Employee Login Customer Login
Menu

Blog Categories

Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 30, 2015

October 29, Securityweek – (International) 13 million passwords leaked from free hosting service. A security expert reported October 28 that 13 million personal user records including names, emails, and plaintext passwords from the free web hosting service, 000webhost.com were compromised after its main server was exploited via a flaw in its old version of PHP. To mitigate future breaches, 000webhost updated its systems, increased its encryption, and changed all passwords. Source

October 29, Securityweek – (International) Several flaws patched in Xen Hypervisor. Researchers from Xen Project released a total of nine advisories addressing recently patched Xen hypervisor vulnerabilities including hypercall issues leveraged to cause a denial-of-service (DoS) condition via repeated logging to the hypervisor console, privilege escalation vulnerability, and a multicall issue exploited via a malicious guest to crash a host, amongst other patched security holes after experts from Citrix, Alibaba, and SUSE discovered each vulnerability. Source

October 28, Securityweek – (International) “Chikdos” Malware abuses MySQL Servers for DDoS attacks. Researchers from Symantec reported that the Chikdos trojan malware designed to hijack both Linux and Windows, recently targeted MySQL servers via a malicious user-defined function (UDF) working as a downloader trojan (Downloader.Chikdos) that allows actors to conduct distributed denial-of-service (DDoS) attacks via SQL injection attacks. Symantec data confirms the most infected MySQL servers were located in India, China, Brazil, Holland, and the U.S. Source

October28, Securityweek – (International) Infinite Automation patches flaws in SCADA/HMI product. Infinite Automation Systems released an updated version of its Mango Automation product patching a series of vulnerabilities after researchers from ICS-CERT discovered unrestricted fire upload, information exposure, SQL injection, and cross-site scripting vulnerabilities. The version fixed all the flaws except an OS command injection and a cross-site request forgery (CSRF) flaw. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.

You May Also Be Interested In...

Stay in the loop

Be the first to know about our latest events, webinars, and job openings!

Get to know us

Work with Us

Contact Us

Headquarters:
Gotham Technology Group, LLC
5 Paragon Drive
Suite 103
Montvale, NJ 07645

  • Get help:
© 2024, Gotham Technology Group, LLC.