Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On November 02, 2016

November 1, Help Net Security – (International) Google warns of actively exploited Windows zero-day. Google disclosed a Microsoft Windows zero-day local privilege escalation vulnerability in the Windows kernel that could allow attackers to escape the sandbox. Google researchers warned that the flaw is being actively exploited in the wild. Source

October 31, SecurityWeek – (International) Nymaim starts using PowerShell to download payload. Verint security researchers discovered the Nymaim malware dropper received updates and is now delivered via spear-phishing emails carrying Macro-enabled Microsoft Word documents, uses PowerShell to download a first-stage payload, includes more effective obfuscation methods, and abuses MaxMind to avoid detection by security software. If the MaxMind query response includes a string of interest, such as the names of security vendors, the first stage Nymaim payload is not downloaded. Source

October 31, IDG News Service – (International) Joomla websites attacked en masse using recently patched exploits. Sucuri security researchers discovered that malicious actors were exploiting two critical vulnerabilities patched in Joomla 3.6.4 to create accounts with elevated privileges on Websites built with the Joomla content management system, even in cases where registration is disabled. Sucuri researchers reported that nearly every Joomla Website on its network was impacted and between October 26 and October 28, there were roughly 28,000 attacks. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.