Gotham Security Daily Threat Alerts

By Gotham
Posted in Security
On August 09, 2013

August 8, The Register – (International) HP plugs password-leaking printer flaw. HP released patches for several models of LaserJet Pro printers that closes a vulnerability caused by hardcoded URLs in the printers’ firmware which could allow an attacker to extract plaintext user passwords. Source:


August 8, Help Net Security – (International) Chrome not the only browser that stores plain-text passwords. Google responded to a software developer’s post that discussed how the Chrome browser displays saved passwords by stating that if an attacker compromises a user’s operating system account then there would be insufficient means to prevent them from accessing passwords. Several security researchers debated whether the saved passwords systems represent a security threat, while one noted that Firefox also stores passwords in a similar manner.


August 8, The Register – (International) ‘Hand of Thief’ banking trojan reaches for Linux – for only $2K. A banking trojan called “Hand of Thief” targeting Linux users was found for sale for $2,000 in underweb forums, according to a researchers from RSA. The trojan includes form-grabbers for several browsers, routines to block access to security updates and measures, and virtual machine detection to avoid analysis. Source:

August 7, Threatpost – (International) Remotely exploitable bug affects wide range of Cisco telepresence systems. Cisco issued an advisory after a serious vulnerability in its TelePresence system caused by default credentials in the system that could be used by an attacker to gain complete control of the Web server on which the system is running. Workarounds were listed for use until a patch can be issued. Source:

August 7, Softpedia – (International) Malware developers migrate ZeuS P2P protocol to new port range. Researchers at Damballa found that the developers of the GameOver peer-to-peer (P2P) version of the ZeuS malware have begun migrating the P2P protocol to a new port range. Source:

August 7, The Register – (International) Malicious snoopware targeting India found at tiny Midwest ISP. ThreatConnect researchers traced a malware-based cyberespionage campaign targeting India to a small internet service provider (ISP) in Kansas City, Missouri. The researchers found booby-trapped .PDF files and Flash video files used in the campaign, as well as a .ZIP file of malware on the ISP’s systems. Source:

August 7, Softpedia – (International) Reveton malware uses fake AV to help crooks make a profit. ThreatTrack Security researchers identified a variant of the Reveton ransomware that uses a fake antivirus program called Live Security Professional to lure users into pay the cybercriminals behind it. The ransomware is distributed using the Sweet Orange exploit kit. Source: