Skip to content

Gotham Security Daily Threat Alerts

July 25, Threatpost – (International) TAILS team recommends workarounds for flaw in I2P. TAILS operating system developers claimed a vulnerability in the I2P anonymity network software affecting versions 1.1 and earlier can be mitigated with a couple of workarounds, though the vulnerability has yet to be patched. Source: http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p/107422

July 25, Softpedia – (International) Cloud botnets used for mining crypto-currency. Researchers from Bishop Fox created a botnet capable of mining several hundred dollars in Litecoin crypto-currency on a daily basis using free services of multiple cloud-computing businesses. Conducted distributed denial of service (DDoS) attacks was determined to be another way to use the machines. Source: http://news.softpedia.com/news/Cloud-Botnets-Used-for-Mining-Crypto-Currency-452030.shtml

July 24, SC Magazine – (International) Sony to shell out $15M in PSN breach settlement. Sony released a statement July 24 claiming it reached an agreement to pay $15 million in a preliminary settlement associated with the April 2011 hacking of its PlayStation Network system, its on-demand service Qriocity, and gaming portal Sony Online Entertainment, exposing the personal data of roughly 77 million users. Source: http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/

July 24, Threatpost – (International) More details of Onion/Critroni crypto ransomware emerge. Kaspersky Lab and other researchers found that the Critroni or CTB-Locker dubbed Onion uses a number of features that separate it from other forms of malware including that the ransomware is spread through Andromeda using a version of the asymmetric ECDH (Elliptic Curve Diffie-Hellman) algorithm. Source: http://threatpost.com/onion-ransomware-demands-bitcoins-uses-tor-advanced-encryption/107408

July 24, Softpedia – (International) Popular wireless home alarms can be hacked from afar. Two security researchers found that wireless home alarm systems are vulnerable to remote hijacking which would allow for access into the protected environment without tripping the alarm due to the signals lack of encryption or authentication. The tools used to hack into systems are available for purchase, potentially allowing intruders to completely disable the alarm from 10 feet. Source: http://news.softpedia.com/news/Popular-Wireless-Home-Alarms-Are-Easy-to-Hack-452023.shtml

 

Gotham Security Daily Threat Alerts

July 24, The Register – (International) 50,000 sites backdoored through shoddy WordPress plugin. A researcher with Sucuri reported that around 50,000 Web sites were vulnerable to malware injection, defacement, and spam due to a vulnerability in the MailPoet plugin for WordPress. The vulnerability can affect Web sites that do not run MailPoet if the vulnerable plugin is present elsewhere on the same server. Source

July 24, Softpedia – (International) Fake Googlebots used for layer 7 DDoS attacks. Incapsula issued a report that shows how malicious Web crawlers that mimic Googlebots to bypass security are being used for various malicious purposes. The majority of the fake crawlers were used for collecting marketing information while 23.5 percent were used for application layer distributed denial of service (DDoS) attacks. Source

July 23, V3.co.uk – (International) DDoS attackers turn attention to SaaS and PaaS systems, Akamai reports. Akamai released its Q2 2014 Global DDoS Attack Report, which found a 22 percent increase in distributed denial of service (DDoS) attack activity in the second quarter of 2014. The report also found that around half of DDoS attacks targeted IT infrastructure, with vendors of cloud services such as Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) being common targets Source

July 23, The Register – (International) Apple fanbois SCREAM as update BRICKS their Macbook Airs. Users of Apple’s 2011 Macbook Air reported experiencing nonresponsive systems after applying a version 2.9 EFI firmware update to their systems, while others reported difficulties installing the update. Source

July 23, Securityweek – (International) Metro News website compromised to serve malware. Researchers at Websense reported July 22 that the Web site of newspaper Metro.us was compromised and used to redirect visitors to a malicious Web site hosting the RIG exploit kit. The RIG exploit kit then attempts to exploit any present vulnerabilities in users’ software to install a piece of malware identified as Win32/Simda. Source

 

Gotham Security Daily Threat Alerts

July 23, The Register – (International) Android ransomware demands 12x more cash, targets English-speakers. Researchers at ESET identified a new version of the Simplocker ransomware for Android that displays a fake law enforcement ransom note in English and demands a higher ransom than previous versions that were written in Russian and demanded payment in Ukrainian hryvnias. The new version of the ransomware contains additional features such as the encryption of more types of files on victims’ devices and actions that make it more difficult to remove. Source: http://www.theregister.co.uk/2014/07/23/android_ransomware_simplocker_revamp/

July 23, Securityweek – (International) Mozilla fixes 11 vulnerabilities with release of Firefox 31. Mozilla released new versions of its Firefox Web browser and Thunderbird email client July 22, closing 11 vulnerabilities, including 3 rated as critical. Source: http://www.securityweek.com/mozilla-fixes-11-vulnerabilities-release-firefox-31

July 23, Help Net Security – (International) 40% of orgs running VMware still susceptible to Heartbleed. Data collected and analyzed by CloudPhysics found that 57 percent of deployed VMware vCenter servers and 58 percent of ESXi hypervisor hosts remain vulnerable to the Heartbleed vulnerability in OpenSSL, affecting 40 percent of organizations in the CloudPhysics data set. Source: http://www.net-security.org/secworld.php?id=17159

