Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On December 18, 2015

December 16, Softpedia – (International) XRTN ransomware discovered, currently undecryptable. A researcher from Bleeping Computer’s released a report on the XRTN ransomware detailing how the malware infects a computer system by sending email attachments, such as malicious Word documents and batch files that are encoded with JavaScript commands, to a victim’s corporate or personal email, that if opened and downloaded, attackers can execute the JavaScript commands to run batch files that will encrypt personal data files and add the .xrtn extension. All files are encrypted with an RSA-1024 key, which can only be decrypted with a private key held by the attacker. Source

December 16, Softpedia – (International) Four Network Management Systems vulnerable to SQLi and XSS attacks. Two security researchers discovered six vulnerabilities in four Network Management Systems (NMS) that allow attackers to gain access to applications and use the affected system to carry out future attacks via four cross-site scripting (XSS) flaws and two SQL injection (SQLi) flaws, which enables hackers to access a user’s session information, through the management interface, breach the underlying database, steal information about all connected devices, and escalate privileges over the server itself. Source

December 16, IDG News Service – (International) Grub2 bootloader flaw leaves locked-down Linux computers as risk. Two researchers from the Cybersecurity Group at Universitate Politenica de Valencia found an integer underflow vulnerability in Grand Unified Bootloader2 (GRUB2), a boot loader for Linux systems, that can be triggered by pressing the backspace key 28 times when the bootloader asks for a user’s credentials, allowing unauthorized access to a powerful shell which can enable hackers to rewrite the Grub2 code loaded in the RAM and bypass the authentication checkpoint. Once an attacker penetrates the bootloader, hackers can destroy data on the disk and install malware to steal authentic users’ encrypted home folder data. The vulnerability exist in all versions of GRUB2 from 1.98 released December 2009 to the current 2.02. Source

December 15, The Register – (International) Web host Moonfruit defies Armada DDoS crew… by (temporarily) defeating itself. United Kingdom-based web host, Moonfruit was back online after pulling its own website and many of its customers’ websites offline for approximately twelve hours while researchers upgraded the company’s defenses and advised users to update settings following a December 10 denial-of-service (DDoS) attack by the Armada Collective Crew that shut down the company’s website for 45 minutes. The company stated they were making significant infrastructure changes to prevent future DDoS attacks. Source


Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.