Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On December 17, 2015

December 16, Softpedia – (International) FireEye security devices provide attackers with backdoor into corporate networks. Two security researchers discovered several FireEye security products had two zero-day flaws, such as the RCE and privilege escalation bug that can execute malicious code disguised as the highly privileged Malware Input Processor (mip) user and gain administrative privileges on the infected device. FireEye released patches addressing the vulnerabilities. Source

December 16, SecurityWeek – (International) Mozilla patches critical flaws with release of Firefox 43. Mozilla released its new Firefox 43 web browser that patches 21 security flaws including cross-site reading attacks, use-after-free vulnerabilities, and privilege escalation issues related to WebExtension APIs, among other patches, as well as several feature improvements, including a 64-bit version for Microsoft Windows. Source

December 16, SecurityWeek – (International) Critical DoS flaw patched in BIND. The Internet Systems Consortium (ISC) released updates to its open source software, BIND that patches three vulnerabilities including a remotely exploitable denial-of-service (Dos) issue that can trigger a REQUIRE assertion in db.c, causing the server to close and deny service to clients, as well as a socket error that can cause the server to exit when encountering an INSIST assertion failure in the “resolver.c” library. The latest updates also fixes an Open SSL vulnerability connected to the BN_mod_exp function that could produce issues on x86_64 systems. Source

December 16, Help Net Security – (International) Asian company is the newest APT threat. A researcher from CloudSek CTO discovered the group, dubbed Santa APT was targeting international software companies and individuals to exploit confidential information via a desktop malware that disguises itself on the targets computer, collects files, and sends the files back to the attacker’s Command & Control (C&C) server, and through a second malware that targets Microsoft Android and Apple iOS devices. Source

December 15, U.S. Attorney’s Office, District of New Jersey – (New Jersey) Three men arrested in hacking and spamming scheme. A U.S. Attorney official reported December 15 that three men from Florida, New Jersey, and Maryland were charged with conspiracy to commit fraud and activities in connection to computers, and conspiracy to commit wire fraud after the trio allegedly compromised the personally identifiable information (PII) of millions of several different corporate employees and generated more than $2 million in illegal profits by creating a computer program to distribute disguised spam emails and used proxy servers and botnets to conceal the origin of the emails while collecting login credentials of employees, personal information, and confidential business information. Source

December 15, IDG News Service – (International) TeslaCrypt Ransomware attacks are increasing. Security researchers from Symantec reported that the file-encrypting ransomware program, dubbed TeslaCrypt has been targeting computer games and related software, increasing its infection rate from 200 a day to 1,800. The ransomware infects a system via email attachments with the words “invoice,” “doc,” or “info” that contains heavily obfuscated JavaScript code designed to evade antivirus detention and download the ransomware program. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.