Skip to content

Gotham Security Daily Threat Alerts

April 23, The Register – (International) AOL Mail locks down email servers to deal with spam tsunami. AOL confirmed that their AOL Mail email servers were under an intensive spoofing attack beginning April 20 that has sent large volumes of spam emails to users’ inboxes. AOL stated that they changed their DMARC policy in order to prevent unauthorized use, but the change may affect some email-forwarding services and listservs. Source

April 23, Help Net Security – (International) Amazon Cloud IaaS Service servers riddled with vulnerabilities. Researchers at Bkav found in the course of a customer-prompted investigation that several servers for Amazon’s Cloud infrastructure as a service (IaaS) Service and HP’s Public Cloud service contain several vulnerabilities due to the servers’ Windows Server installations not being updated for several months. Source

April 23, Softpedia – (International) SMS trojan FakeInst targets users in 66 countries. Researchers at Kaspersky analyzed the FakeInst trojan for Android and found that attackers have added capabilities since it first appeared in February 2013, allowing it now to target users in 66 countries. The trojan is disguised as an app and can send SMS messages to premium rate numbers as well as intercept text messages. Source

April 23, Softpedia – (International) DDoS attacks increasingly used as a smokescreen for data theft. Neustar released its DDoS Attacks and Impacts Report for 2014 which found that distributed denial of service (DDoS) attacks are increasingly used by attackers as cover for more damaging compromises. Around half of organizations that reported suffering a breach or DDoS attack in 2013 also had malware installed on their systems, with 55 percent of those hit by DDoS attacks losing data or funds, among other findings. Source

April 22, The Register – (International) Patch iOS, OS X now: PDFs, JPEGs, URLs, Web pages can pwn your kit. Apple released updates for its OS X and iOS operating systems, closing 19 security issues including a “triple handshake” error in iOS Secure Transport that could allow an attacker to inject data into secure connections. Source


Gotham Security Daily Threat Alerts

April 22, Help Net Security – (International) Supposedly patched router backdoor was simply hidden. A security researcher who discovered a backdoor vulnerability in several popular home routers found that the firmware update issued by manufacturer Sercomm does not close the vulnerability but instead hides the backdoor. The backdoor can then be opened after sending a specific network packet to the router from the local area network (LAN) or the Internet service provider (ISP), allowing attackers reset the device’s configuration, username, and password to default settings. Source:

April 22, Softpedia – (International) Verizon publishes 2014 Data Breach Investigations Report. Verizon published its 2014 Data Breach Investigations Report, focusing on cyber and physical data breaches across several industries. The report found 198 point of sale (POS) intrusions during 2013, with retail, accommodation, and food services industries the most targeted, among other findings. Source:

April 22, Softpedia – (International) Django 1.6.3 released to address 3 security issues. The developers of the Django framework for Python released new versions of the framework, closing three security vulnerabilities. Source:

April 21, Threatpost– (International) Oracle gives Heartbleed update, patches 14 products. Oracle released updates for five products April 21, closing vulnerabilities related to the Heartbleed vulnerability in OpenSSL. Source:

April 21, SC Magazine – (International) Critical update makes P2P Zeus trojan even tougher to remove. Fortinet researchers found that the peer-to-peer (P2P) Zeus banking trojan recently received an update that also installs a rootkit driver, making the trojan difficult to remove from infected systems. Source:


Gotham Security Daily Threat Alerts

April 21, Dark Reading – (International) Heartbleed attack targeted enterprise VPN. Researchers at Mandiant identified a successful attack campaign that utilized the Heartbleed vulnerability in OpenSSL to target an undisclosed organization’s virtual private network (VPN) and obtain VPN session tokens. The attack began April 8, hijacked several active user sessions, and allowed the attackers to attempt to escalate their privileges within the organization. Source:

April 19, Softpedia – (International) Sophos names spam-relaying “dirty dozen” countries for Q1 2014. Sophos released its list of top spam-relaying countries for the first quarter of 2014, with the U.S. accounting for the most spam by volume at 16 percent of all spam, followed by Spain and Russia. Source:

April 18, Threatpost – (International) ICS-CERT warns of Heartbleed vulnerabilities in Siemens gear. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning that the Innominate mGuard firmware and several Siemens industrial control systems are vulnerable to the Heartbleed vulnerability in OpenSSL. Innominate issued a patch for the vulnerable firmware, while Siemens identified affected systems. Source:

April 18, The Register – (International) Reddit users discover iOS malware threat. Reddit users identified a piece of malware for iOS devices known as Unflod Baby Panda which can target jailbroken iOS devices. Researchers at SektionEins found that the malware listens to SSL traffic and searches for Apple ID information to steal. Source:

