Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 15, 2016

January 14, SecurityWeek – (International) Cisco patches serious flaw in networking, security products. Cisco released software updates that addressed multiple critical vulnerabilities in several of its networking and security products including an unauthorized access issue that affects Cisco standalone and modular controllers running Wireless LAN Controller (LAN) software that allowed attackers to modify the device’s configuration and compromise the device. Source

January 13, Softpedia – (International) DHCP gets a fix for denial-of-service bug. The Internet Systems Consortium (ICS) patched a flaw in its Dynamic Host Configuration Profile (DHCP) software packages after a security researcher from Sophos discovered the vulnerability allowed attackers to crash the systems by sending a malicious network packet with an invalid IPv4 UDP length field. Source

January 13, IDG News Service – (International) Microsoft fixes critical flaws in Windows, Office, Edge, IE and other products. Microsoft released security updates that patched critical flaws in its Windows, Office, Edge, Internet Explorer, Silverlight, and Visual Basic products, including remote code execution vulnerabilities, elevation of privilege vulnerabilities, and a spoofing flaw. Source

January 13, Softpedia – (International) Shoddy ransomware destroys user’s files. Security researchers from Trend Micro identified a ransomware dubbed RANSOME_CRYPTEAR.B that used a crypto flaw hidden in the Hidden Tear ransomware to infect users and encrypt their files by redirecting users to fake Adobe Flash websites that distributes a malicious Flash Player update and allows attackers to infect the victim’s system with a crypto-ransomware that would encrypt all data files. Authors of the malware were seen throwing away the encryption key, rendering all encrypted files unrecoverable. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.