Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 21, 2016

October 20, SecurityWeek – (International) Lexmark patches critical flaw in printer management tool. Lexmark International, Inc. released an update for its Markvision Enterprise printer management software after security researchers from Digital Defense Inc. (DDI) found the software was plagued with a vulnerability in the Apache Flex BlazeDS that can be exploited to read arbitrary files via specially crafted Action Message Format (AMF) messages and retrieve the file storing the admin credentials, as well as an issue that allows attackers to upload arbitrary files and execute code with elevated privileges, among other vulnerabilities. Users are advised to change the admin password after installation, as the encrypted password stored in the text file is not updated after installation. Source

October 20, SecurityWeek – (International) Windows zero-day exploited by “FruityArmor” APT group. Security researchers from Kaspersky Lab discovered that a zero-day remote code execution vulnerability patched by Microsoft in its October 2016 security bulletin was being leveraged in attacks carried out by an advanced persistent threat (APT) group, dubbed “FruityArmor” for privilege escalation on an affected system. Researchers found that the FruityArmor APT’s attack platform is built around Microsoft PowerShell and abuses Windows Management Instrumentation (WMI) for persistence in order to make it difficult to detect on a system. Source

October 19, SecurityWeek – (International) Skype calls expose user keystrokes: Researchers. Researchers from the University of California Irvine (UCI) and two Italian universities found that Microsoft Skype users typing on their laptop or desktop during a Skype call are vulnerable to a keyboard acoustic eavesdropping attack, as the Voice-over-IP (VoIP) software receives acoustic emanations of keystrokes during a Skype conversation and sends them to other users participating in the VoIP call, thereby allowing an attacker to reconstruct the user’s input, including potentially confidential information such as passwords. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

October 21, CNBC - Internet traffic firm Dyn warns of new attack, earlier assault impacted many.

Internet traffic company Dyn on Friday warned of another cyber attack after earlier in the day websites and services across the East Coast were shut down. Many prominent websites including Amazon, Twitter, Spotify and were shut down for two hours Friday morning by a denial of service attack. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.