Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On February 06, 2015

February 5, Softpedia – (International) Flash Player 16.0.0.305 patches zero-day vulnerability. Adobe released an update for its Flash Player affecting version 16.0.0.296 and earlier versions for Windows and Macintosh that fixes a zero-day vulnerability reported by Trend Micro researchers. The vulnerability was leveraged by attackers through the Hanjuan exploit kit in malvertising campaigns on popular Web sites targeting Internet Explorer and Mozilla Firefox users. Source

February 5, Softpedia – (International) Kovter trojan distributed via malvertising on Huffington Post. AOL removed malicious content from its network after Cyphort researchers discovered the spread of a previously observed malvertising campaign which delivers the Kovter trojan for ad-fraud to popular Web sites through three advertising networks. The researchers also found that this campaign utilizes different command and control (C&C) servers. Source

February 4, Reuters – (International) Accused Silk Road operator convicted on U.S. drug charges. A federal jury convicted the suspected founder of the underground Silk Road Web site February 4 on several charges, including conspiracies to commit money laundering, computer hacking, and drug trafficking for his role in an approximately $200 million anonymous online drug sale scheme involving Bitcoins. Source

February 4, Dark Reading – (International) Apple iOS now targeted in massive cyber espionage campaign. Trend Micro researchers discovered two malicious applications which utilize Apple’s iOS operating system connected to Operation Pawn Storm, a cyber espionage campaign targeting personal information, text messages, contact lists, voice recordings, pictures, lists of installed apps and processes, and geolocation data from personnel in Western military, government, defense industry firms, and the media. Source

February 3, PCWorld – (International) Dangerous Internet Explorer vulnerability opens door to powerful phishing attacks. Microsoft reported that it is working on a security update to address an Internet Explorer universal cross-site scripting (XSS) vulnerability discovered by a Deusen researcher that could allow attackers to bypass the Same-Origin Policy to launch phishing attacks or hijack users’ accounts on any Web site. Source

 

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.