Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 12, 2016

October 11, SecurityWeek – (International) Malware abuses Windows Troubleshooting Platform for distribution. Proofpoint security researchers discovered a malicious backdoor, dubbed “LatentBot” was abusing the Microsoft Windows Troubleshooting Platform (WTP) feature to trick users into executing the malicious payload, which was being distributed via email attachments with a lure document that once opened, launches a digitally signed DIAGCAB file containing PowerShell commands that download and install the backdoor trojan. Proofpoint reported the malware allows an attacker to preform surveillance, steal information, and gain remote access operations. Source

October 9, Softpedia – (International) Alleged Lizard Squad and PoodleCorp members arrested. Authorities in the U.S. and the Netherlands arrested two individuals who allegedly operated the,,, and Websites, which offered distributed denial-of-service (DDoS) services for hire as part of the Lizard Squad and PoodleCorp hacking crews. Officials stated the investigation into the hacking groups began when authorities were investigating the service, a Website with ties to other sites operated by the hacking groups that allowed anyone to purchase on-demand harassment phone calls. Source

October 9, Softpedia – (International) New JavaScript malware shuts down your PC if you terminate its process. Kahu Security researchers discovered a new malware variant was hijacking victims’ browsers’ homepages and shutting down the user’s computer if the user detects the malware and attempts to terminate its process in order to hide a series of operations that alter the underlying operating system (OS) settings on a victim’s device. Researchers found the malware is delivered via spam email as a malicious file attachment coded in JavaScript and is executed via the Microsoft Windows Script Host. Source

October 7, SecurityWeek – (International) GE machine monitoring system plagued by serious flaw. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned a serious vulnerability plaguing the serial and universal serial bus (USB) versions of General Electric’s Bently Nevada 3500/22M machine monitoring system could be exploited by remote attackers to gain unauthorized access to the system with elevated privileges due to the existence of several open ports on the affected device. The devices are used in the energy and chemical sectors, and the company advised users to segment networks, leverage system hardening techniques, and implement bump-in-the-wire solutions to secure the devices. Source

October 7, SecurityWeek – (International) Over 500,000 IoT devices vulnerable to Mirai botnet. Flashpoint security researchers discovered over 500,000 Internet of Things (IoT) devices were plagued with vulnerabilities that make the devices an easy target for Mirai or similar botnets that were responsible for massive distributed denial-of-service (DDoS) attacks against and Website hosting provider, OVH due to flawed software and firmware provided by China-based XiongMai Technologies, which includes a telnet service that is active by default and allows easy remote access to the devices. Security researchers revealed that video surveillance products from Dahua Technology accounted for 65 percent of compromised devices in the U.S. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.