Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 28, 2016

October 27, SecurityWeek – (International) Cisco patches 9 flaws in Email Security Appliance. Cisco Systems, Inc. released software updates for its Email Security Appliances (ESA) to resolve a total of nine vulnerabilities, including three denial-of-service (DoS) flaws in the AsyncOS software for Cisco ESA which could allow an unauthenticated remote attacker to cause a DoS condition using maliciously crafted emails and attachments. Cisco also patched vulnerabilities that could allow unauthenticated attackers to remotely trick a user into clicking a malicious link, initiate a DoS condition, and bypass various filters, among other flaws. Source

October 26, SecurityWeek – (International) VMware flaws allows security bypass on Mac OS X. VMware released VMware Tools version 10.1.0 after security researchers from Tencent’s KeenLab discovered that VMware Tools version 9.x and 10.x are plagued with a flaw that could allow a local user to obtain information that can be leveraged to bypass a security mechanism. VMware also released version 8.5 of its VMware Fusion products to resolve a flaw that could allow a privileged local user on a system with System Integrity Protection (SIP) enabled to obtain kernel memory addresses to bypass the kASLR protection mechanism. Source

October 26, SecurityWeek – (International) Adobe patches Flash vulnerability used in targeted attacks. Adobe released a Flash Player update after researchers from Google’s Threat Analysis Group found a critical use-after-free vulnerability that has been exploited in the wild for arbitrary code execution and targeted attacks against users running Microsoft Windows 7, 8.1, and 10. Adobe stated the security flaw affects Flash Player and earlier and Linux versions and earlier. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

October 28, DarkReading - US Charges Several In India Call Center Scam. Authorities file charges against 61 in a phone fraud that cheated 15,000 out of $250 million via identity theft and impersonation. A massive phone scam, which cheated around 15,000 people out of over $250 million, has been busted by US and Indian authorities and 61, including 20 in the US, are charged with the crime, reports The Washington Post. The scheme involved fake calls from call centers in India with the accused posing as officials from the Internal Revenue Service or immigration services and threatening victims with arrest and penalties if not paid outstanding tax dues. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.