April 18, CSO – (International) Major security flaws threaten satellite communications. Researchers at IOActive released a paper outlining critical vulnerabilities in satellite communication gear from several major manufacturers that could allow attackers to disrupt or eavesdrop on communications systems used in the maritime, energy, aeronautics, and media industries as well as those used by government and emergency services. Affected manufacturers were notified and details will not be publicly released until the second half of 2014 to allow manufacturers to close the vulnerabilities. Source:

Gotham Security Daily Threat Alerts

April 18, Softpedia – (International) Cybercriminals can hijack Steam accounts with Steam Guard enabled. Researchers at Malwarebytes found that attackers have been able to compromise Steam accounts with the Steam Guard verification service enabled by using phishing pages that ask users to upload the .ssfn file from their Steam folder, allowing the Steam Guard security feature to be bypassed. Source:

April 18, Softpedia – (International) Trojan-SMS.AndroidOS.Stealer.a is one of the most widespread mobile trojans. Kaspersky Labs researchers found that the Trojan-SMS.AndroidOS.Stealer.a trojan accounted for almost a quarter of attempted infections of Android devices running the company’s security software during the first quarter of 2014, with the highest amount of infections found in Russia. The trojan is capable of opening Web pages, sending SMS messages, installing applications, and other functions. Source:

April 17, Charleston Post and Courier – (South Carolina) Bomb threat reported at Google Data Center in Berkeley County. The Google Data Center in Berkeley County, South Carolina, was evacuated for several hours April 17 after a bomb threat was found in a note left at the facility. Workers were allowed to return after police cleared the building. Source:


The Power of Database Portability in Exchange 2010 and 2013

Exchange 2010 and Exchange 2013 offer several different methods to recover from mailbox server failures. One such method is known as database portability, which allows a mailbox database that was mounted on one mailbox server to be remounted on a different mailbox server.

This can be helpful when there is a server failure and the physical database files are still intact (and, of course, a different copy of the database is not available to be activated if the server is a member of a DAG).

In the example below we experienced a server failure and did not have database copies available to activate. This particular mailbox server experienced a hardware failure, so rebuilding the server with the RecoverServer switch was not an option until the faulty hardware was replaced (The RecoverServer option is a parameter that can executed during a server build that is used for rebuilding failed servers). As such, we decided the fastest option for restoring the databases was to mount the databases that were hosted on the failed server on a different server (as coincidence had it, this other server was going to host a second copy of the databases once additional storage was made available).

Read more…

Gotham Security Daily Threat Alerts

April 16, Softpedia – (International) Oracle fixes 104 security holes with April 2014 CPU. Oracle released its April Critical Patch Update (CPU), containing patches for 104 vulnerabilities in various Oracle products, 37 of which affect Java SE. Source:

April 16, – (International) Samsung Galaxy S5 fingerprint scanner hacked. Researchers at Security Research Labs demonstrated a method to defeat the Samsung Galaxy S5’s fingerprint scanner, which could allow an attacker to unlock the device by using a print of the owner’s fingerprint. Source:

April 16, Softpedia – (International) Adobe Reader for Android 11 updated to fix remote code execution vulnerability. Adobe released an update for its Adobe Reader for Android, closing a vulnerability that could be used to remotely execute arbitrary code when a user opens a malicious .PDF document. Source:

Gotham Security Daily Threat Alerts

April 15, Softpedia – (International) Expert finds SQL injection, RCE vulnerabilities in Flickr Photo Books. A security researcher identified and reported a SQL injection vulnerability and a remote code execution vulnerability in Flickr’s Photo Books Web site that could allow an attacker to gain access to Flickr’s databases. Yahoo closed the vulnerabilities after a second report by the researcher. Source:

April 15, Help Net Security – (International) Hardware manufacturer LaCie suffered year-long data breach. Computer storage manufacturer LaCie stated that the FBI informed the company of a data breach where malware was used to gain access to customer transactions carried out on the company’s Web site. LaCie temporarily disabled the e-commerce portion of its Web site and will be resetting users’ passwords in response. Source:

April 15, Help Net Security – (International) Heartbleed: VMware starts delivering patches. VMware announced that it began issuing patches for its products affected by the Heartbleed OpenSSL vulnerability, with patches for all affected products expected by April 19. Source:

April 14, Softpedia – (International) Flash SMS flaw in iOS can be exploited to make the lock screen unresponsive. A security researcher identified a Flash SMS flaw in iOS that can be used to make a device’s lock screen unresponsive, which could be used for ransom attacks. The flaw was fixed with the release of iOS 7.1 but devices running previous versions of the mobile operating system are vulnerable. Source:


%d bloggers like this: