Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On December 15, 2016

December 13, SecurityWeek – (International) Flaw in PwC security tool exposes SAP systems to attacks. Security researchers at ESNC discovered PricewaterhouseCoopers’ Automated Controls Evaluator (ACE) tool was plagued with a remote code execution flaw that could be exploited to remotely inject and execute malicious Advanced Business Application Programming (ABAP) code on a targeted Systems, Applications and Products (SAP) system. The flaw could allow a malicious actor to manipulate accounting documents and financial results, bypass segregation of duties restrictions, and bypass change management controls, potentially resulting in fraud, theft or manipulation of sensitive data, and unauthorized payment transactions and transfer of money. Source

December 13, SecurityWeek – (International) Serious vulnerabilities found in McAfee Enterprise product. A security researcher discovered Intel Security’s McAfee VirusScan Enterprise for Linux (VSEL) product versions 2.0.3 and earlier are plagued by 10 vulnerabilities, including information disclosure flaws, cross-site request forgery (CSRF) bugs, remote code execution flaws, and privilege escalation issues, among others vulnerabilities, 4 of which can be chained to achieve remote code execution with root privileges. Intel Security advised users to upgrade to Endpoint Security for Linux (ENSL) 10.2 or later to avoid the flaws. Source

December 12, SecurityWeek – (International) Flaws allow remote hacking of Moxa MiiNePort devices. Moxa released firmware updates for its MiiNePort embedded serial device servers after a security researcher found the devices were plagued with two vulnerabilities, one of which can be exploited to brute-force an active session cookie and download a device’s configuration file containing sensitive information such as the administrator password remotely from the Internet, which could give a malicious actor unrestricted privileges and allow the attacker access to the device. The second vulnerability relates to how the configuration data is stored in a file without being encrypted. Source

December 12, SecurityWeek – (International) Users warned of Zcash miner infections. Kaspersky Lab reported that cybercriminals have covertly infected roughly 1,000 devices with software that mine for Zcash (ZEC), a new cryptocurrency worth about $49 per ZEC, in order to make a significant profit. Kaspersky Lab stated cybercriminals were disguising the miners as legitimate applications and distributing them via torrent Websites, and reported that no attempts to install the miners using Website vulnerabilities or email spam campaigns have been spotted. Source

December 12, SecurityWeek – (International) Alpha version of Sandboxed Tor Browser available for Linux. The Tor developer known as Yawning Angel released Sandboxed Tor Browser 0.0.2, a version of the browser designed to offer additional security to users as it traps exploits and prevents them from accessing files, real Internet Protocols (IPs) and media access control (MAC) addresses from the host. The developer warned the new version has unresolved issues affecting security and fingerprinting, and the application is only compatible with Linux systems as it leverages bubblewrap, a sandboxing utility for Linux. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.