Gotham Security Daily Threat Alerts

By Gotham
Posted in Security
On August 07, 2013

August 6, Softpedia – (International) Experts identify OAuth bypass vulnerability in Microsoft’s social network Yammer. A Vulnerability Lab researcher identified an OAuth bypass vulnerability in Microsoft’s enterprise social network Yammer that could be used to hijack user accounts. The vulnerability was reported to Microsoft and patched July 2013. Source:

August 6, The Register – (International) Windows Phones BLAB passwords to hackers, thanks to weak crypto. Microsoft warned users to take precautions after it was found that the encryption Windows Phones use to transmit domain credentials is cryptographically weak, allowing rogue hotspots to intercept and decrypt the information. Microsoft advised IT departments to distribute a special root certificate that allows the phones to confirm that they are connecting to a genuine access point before transmission. Source:

August 6, Softpedia – (International) hacked, backdoor injected into download files. Download files hosted on were found to be infected with a backdoor that could allow attackers to inject and execute arbitrary code on affected servers. OpenX representatives reported that they have removed the compromised files. Source:

August 6, – (International) Criminals hosting child pornography on 227 business websites. Researchers at the Internet Watch Foundation found that 227 small and medium-sized businesses’ Web sites were hijacked to store child pornography, possibly the first step in a ransomware or blackmail campaign. Source:

August 6, Softpedia – (International) DNS servers of 3 Dutch hosting firms hijacked, thousands of sites serve malware. Researchers at Fox-IT found that three Dutch Web hosts were compromised, with the servers of Digitalus and Virtual Dynamix configured to serve malware. Source:

August 5, IDG News Service – (International) Botnet-powered distributed file storage system uses JavaScript. A researcher from FusionX presenting at the DEF CON 21 conference demonstrated a botnet-like system called HiveMind which uses a piece of JavaScript code loaded into users’ browsers to build a distributed file storage system. Source: