Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On February 10, 2015

February 9, Securityweek – (International) DDoS malware for Linux distributed via SSH brute force attacks. FireEye researchers reported February 9 that a campaign utilizing Secure Shell (SSH) brute force attacks to install a distributed denial of service (DDoS) XOR.DDoS malware, first discovered by Malware Must Die in September 2014, has executed nearly 1 million login attempts between November 2014 and the end of January. Source

February 9, Securityweek – (National) Tax fraud prompts Intuit to temporarily suspend state e-filing. Financial software developer Intuit paused State income tax e-filings made through the company’s TurboTax services February 5 and restored services February 6 after suspected fraudulent filings using stolen identities appeared in returns from 19 States. Source

February 6, Securityweek – (International) Zero-day flaw in WordPress plugin used to inject malware into sites. WordPress patched a zero-day flaw in its FancyBox plugin after Sucuri researchers noted the vulnerability could allow attackers to inject malware or scripts into Web sites, after numerous users complained of malicious “iframe” injections on their sites. Source

February 6, Securityweek – (International) Adobe Flash Player security update fixes 18 vulnerabilities. Adobe released updates that patch a total of 18 Flash Player vulnerabilities, including fixes for use-after-free flaws and two types of confusion vulnerabilities. Source

 

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.