Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 05, 2016

October 4, SecurityWeek – (International) EMC patches critical flaws in VMAX storage products. Dell EMC released patches resolving six vulnerabilities in versions 8.0.x – 8.2.x of its VMAX Unisphere Web-based management console and vApp Manager configuration and support tool for VMware deployments after researchers from Digital Defense, Inc. (DDI) discovered a critical vulnerability that can be exploited to add new admin users and compromise the virtual appliance, as well as a flaw that can be exploited by an unauthenticated attacker to execute arbitrary commands with root privileges and hijack the targeted appliance via maliciously crafted Action Message Format (AMF) messages, among other vulnerabilities. Source

October 4, Help Net Security – (International) Polyglot ransomware decryption tool released. Kaspersky Lab security researchers released a decryption tool for the Polyglot trojan, also known as MarsJoke, which allows victims to restore their files after finding that the trojan mimics the CTB-Locker ransomware, in that it uses a weak encryption key generator that allowed security researchers to develop a tool capable of unlocking a victim’s data. Source

October 3, SecurityWeek – (International) OpenJPEG flaw allows code execution via malicious image files. OpenJPEG released an update addressing several security flaws after Cisco Talos researchers discovered that the open-source library was plagued with an out-of-bounds heap write issue that could allow an attacker to execute arbitrary code on a targeted system when the victim opens a maliciously crafted JPEG2000 image or PDF document that contains a malicious file, among other vulnerabilities. Source

October 3, SecurityWeek – (International) DressCode malware infects 400 apps in Google Play. Trend Micro security researchers warned that a mobile malware family, dubbed DressCode has infected over 3,000 apps distributed by several popular Android mobile markets, including the Google Play store. The malware connects with the command and control (C&C) server, which turns the device into a proxy that can relay traffic between the attacker and internal servers that the device is connected to, thereby allowing the attacker to compromise the user’s network environment, download sensitive data, or use the device as a bot that can be leveraged for distributed denial-of-service (DDoS) attacks or spam email campaigns. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.