by sending specially crafted Hypertext Transfer Protocol (HTTP) packets to trigger device instability. Source

July 15, Threatpost – (International) New RC4 attack dramatically reduces cookie decryption time. Belgian security researchers discovered biases in the Rivest Cipher 4 (RC4) encryption algorithm that could lead to attacks breaking encryption on websites running transport layer security (TLS) with RC4 and Wi-Fi Protected Access (WPA) Temporal Key Integrity Protocol (TKIP) to perform actions under a victim’s name or gain access to personal information. Source

%d bloggers like this: