Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 06, 2017

January 4, SecurityWeek – (International) Pseudo-Darkleech remains prominent distributor of ransomware. Palo Alto Networks security researchers reported that the pseudo-Darkleech campaign is expected to remain a prominent ransomware distributor in 2017 after finding the campaign’s operators were able to quickly adapt to major exploit kit (EK) and ransomware landscape changes during 2016 to maintain the high level of attacks and to ensure the campaign remained relevant. The researchers found, however, that the pseudo-Darkleech campaign’s infection method remains the same, in that it directs a victim who visits a compromised Website with malicious script to an EK landing page designed to fingerprint the device to find vulnerable applications and exploit them.  Source

January 4, SecurityWeek – (International) Google researcher finds certificate flaws in Kaspersky products. Kaspersky Lab resolved two flaws in its anti-malware products after a Google Project Zero security researcher found the products were plagued with a critical flaw related to how Kaspersky Antivirus inspects Secure Sockets Layer (SSL)/Transport Layer Security (TLS) connections that could allow an attacker to intercept all traffic to a certain domain by sending the targeted Kaspersky Antivirus user two certificates with the same key. The researcher also found a high severity flaw involving improper protection of the private key for the local certificate authority (CA) root which could allow any unprivileged user to become a CA.  Source

January 4, SecurityWeek – (International) XSS flaws decline, DoS becomes more common: Imperva. Imperva analyzed Web application vulnerability trends in 2016, and found that the total number of vulnerabilities discovered since 2015 has increased, while the number of issues impacting Web applications has declined potentially due to a shift in research focus, and not due to Web applications being more secure than before. Imperva found that more than 25 percent of flaws observed were classified as high priority, and that the number of denial-of-service (DoS) bugs has significantly increased, but the amount of cross-site scripting (XSS) flaws has declined, among other findings.  Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.