Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 03, 2016

September 30, SecurityWeek – (International) Tofsee malware distribution switched from exploit kit to spam. Security researchers from Cisco Talos reported that attackers stopped distributing the Tofsee ransomware via the RIG exploit kit (EK), and began leveraging spam email campaigns to deliver the malware downloaders, which instruct victims to download and open the ZIP archive attached to the message that contains an obfuscated JavaScript file with a WScript downloader, which runs an executable from a remote server controlled by the attacker. Researchers stated the malware allows hackers to conduct cryptocurrency mining, carry out distributed denial-of-service (DDoS) attacks, and send spam, among other malicious actions. Source

September 30, SecurityWeek – (International) Cisco forgets to remove testing interface from security appliance. Cisco inadvertently introduced a critical vulnerability in both its physical and virtual Email Security Appliances (ESA) running IronPort and AsyncOS software that could allow a remote attacker to gain control of the affected device with root privileges due to an internal testing and debugging interface that attacks can connect to without authorization. Cisco advised users to reboot their devices using the reboot command from the command-line interface in order to disable the internal testing and debugging interface. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.