Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On August 30, 2016

August 29, Help Net Security – (International) XSS flaw in D-Link NAS devices allows attackers to mess with your data. A security researcher discovered seven D-Link network-attached storage (NAS) devices were plagued with a cross-site scripting (XSS) flaw in the device’s administrative Web interface that can be exploited through an authenticated Server Message Block (SMB) login attempt and could allow attackers to access a targeted device and change the stored contents after detecting the flaw in the firmware of D-Link DNS-320 rev A. The researcher stated this XSS flaw does not require the victim to visit a malicious Website or open an attacker-supplied link, and that the malicious code can be injected without direct nor indirect access to the vulnerable application. Source

August 29, SecurityWeek – (International) Kaspersky patches vulnerabilities in consumer products. Kaspersky Lab released updated for its KLIF, KLDISK, and KL1 Internet security products resolving several denial-of-service (DoS) and memory disclosure vulnerabilities after Cisco researchers discovered a flaw in KLIF drivers that can allow a malicious app to execute an application programming interface (API) call using invalid parameters and crash the system, a flaw related to how the KL1 driver handles input/output control (IOCTL) calls, which could be exploited to cause a memory access violation and crash the system, and a flaw caused by weak implementation of the KlDiskCtl service in the KLDISK that can allow attackers to use specially crafted IOCTL calls to leak kernel memory content and obtain information. Source

August 29, Softpedia – (International) Tech support scammers find new tricks to hijack Chrome browser. Malwarebytes researchers discovered a new method to hijack Google Chrome Web browsers where hidden JavaScript code puts the user’s browser into full screen mode, hiding the address bar and user interface (UI) toolbar in order to load a JPEG image at the top of the page that is crafted to look like Chrome’s original UI bar. The researchers also discovered a second trick targeting Chrome users where scammers created popups that mimicked original Chrome alerts, and would continue to display more alerts if a user clicked the appropriate checkmark. Source

August 29, SecurityWeek – (International) User data possibly stolen in Opera Sync breach. Opera notified 1.7 million Sync customers August 26 of a potential data breach discovered the week of August 22 after an attacker hacked the system and potentially accessed user information, including usernames and passwords. Opera officials advised its customers to change their Sync passwords, as well as any passwords to third-party Websites synchronized with the service. Source

August 26, Softpedia – (International) Fantom ransomware mimics Windows update screen. An AVG security researcher discovered a new ransomware variant, dubbed Fantom was being distributed as a fake Microsoft Windows critical update screen to trick users into running the malicious file, criticalupdate01.exe, which encrypts victims’ files and displays a ransom note in Hypertext Markup Language (HTML) or TXT files after the encryption process ends. Researchers stated that users must contact the malicious actor via email to get the private key and unlock their encrypted files, and then the ransomware runs two batch scripts to delete its installation files. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

August 29, Dark Reading - Report: Hackers Breach Two State Election Databases, FBI Warns. FBI's need-to-know-only advisory doesn't specify, but Yahoo News' sources say it refers to 'suspected foreign hackers' targeting voter registration databases in Arizona and Illinois. Two US states' election databases have been breached, according to a confidential flash alert issued Aug. 18 by the FBI's Cyber Division, and obtained by Yahoo News. The alert, labeled as restricted for "DIRECT NEED TO KNOW" recipients, was issued three days after Homeland Security Secretary Jeh Johnson told election officials, during a Aug. 15 conference call, that the Department of Homeland Security was not aware of “specific or credible cybersecurity threats” to the election. Source

August 29, Dark Reading - Russian Hacker Convicted of 38 Counts Related To PoS Hack Scheme. Sold 2 million credit cards and defrauded banks of $169 million. A Russian citizen was convicted of 38 counts of wire fraud, identity theft, possession of unauthorized access devices, and other charges in connection with a four-year point-of-sale hacking scheme that cost banks over $169 million in losses and forced one small business into bankruptcy. Roman Valerevich Seleznev, aka "Track2," 32, of Vladivostok, Russia, was charged in a 40-count indictment almost two years ago. Last week he was convicted of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices, and two counts of aggravated identity theft. His sentencing is scheduled for Dec. 2. Source


Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.