Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 06, 2016

January 5, Softpedia – (International) Google patches Android for yet another RCE flaw in its Mediaserver component. Google released patches for 12 vulnerabilities, five of which were categorized as critical, for its Android operating system (OS) including a remote code execution (RCE) flaw in its Mediaserver component, which allowed attackers to craft malicious media files and send them via a multimedia messaging service (MMS) or stream them through a user’s browser. Other issues included an elevation of privilege vulnerability in misc-sd driver and elevation of privilege vulnerabilities in Trustzone, among other flaws. Source

January 5, London Independent – (International) PSN down: PlayStation Network mostly back online following 12-hour outage. Sony Computer Entertainment reported that its PlayStation Network was back online following a 12-hour outage that affected almost all its systems including the PlayStation Store and online play, PlayStation Vita, PS3, and PlayStation 4. Some users continued to have issues following the outage. Source

January 4, Softpedia – (International) Cisco Jabber client flawed, exposes users to MitM attacks. Security researchers from Synacktiv discovered a serious security vulnerability, which affects Cisco’s Jabber client for Windows versions 10.6.x, 11.0.x and 11.1.x that allows attackers to expose a user’s private conversations and steal their login credentials via a simple Man-in-the-Middle (MitM) attack that would downgrade STARTTLS settings and force communications to take place through cleartext, tricking the desktop application into exposing sensitive information. Cisco released version 1.1 after discovering Jabber versions 9.x, 10.6.x, 11.0.x, and 11.1.x for Apple’s iPhone and iPad and Jabber for Android were affected. Source

January 4, Softpedia – (International) Mozilla adds W^X security feature to Firefox. Mozilla reported a new security feature, Write XOR Execute (W^X) was added to its web browser, Firefox in an attempt to protect against basic buffer overflow flaws and memory corruption issues in its OpenBSD operating system (OS). W^X affects how the code, executed inside the browser, interacts with the operating system’s memory and does not allow a process to be writeable and executable simultaneously. Source


Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.