Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 11, 2016

October 7, SecurityWeek – (International) VMware patches directory traversal flaw in Horizon View. VMware released versions 7.0.1, 6.2.3, and 5.3.7 of its Horizon View products for Microsoft Windows after a security researcher, dubbed “Bruk0ut” discovered the products were plagued with a flaw that could allow a remote attacker to carry out a directory traversal attack on the Horizon View Connection Server to access sensitive information. Source

October 7, SecurityWeek – (International) X.Org library flaws allow privilege escalation, DoS attacks. The X.Org Foundation released patches addressing more than a dozen vulnerabilities in its client libraries, including an out-of-bounds memory read or write error flaw in libX11 versions 1.6.3 and earlier, an integer overflow issue on 32-bit systems in libXfixes versions 5.0.2 and earlier, and a denial-of-service (DoS) condition via out of boundary memory access or endless loops in XRecord versions 1.2.2 and earlier, among other vulnerabilities. X.Org reported most of the flaws exist because the client libraries trust the server to send correct protocol data and do not consider that the values could cause an overflow or other issues. Source

October 6, SecurityWeek – (International) Cerber ransomware can now kill database processes. Security researchers from BleepingComputer discovered a new variant of the Cerber ransomware family is able to kill many database processes before the encryption process begins by using a close_process directive in the configuration file in order to encrypt the processes’ data files. The researchers also found Cerber switched to a four-character randomly generated extension and started scrambling the name of the encryption file, making it more difficult for victims to recover their data. Source

October 6, Softpedia – (International) FastPOS malware abuses Windows Mailslots to steal POS data. Trend Micro security researchers reported a point-of-sale (PoS) malware, dubbed FastPOS received updates and now uses a modular design with separate components, memory scrapper and keylogger, designed to infect Microsoft Windows computers running 32-bit and 64-bit systems, making the malware more efficient and more difficult to detect. The malware was spotted abusing Mailslots, a Windows mechanism used to store inter-process communications (IPC) in the computer’s random access memory (RAM) in order to avoid creating permanent files. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.