Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On September 02, 2016

September 1, SecurityWeek – (International) Betabot starts delivering Cerber ransomware. Security researchers from Invincea discovered the Betabot ransomware began carrying out a second-stage payload where the malware delivers the Cerber ransomware on the endpoint of a compromised machine after stealing user passwords in the first-stage, in order for the malware operators to increase their profits. Researchers also found the ransomware was being delivered by the Neutrino exploit kit (EK) and stated the malware avoids detection and analysis through virtual machine awareness and by checking for sandboxes. Source

September 1, SecurityWeek – (International) Cisco fixes severe flaw in WebEx, small business products. Cisco released software and firmware updates addressing several vulnerabilities in its WebEx Meetings Player version T29.10 for WebEx Recording Format (WRF) files after a COSIG security researcher discovered a critical flaw that could allow an unauthenticated attacker to execute arbitrary code remotely by tricking a user to open a specially crafted file, and a medium severity vulnerability that could allow an unauthenticated attacker to remotely crash the program by convincing the user to access a malicious file. Cisco also released fixes for three denial-of-service (DoS), cross-site request forgery (CSRF), and cross-site scripting (XSS) issues plaguing its Small Business 220 Series Smart Plus (Sx220) switches that could allow a remote, unauthenticated attacker to gain access to Simple Network Management Protocol (SNMP) objects on a compromised device. Source

September 1, Softpedia – (International) Vulnerability in Yandex browser allows attackers to steal victims’ browsing data. A security researcher from Netsparker discovered the login form of the Yandex Browser was plagued with a cross-site forgery request (CSRF) vulnerability that could allow an attacker to steal a victim’s passwords, bookmarks, autocomplete info, and browser history, among other data, by convincing a user to visit a malicious Website that includes code to create a Yandex Browser data sync login form and submits the information with the attacker’s credentials, thereby starting an automatic syncing process that sends a copy of the user’s data to the attacker. Source

August 31, SecurityWeek – (International) Adobe patches critical vulnerability in ColdFusion. Adobe released security updates for ColdFusion versions 10 and 11 resolving a critical vulnerability after a researcher from discovered the flaw is related to parsing specially crafted XML entities and could lead to information disclosure. Adobe officials advised users to install the patches and apply secure configuration settings to avoid the security flaw. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.