Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On August 25, 2016

August 24, Help Net Security – (International) Leaked EXTRABACON exploit can work on newer Cisco ASA firewalls. Researchers from SilentSignal discovered the EXTRABACON exploit of the zero-day buffer overflow vulnerability affecting the Simple Network Management Protocol (SNMP) code of the Cisco Adaptive Security Appliance (ASA), Private Internet eXchange (PIX), and Firewall Services Module versions 8.4. (4) and earlier leaked by ShadowBrokers, can also be modified to compromise ASA version 9.2.(4). Cisco researchers are working to develop a definite solution of the exploit. Source

August 23, Softpedia – (International) Two free decrypters available for WildFire ransomware. Kaspersky and Intel McAfee released two decrypters that can unclock files encrypted by WildFire ransomware infections and are available for download from the NoMoreRansom Website. Researchers stated that since July 23, WildFire infected 5,309 devices and earned 136 Bitcoin, or $79,000 from users paying the ransom. Source

August 23, Softpedia – (International) Face authentication systems can be bypassed using a VR headset & Facebook photos. Researchers from the University of North Carolina at Chapel Hill reported hackers could bypass face authentication systems on the 1U App, BioID, KeyLemon, Mobius, and True Key after finding that if an attacker passes a high-resolution photo through a three-dimensional (3D) modeling software, then transfers the 3D head to a virtual reality (VR) device, a machine running the facial recognition software will authenticate the attacker. Researchers found that in photos where the quality was lower, such as social media photos, the authentication rate was lower. Source

August 24, Softpedia – (International) Critical flaws let attackers hijack cellular phone towers. Security researchers from Zimperium discovered three critical flaws affecting software packages from Legba Incorporated, Range Networks, and OsmoCOM, among other vendors running on Base Transceiver Station (BTS) stations, including a flaw in a core BTS software service that exposes the device to external connections, which could allow an attacker to reach the BTS station’s transceiver and take remote control of the BTS station, extract information from the passing data, alter Global System for Mobile Communications (GSM) traffic, or crash the station. Researchers also discovered a memory buffer overflow bug that could allow an attacker to run malicious code on the device, and an issue that allows an attacker to remotely execute commands on the station’s transceiver module without administrative credentials. Source

August 23, Softpedia – (International) US ports targeted with zero-day SQL injection flaw. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned that the Navis WebAccess component of the Navis maritime transportation logistics software suite was plagued by a zero-day structured query language (SQL) injection flaw after U.S. ports reported a series of attacks that targeted publicly available news-pages in the Navis application and occurred as a part of the Uniform Resource Locator (URL) string due to a flaw in the application’s error reporting system. Navis released a patch for the flaw and ICS-CERT stated all five U.S. companies using the application have applied the necessary patches. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.