July 23, Help Net Security – (International) Internet Explorer vulnerabilities increase 100%. An analysis by Bromium Labs surveyed vulnerabilities in popular Web browsers and common software and found that vulnerabilities in Internet Explorer increased by more than 100 percent in the first quarter of 2014. Other findings included that Action Script Sprays were leveraged in zero day attacks and that zero day vulnerabilities in Java have declined greatly in the first quarter of 2014 compared to 2013. Source: http://www.net-security.org/secworld.php?id=17158

 

Gotham Security Daily Threat Alerts

July 22, Securityweek – (International) iOS backdoors expose personal data: Researcher. A security researcher presenting at a security conference reported that Apple’s iOS mobile operating system contains several undocumented services which could be used in some circumstances to access email, location data, media, and other personal data. Apple stated that the services are used for diagnostic purposes and can only be used to access data with user approval. Source: http://www.securityweek.com/ios-backdoors-expose-personal-data-researcher

July 21, V3.co.uk – (International) Fresh threat to critical infrastructure found in Havex malware. Researchers at FireEye analyzed a variant of the Havex malware (also known as Fertger or Peacepipe) and found that it contained an open-platform communication (OPC) scanner that could be used to target supervisory control and data acquisition (SCADA) systems used by several industries, including power plants and water utilities. Source: http://www.v3.co.uk/v3-uk/news/2356410/fresh-threat-to-critical-infrastructure-found-in-havex-malware

July 21, Help Net Security – (International) Unpatched OpenSSL holes found on Siemens ICSs. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) stated July 17 that six Siemens industrial control products contained vulnerabilities in their OpenSSL implementation that could lead to man-in-the-middle (MitM) attacks or the crashing of Web servers. Four of the vulnerabilities remain unpatched and are present in industrial control products used by the manufacturing, chemical, energy, agriculture, and water industries and utilities. Source: http://www.net-security.org/secworld.php?id=17146

July 19, Softpedia – (International) Kelihos trojan delivered through Askmen.com. Researchers with Malwarebytes reported that the online publication Askmen.com was compromised by attackers and used to redirect users to a malicious page serving the Nuclear Pack exploit kit for the purpose of infecting users with the Kelihos malware. The compromise was achieved by injecting malicious code into the Askmen.com server, and the site’s administrators were notified. Source: http://news.softpedia.com/news/Kelihos-Trojan-Delivered-Through-Askmen-com-451345.shtml

July 18, Help Net Security – (International) Fake Flash Player steals credit card information. Dr. Web researchers reported finding a new piece of Android malware dubbed BankBot that is disguised as Adobe Flash Player and persistently asks users for administrator privileges in order to display a fake credit card information form and steal any entered information. The malware is currently targeting users in Russia but can be repurposed to attack other targets. Source: http://www.net-security.org/malware_news.php?id=2812

July 18, Securityweek – (International) Researchers analyze multipurpose malware targeting Linux/Unix Web servers. Virus Bulletin published an analysis of a recently discovered piece of malware that infects Linux and Unix Web servers known as Mayhem, which has infected around 1,400 servers. The malware relies on several plugins for various capabilities, including information stealing and brute-force attacks. Source: http://www.securityweek.com/researchers-analyze-multipurpose-malware-targeting-linuxunix-web-servers

July 18, Network World – (International) Cisco counterfeiter gets 37 months in prison, forfeits $700,000. The CEO of ConnectZone.com was sentenced for his role in conspiring with a Chinese company to produce counterfeit Cisco Systems network products and then sell them as genuine products. Four people and two companies were charged in the case, with two others found guilty and a Chinese co-conspiratorremaining at large. Source: http://www.networkworld.com/article/2455477/cisco-subnet/cisco-counterfeiter-gets-37-month-prison-forfeits-700-000.html

July 18, Threatpost – (International) Critroni crypto ransomware seen using TOR for command and control. Security researchers found that a new piece of ransomware known as Critroni has been spotted in use by various attackers using the Angler exploit kit to infect users with it and other malware. The ransomware encrypts victims’ files and demands a ransom, and uses the TOR network to contact its command and control servers. Source: http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command-and-control/107306

Gotham Security Daily Threat Alerts

July 18, Softpedia – (International) New Android ransomware locks device completely. Researchers at Lookout identified a new piece of Android ransomware dubbed ScarePakage that infects devices by posing as a legitimate app on third-party Android markets and then locks the device and demands a ransom. The ransomware uses a Java TimerTask to kill other processes and a wave lock mechanism to prevent the phone from entering sleep mode. Source: http://news.softpedia.com/news/New-Android-Ransomware-Locks-Device-Completely-451125.shtml

