Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On December 21, 2016

December 19, SecurityWeek – (International) Spear phishing attacks target industrial firms. Kaspersky Lab researchers warned that a spear phishing campaign has targeted roughly 500 organizations in the smelting, power generation and transmission, construction, and engineering industries across 50 countries since August 2016 in order to spy on users and steal sensitive data. The phishing emails contain a subject line with text used in a company’s correspondence in order to trick the victim into opening the malicious Rich Text Format (RTF) file attached, which downloads a malware that can diminish the ability of antivirus products. Source

December 19, SecurityWeek – (International) Brute force attacks on WordPress Websites soar. WordPress security firm Wordfence warned that the number of brute force attacks targeting WordPress Websites have increased to more than 700,000 attacks per day since November 24, and the number of unique attack Internet Protocols (IPs) has increased from an average of about 13,000 per day in the period between October 16 and November 24 to over 30,000 per day. The firm reported it has blocked up to 23 million brute force attack attempts per day. Source

December 19, SecurityWeek – (California) Los Angeles County notifies 756,000 of data breach. Los Angeles County officials announced December 19 it is notifying about 756,000 people that their personal information including Social Security numbers, names, and dates of birth, among other sensitive information, may have been compromised after 108 county employees were victims of a phishing email scam in May 2016. Officials reported a Nigerian national was charged in connection with the incident. Source

December 19, SecurityWeek – (International) Privilege escalation, RCE flaws patched in Nagios Core. A security researcher from Legal Hackers discovered the Nagios Core alerting and monitoring software is plagued by two vulnerabilities, one of which is a remote code execution (RCE) flaw that can be exploited by a man-in-the-middle (MitM) attacker via the Rich Site Summary (RSS) feed feature, allowing the malicious actor to read and write arbitrary files on the compromised server, as well as execute code in the context of a Nagios user. Once an attacker achieves this level of access, the actor can exploit the second flaw to elevate their privileges to root, potentially causing the entire system to be compromised. Source

December 19, SecurityWeek – (International) LinkedIn’s notifies users of data breach., LinkedIn’s online learning platform, announced it will notify about 9.5 million users worldwide that their user information may have been compromised after the company became aware that a database containing user information had been accessed by an unauthorized third party. LinkedIn stated the passwords of roughly 55,000 users have been reset as a precaution, and there is no evidence that passwords were exposed or that any data was made publicly available. Source

December 19, SecurityWeek – (International) MacBooks leak disk encryption password. A security researcher discovered that an attacker with physical access to a locked or sleeping Apple MacBook can retrieve the FileVault 2 password in clear text by connecting a special device to the targeted device’s Thunderbolt port due to the fact that the direct memory access (DMA) attack protections are not active before the operating system (OS) has booted, thereby enabling an attacker to read and write memory from a MacBook device via the Thunderbolt device. The researcher found that the attack does not work if the targeted MacBook has been turned off as the password is no longer available in the memory. Source

December 16, SecurityWeek – (International) Updated Tordow Android malware gets ransomware capabilities. Comodo security researchers warned that an updated version of the Tordow Android malware, dubbed Tordow v2.0 was spotted and is now able to act as a ransomware, steal login credentials, and manipulate banking data, as well as encrypt and decrypt files, and remove security software. The malware spreads through compromised variants of popular social media and gaming applications that are available for download via third-party Websites and behave like the legitimate apps, while they include embedded and encrypted malicious functions. Source

December 16, U.S. Department of Justice – (International) Three Romanian nationals indicted in $4 million cyber fraud scheme that infected at least 60,000 computers and sent 11 million malicious emails. Three Romanian nationals were extradited to the U.S. the week of December 12 and charged for their alleged roles in a $4 million cyber fraud scheme where the trio infected at least 60,000 devices, primarily in the U.S., by sending more than 11 million malicious emails that contained a malware that the group created in order to harvest personally identifiable information, such as credit card information and user names and passwords from the infected devices. The trio reportedly used the stolen credit card information to fund their criminal activities. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.