Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On September 20, 2016

September 19, SecurityWeek – (International) Cisco finds new zero-day linked to “Shadow Brokers” exploit. Cisco researchers discovered another zero-day vulnerability leaked by Shadow Brokers in August, which affects the Internet Key Exchange (IKE) v1 packet processing code in Cisco IOS XR versions 4.3.x, 5.0.x, 5.1.x, and 5.2.x and could allow a remote, unauthenticated attacker to retrieve memory contents potentially containing sensitive information by sending a specially crafted IKEv1 packet to an affected device that is configured to accept IKEv1 security negotiation requests. Cisco was working to release a patch for the vulnerability and stated no workaround is available. Source

September 17, Softpedia – (International) H1N1 malware adds support for infostealing features, UAC bypass. Cisco, Proofpoint, and independent security researchers reported recent H1N1 malware versions include a User Access Control (UAC) bypass that can be exploited via unique code obfuscation and a dynamic-link library (DLL) hijacking technique, a self-propagation feature that enables the malware to spread itself to other computers on the same network, and the ability to collect information from infected systems and send it to a central command and control (C&C) server, thereby allowing an attacker to collect and steal information from organizations in the energy, communications, financial, and government sectors, including email login data from Microsoft Outlook and Mozilla Firefox profile login data, among other data. Source

September 16, SecurityWeek – (International) Serious flaws found in Cisco WebEx Meetings Server. Cisco released software updates to resolve vulnerabilities in its WebEx Meetings Server version 2.6 including a critical flaw caused by insufficient sanitization of user-supplied data that can be remotely exploited to execute arbitrary commands with elevated privileges, and a high-severity issue that could allow an unauthenticated attacker to carry out denial-of-service (DoS) attacks by repeatedly attempting to access a specific service. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.