Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On November 16, 2016

November 15, SecurityWeek – (International) Cryptsetup flaw exposes Linux systems to attacks. Security researchers discovered a vulnerability affecting the disk encryption utility Cryptsetup that could allow attackers with physical access to a targeted Linux system to gain root access to the system, and copy, modify, or destroy data on the hard disk by holding down the “Enter” key for approximately 70 seconds during boot. The flaw occurs when the system partition is encrypted using the Linux Unified Key Setup (LUKS) disk encryption standard, and is due to the incorrect handling of password checks. Source

November 15, SecurityWeek – (International) Kovter trojan fuels spike in new malware variants. Symantec released a report which revealed that the number of new malware variants increased from roughly 50.1 million in September to 96.1 million in October due to the Kovter trojan family. The report also revealed that the RIG exploit kit (EK) accounted for 37.4 percent of the EK activity spotted during October, among other findings. Source

November 14, SecurityWeek – (International) Hackers find code execution flaw in VMware Workstation. VMware released a patch resolving a critical out-of-bounds memory access vulnerability in its Workstation Player and Pro 12.x, and Fusion Pro 8.x products that can be exploited from the guest to execute arbitrary code on the host operating system (OS) running the products if the drag-and-drop and copy-and-paste functions are enabled. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.