Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 13, 2017

January 12, SecurityWeek – (International) Eight vulnerabilities patched in WordPress. WordPress version 4.7.1 was released, resolving a total of 8 security flaws and 62 bugs including 2 cross-site request forgery (CSRF) flaws, several cross-site scripting (XSS) vulnerabilities, and a weak crypto issue related to multisite activation keys. Source

January 12, SecurityWeek – (International) Four high severity DoS flaws patched in BIND. The Internet Systems Consortium (ICS) released BIND versions 9.9.9-P5, 9.10.4-P5, 9.11.0-P2, and 9.9.9-S7 addressing four high severity denial-of-service (DoS) flaws that can be remotely exploited to cause the BIND name server process to encounter an assertion failure and stop executing. ICS stated it was not aware of the vulnerabilities being actively exploited. Source

January 11, SecurityWeek – (International) Command execution vulnerability patched in Ansible. Red Hat released updates for the Ansible IT automation platform addressing a security bypass vulnerability after security researchers from Computest found that a flaw in the controller, the central node in an Ansible installation, could be leveraged by an attacker to bypass filters and gain control of certain facts to execute arbitrary code on the controller, and subsequently move to the other hosts. Source

January 11, SecurityWeek – (International) Powerful “Spora” ransomware lets victims pay for immunity. Security researchers from Emsisoft warned that a newly observed ransomware, dubbed Spora is distributed via spam emails masked as invoices and leverages Windows CyrptoAPI for encryption, using a mix of RSA and Advanced Encryption Standard (AES) that allows the ransomware to encrypt files without a command and control (C&C) server connection, as well as ensuring that a decryption tool developed for one victim will not work for another victim. The researchers also found that Spora is able to determine how much ransom a victim should pay by creating creates statistics of the targets to encrypt and saving them to a .KEY file as a set of six numbers. Source

January 11, SecurityWeek – (International) RIG grabs 35% of exploit kit market in December. Symantec researchers reported that the RIG exploit kit (EK) was responsible for nearly 35 percent of the total EK activity during December 2016, with Fiesta at roughly 4 percent, and the Magnitude EK at about 3 percent. The number of Web attacks blocked by Symantec increased by about 33 percent in December 2016 after the company blocked 388,000 attacks per day in comparison to the 291,000 attacks blocked per day in November 2016.   Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

January 12, THE WALL STREET JOURNAL- Hacker group Shadow Brokers retires, dumps more code as parting gift. A hacking group that claims to have obtained cyberweapons from the U.S. National Security Agency on Thursday said it is ceasing operations but also released a fresh batch of files linked to online attacks.

The moves by the group, which calls itself the Shadow Brokers, are the latest chapter in a bizarre story that has played out largely in the background of a battle between the U.S. and Russia over claims that state-sponsored Russian hackers attempted to influence the 2016 presidential election. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.