July 17, Dark Reading – (International) Government-grade stealth malware in hands of criminals. Sentinel Labs researchers reported that a piece of malware likely originating from a state-sponsored espionage campaign known as Gyges is being repurposed by cybercriminals to conceal and protect various pieces of malware and ransomware. Gyges contains several sophisticated features to avoid detection and prevent reverse-engineering and appears to have originated in Russia. Source: http://www.darkreading.com/government-grade-stealth-malware-in-hands-of-criminals/d/d-id/1297362

July 17, The Register – (International) Microsoft’s Black Thursday: Xbox Live goes down as Xbox Studio canned. Microsoft reported that its Xbox Live gaming and entertainment service went offline for several hours July 17, leaving users unable to access the service during the outage. Source: http://www.theregister.co.uk/2014/07/17/xbox_live_problems/

July 17, Softpedia – (International) DDoS attacks decrease in Q2 2014, compared to Q1. Arbor Networks reported that distributed denial of service (DDoS) attacks during the second quarter of 2014 decreased in terms of speeds and frequency compared to the previous quarter, with average DDoS attack size at 759.83 Mb/s, among other findings. Source: http://news.softpedia.com/news/Volumetric-DDoS-Attacks-Decrease-in-Q2-2014-Compared-to-Q1-451160.shtml

July 17, Softpedia – (International) Neverquest banking trojan expands list of targets. Researchers with Symantec found that the attackers operating the Neverquest banking trojan, also known as Snifula, have focused their efforts on banks in the U.S. and Japan since December 2013. The trojan is able to obtain banking login information from victims and can also steal digital certificates, among other capabilities. Source: http://news.softpedia.com/news/Neverquest-Banking-Trojan-Expands-List-of-Targets-451157.shtml

Gotham Security Daily Threat Alerts

July 17, The Register – (International) Pushdo trojan outbreak: 11 THOUSAND systems infected in just 24 hours. Bitdefender researchers reported that a new campaign to spread the Pushdo botnet malware compromised over 11,000 systems within a 24-hour period, with the majority of infected users in Asia and some in the U.S., U.K., and France. The Pushdo botnet has previously been used in spam campaigns and to distribute malware such as Zeus and SpyEye. Source: http://www.theregister.co.uk/2014/07/17/pushdo_trojan_outbreak/

July 17, Softpedia – (International) Cisco patches critical issue in wireless residential gateway products. Cisco released patches for several Cisco Wireless Residential Gateway products, closing a vulnerability that could allow attackers to use malicious HTTP requests to crash the Web server and inject commands or execute code with elevated privileges. Source: http://news.softpedia.com/news/Cisco-Patches-Critical-Issue-in-Wireless-Residential-Gateway-Products-451109.shtml

July 17, Softpedia – (International) SQL injection risk in vBulletin receives prompt patch. vBulletin released a patch for its forum software which closes a SQL injection vulnerability that was identified and disclosed by Romanian Security Team. Source: http://news.softpedia.com/news/SQL-Injection-Risk-in-vBulletin-Receives-Prompt-Patch-451090.shtml

July 17, Softpedia – (International) Critical vulnerabilities fixed in Drupal 7.29 and 6.32. The Drupal Security Team advised all users to update to versions to 7.29 or 6.32 in order to close vulnerabilities that could allow attackers to perform denial of service (DoS) attacks cross-site scripting (XSS) attacks. Source: http://news.softpedia.com/news/Critical-Vulnerabilities-Fixed-in-Drupal-7-29-and-6-32-451074.shtml

July 17, Threatpost – (International) Five vulnerabilities fixed in Apache Web Server. The Apache Software Foundation released version 2.4.10-dev of its Apache Web Server, closing five vulnerabilities, including a buffer overflow vulnerability and several denial of service (DoS) vulnerabilities. Source: http://threatpost.com/five-vulnerabilities-fixed-in-apache-web-server/107278

 

Gotham Security Daily Threat Alerts

July 16, Securityweek – (International) Oracle patches 13 vulnerabilities, including 20 in Java. Oracle released its Critical Patch Update for July, which includes patches for 113 security vulnerabilities in various Oracle products, including 20 vulnerabilities in Java SE. The 20 vulnerabilities in Java can all be remotely exploited without authentication and users were advised to apply the updates as soon as possible. Source: http://www.securityweek.com/oracle-patches-113-vulnerabilities-including-20-java

July 16, Softpedia – (International) vBulletin exploitable through SQL injection. Members of the Romanian Security Team group identified and reported an SQL injection vulnerability in vBulletin which could be used by attackers to gain access to a forum’s administration panel and databases. The group reported the vulnerability to the developers of vBulletin and stated that they would disclose the full details of the issue once a fix is released. Source: http://news.softpedia.com/news/vBulletin-Exploitable-Through-SQL-Injection-450894.shtml

July 16, Securityweek – (International) OpenBSD downplays PRNG vulnerability in LibreSSL. A researcher with Opsmate reported finding a flaw in the pseudorandom number generator (PRNG) in LibreSSL for Linux. Representatives of the OpenBSD Project confirmed that the issue exists but stated that the now-fixed problem was unlikely to be exploitable in real world conditions. Source: http://www.securityweek.com/openbsd-downplays-prng-vulnerability-libressl

 

%d bloggers like this: