Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On August 26, 2016

August 25, SecurityWeek – (International) Cisco updates ASA software to address NSA-linked exploit. Cisco began releasing updates for its Adaptive Security Appliance (ASA) software resolving a remote code execution flaw leveraged by a zero-day exploit, dubbed EXTRABACON which affects the Simple Network Management Protocol (SNMP) code of the ASA software and can be exploited by a remote hacker to cause a system crash or execute arbitrary code. Cisco advised users to update their installations to version 9.1.7(9) or later. Source

August 25, SecurityWeek – (International) Attackers can target enterprises via GroupWise collaboration tool. Micro Focus released patches resolving critical vulnerabilities in its GroupWise collaboration tool, including two reflected cross-site scripting (XSS) flaws that can be abused to execute arbitrary JavaScript and hijack and admin’s session, a persistent XSS vulnerability affecting the GroupWise WebAccess message viewer that can be exploited by embedding malicious code in an email and getting the victim to interact with the message, and a heap-based buffer overflow flaw affecting the GroupWise Post Office Agent and GroupWise WebAccess that could be used to achieve remote code execution, among other vulnerabilities. Micro Focus advised users to update their installations to GroupWise 2014 R2 SP1 HP1 or later. Source

August 24, SecurityWeek – (International) Android botnet uses Twitter for receiving commands. Researchers from ESET reported a new Android backdoor, dubbed Android/Twitoor impersonates a MMS program or adult content player application and uses a defined Twitter account to receive commands after being launched, which either instruct the backdoor to download malicious applications, including mobile banking malware onto the infected device or to switch to a different command and control (C&C) Twitter account. Researchers also found that Twitoor botnet’s transmitted messages are encrypted and use new communication methods, such as social networks in order to remain undetected and more difficult to block. Source

August 24, SecurityWeek – (International) Flaw allow attackers to hijack VMware vRA appliances. VMware addressed vulnerabilities affecting its vRealize Automation (vRA) appliances, including a flaw in vRA 7.0.x appliance via port 40002 that can be abused for remote code execution and allow an attacker to gain access to a low-privileged account on the affect device, and a second flaw in vRA 7.0.x and VMware Identity Manager 2.x that can be exploited by a hacker with access to a low-privileged account to obtain root privileges. VMware reported attackers could combine the vulnerabilities to compromise and take control of a vRA appliance and urged users to update vRA to version 7.1. Source

August 24, Softpedia – (International) forums hack compromises over 25 million user accounts. LeakedSource reported that over 25 million user records from 3 of forums, including Cross Fire game, ParaPa Dance City game, and Ground War: Tank game were leaked due to outdated vBulletin forum software that was compromised to allow hackers access to data including usernames, passwords, and emails, among other information. The Mail.Ru Group stated that the leaked passwords were no longer valid and were associated with forums of game projects the company previously acquired. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.