Gotham Security Daily Threat Alerts 4/29-5/1/14

By Nancy Rand
Posted in Support
On May 05, 2014

April 26, 2014 - Microsoft Security Advisory 2963983 - Vulnerability in Internet Explorer Could Allow Remote Code Execution Version: 1.0. Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

April 30, Softpedia – (International) 4chan hacked, attacker mainly targeted moderator accounts. The founder of 4chan stated April 30 that the popular bulletin board site was breached by attackers who leveraged a software vulnerability to gain administrator functions and steal moderator account names and credentials. The vulnerability used by the attackers was patched once 4chan became aware of it. Source:

April 30, Softpedia – (International) 14 security issues addressed with the release of Firefox 29. Mozilla released the latest version of it Firefox browser, Firefox 29, which closes 14 vulnerabilities, five of which were rated as critical. Source:

April 29, Help Net Security – (International) 99 percent of Q1 mobile threats targeted Android. F-Secure Labs released its latest Mobile Threat Report, which found that 99 percent of new mobile threats detected in the first quarter of 2014 targeted the Android mobile operating system, and that 277 new threat families were discovered during the time period, among other findings. Source:

April 29, Help Net Security – (International) AOL breach confirmed, bigger than initially thought. AOL confirmed April 28 that attackers breached the company’s systems and networks, leading to a significant increase in spoofed email spam from AOL Mail accounts. Around 500,000 users had their email addresses, postal addresses, address book contacts, encrypted passwords, and encrypted security questions compromised in the breach. Source:

April 29, Softpedia – (International) Siemens patches Heartbleed bug in industrial products. Siemens published an advisory and updates for several of its industrial control systems (ICS) programs that address the Heartbleed vulnerability in OpenSSL. Some Siemens ICS software remain unpatched, and the company advised users to apply workarounds until a full patch is made available. Source:

April 29, Softpedia – (International) Apple fixes vulnerability that granted anyone access to personal details of developers. Apple closed a vulnerability in its Developer Center’s Radar application that could have been exploited to obtain the contact information of Apple retail and corporate employees and iOS, Mac, and Safari developers. A proof-of-concept was revealed by the researcher who discovered the vulnerability after Apple closed the vulnerability. Source:

April 29, Softpedia – (International) Phishers abuse Microsoft Azure to target PayPal, Apple, and Visa customers. Researchers at Netcraft reported that cybercriminals are making use of 30-day trials of Microsoft’s Azure cloud service to host phishing Web sites. The researchers identified several Azure-hosted phishing pages targeting Apple, Comcast, PayPal, Visa, American Express, and Cielo customers. Source:

April 29, The Register – (International) Researchers warn of resurgent Sefnit malware. Researchers at Facebook reported that the Sefnit malware has been seen in use again, but without the use of a Tor client. The malware instead establishes direct connections to one or more command and control servers using a secure Plink connection. Source:

April 28, Help Net Security – (International) Flash 0-day exploited in watering hole attacks, Adobe provides patch. Adobe released updates for it Flash Player for Windows, Mac, and Linux following the discovery of a new zero-day vulnerability that is being actively exploited in the wild. Users were advised to update immediately. Source:

April 28, CNET News – (International) Stop using Microsoft’s IE browser until bug is fixed, US and UK warn. The U.S. Computer Emergency Readiness Team (US-CERT) advised users to stop using the Internet Explorer browser until Microsoft can develop a patch for a recently-disclosed vulnerability that can allow attackers to run malicious code. The vulnerability is currently being used in attacks against U.S. defense and financial organizations, according to FireEye researchers. Source:

April 28, – (International) Critical Microsoft Internet Explorer flaw leaves one in four web users vulnerable. Microsoft warned users of its Internet Explorer (IE) browser after FireEye researchers discovered a critical zero day vulnerability that affects IE 6 through IE 11 and could allow an attacker to use a Flash exploitation technique to remotely execute code. FireEye researchers spotted attacks using the vulnerability targeting IE 9 through IE 11, representing about a quarter of total browser users. Source:

April 28, Softpedia – (International) 4 vulnerabilities and 38 bugs fixed with the release of MyBB 1.6.13. The latest version of MyBB was released for download, closing 4 security vulnerabilities and addressing 38 functionality bugs. Source:

April 28, Softpedia – (International) Apache Struts released to properly fix zero-day vulnerability. The Apache Software Foundation released an update for its Apache Struts open-source framework, addressing an issue with a previous update that included a fix for a zero day vulnerability that was not efficient. Source:

April 28, Softpedia – (International) XSS vulnerability in leveraged for large-scale DDoS attacks. The source of a distributed denial of service (DDoS) attack on a client of Incapsula early in April that involved 20 million GET requests was found to be, a popular Chinese Web portal. Incapsula informed of the issue and the site was able to close a cross-site scripting (XSS) vulnerability that was used to power the attack. Source:

April 25, Softpedia – (International) Security patches released for IP.Board 3.3.x and 3.4.x. Invision Power Services released security patches for its IP.Board 3.3.x and 3.4.x products, addressing three file inclusion issues and a cross-site scripting (XSS) vulnerability. Source:

April 25, Threatpost – (International) Exploiting Facebook Notes to launch DDoS. A security researcher discovered and reported a method that can be used to launch distributed denial of service (DDoS) attacks through the Facebook Notes feature by using random GET parameters for HTML tags. Facebook stated that they acknowledged the issue but would not change the method the tags are handled because it would degrade user functionality. Source:

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.