Gotham Security Daily Threat Alerts

By Gotham
Posted in Security
On August 02, 2013

August 1, The Register – (International) Gmail,, and e-voting ‘pwned’ on stage in crypto-dodge attack. Researchers demonstrated a man-in-the-middle attack at the Black Hat 2013 conference which can allow unauthorized access to email by preventing logout requests. The attack could also be used against certain electronic voting systems. Source:

August 1, – (International) Google Code developer site targeted by hackers. A researcher at Zscaler identified a scheme where hackers targeted the Google Code developer site in order to host malware, part of a reported trend in attacks. Source:

August 1, Help Net Security – (International) Malware attacks via malicious iPhone chargers. Researchers at the Black Hat 2013 conference built an iPhone charger that can infect devices connected to it and demonstrated how their attack bypassed Apple security features. Source:

August 1, – (International) Crooks using Android master key to sneak trojans onto smartphones and tablet devices. Researchers at Dr. Web identified a trojan exploiting the Android ‘master key’ vulnerability to infect devices. A similar campaign was identified in July. Source:

August 1, IDG News Service – (International) Researchers bypass home and office security systems. Researchers at Bishop Fox demonstrated at the Black Hat 2013 conference several methods to defeat and bypass common building security devices such as door and window sensors, keypad alarms, and thermal sensors. Source:


July 31, The Register – (International) Malicious JavaScript flips ad network into rentable botnet. A presentation by researchers from WhiteHat Security at the Black Hat 2013 conference demonstrated a technique to use iframes in Web advertisements to call a JavaScript file that increases requests to a Web site to perform distributed denial of service (DDoS) attacks without being easily traced. Source:


July 31, Sophos – (International) ZeroAccess malware revisited – new version yet more devious. Researchers at SophosLabs found and analyzed an update to the ZeroAccess malware that adds new techniques to ensure its persistence on infected systems. Source:

July 31, IDG News Service – (International) Vulnerabilities in D-Link network video recorders enable remote spying, researcher says. Researchers at Qualys found remotely exploitable vulnerabilities in two models of D-Link network video controllers that can enable access to surveillance camera feeds and other data. It was unclear whether a firmware update issued in July closed the vulnerability. Source: