Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On August 22, 2016

August 18, SecurityWeek – (International) Cisco patches critical flaws in Firepower Management Center. Cisco released patches for its Firepower Management Center to address several flaws in the appliance’s Web-based graphical user interface (GUI) including a medium-severity cross-site scripting (XSS) flaw, a critical vulnerability that could allow an authenticated attacker to remotely execute arbitrary commands on a device with root-level privileges, and a flaw that could allow an authenticated attacker to elevate user account privileges due to insufficient authorization checking in the Fire Management Center and the Cisco ASA 5500-X series with select versions of FirePOWER Services. Cisco researchers stated there is no evidence the flaws have been exploited in the wild. Source

August 17, Softpedia – (International) Cisco patches zero-day included in Shadow Brokers leak. Cisco released security patches after The Shadow Brokers, a group selling hacking tools stolen from the Equation Group, leaked tools that contain exploits to leverage two vulnerabilities, one of which is a zero-day vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) software, which can allow an unauthenticated attacker to cause a reboot of affected products and lead to remote code execution (RCE). Cisco researchers found that the exploits also leverage a vulnerability in the command-line interface (CLI) parse of ASA software that could allow an authenticated, local attacker to execute arbitrary code on the device or create a denial-of-service (DoS) condition. Source

August 17, Softpedia – (International) WordPress plugin hijacks websites to show payday loan ads. WordFence researchers discovered the authors of the 404 and 301 WordPress plugin were hijacking the content of other Web sites by adding code to the original Web site in order to show search engine optimization (SEO) spam email on a user’s homepage and to display ads for payday loan services. The plugin authors removed the code responsible for delivering the ads and researchers stated version 2.3.0 is safe to use. Source

August 17, Softpedia – (International) Adwind RAT rebrands yet again, this time as JBifrost. Fortinet researchers discovered that the criminal group behind the Adwind remote access trojan (RAT) rebranded the malware as JBifrost and updated the malware to include a new column that shows an infected system’s keyboard status, a column that shows the title of the victim’s current window, a new feature that enables attackers to steal data from Web forms displayed in the Google Chrome browser, and a new tab called Misc that enables users to configure additional JBifrost servers. Researchers also found that JBifrost only accepts Bitcoin and that the RAT’s Web site now requires an invitation code to register and purchase the malware. Source


Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.