Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On July 16, 2015

July 15, IDG News Service – (International) Darkode computer hacking forum shuts after investigation spanning 20 countries. U.S. authorities filed hacking charges against 12 suspects affiliated with the Darkode hacker Web forum after the FBI and law enforcement organizations from 20 countries shut down the site and arrested or searched 70 Darkode members worldwide. The Web site allowed hackers to share technology and tradecraft used to infect computers and wireless devices of victims. Source

July 15, Softpedia – (International) Hacking Team malware hides in UEFI BIOS to survive PC reinstalls. Security researchers from Trend Micro discovered that Hacking Team ensured surveillance malware persistence on systems by using Unified Extensible Firmware Interface (UEFI) Basic Input/Output System (BIOS) rootkit to re-install the malware every time it was deleted from the system. Source

July 15, Securityweek – (International) Oracle patches Java zero-day, 192 other security bugs. Oracle released updates addressing 193 security issues across multiple product lines, including a Java remote code execution vulnerability that was exploited by the advanced persistent threat (APT) group Pawn Storm, 54 flaws in third-party components in Oracle product distributions, and 23 vulnerabilities in Java SE that can be exploited remotely by an unauthenticated attacker, among other fixes. Source

July 15, Help Net Security – (International) TeslaCrypt 2.0 makes it impossible to decrypt affected files. Security researchers at Kaspersky Lab discovered that recent TeslaCrypt version 2.0 ransomware infections display a Cryptowall 3.0 Web page, possibly in an attempt to convince victims that the malware uses more robust encryption than it actually does. Source

July 15, Softpedia – (International) HTML5 can be used to hide malware in drive-by download attacks. Italian security researchers discovered that Hypertext Markup Language 5 (HTML5)-based obfuscation techniques could be used to hide malware in drive-by download exploits using HTML technologies and application program interfaces (API). Source

July 14, Securityweek – (International) Microsoft patches Hacking Team zero-days, other vulnerabilities. Microsoft released 14 bulletins addressing vulnerabilities in Windows, Office, SQL Server, and Internet Explorer, including a zero-day Jscript 9 use-after-free memory corruption bug in Internet Explorer 11 and a memory corruption flaw in the Adobe Type Manager Font Driver that could both allow an attacker to take complete control of a vulnerable system, as well as a remote code execution flaw affecting the Remote Desktop Protocol (RDP). Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.