Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 20, 2016

January 19, Softpedia – (International) Yahoo fixes bug that could compromise email accounts when opening an email. Yahoo! patched a cross-site scripting (XSS) vulnerability that affected its mail’s Web Interface after a researcher from Finish found that the flaw allowed attackers to fully compromise email accounts by crafting an email with a malicious code in the message’s body and sending the malicious email to a target. The vulnerability can be executed each time a user opens an email. Source

January 19, SecurityWeek – (International) Siemens patches flaw in building automation products. Siemens released firmware updates patching a reflected cross-site scripting (XSS) vulnerability for its automation products running on the OZW web server after a researcher found the flaw affected login pages of the QZW672 and OZW772 embedded web servers, which enabled attackers to redirect users to phishing web sites, steal users’ data, or convince users to download malware onto their devices. Source

January 19, CSO Online – (International) Linux zero-day affects most Androids, millions of Linux PCs. A security researcher from Perception Point discovered a new zero-day vulnerability affecting Android phones running 4.4 KitKat operating system (OS) and Linux machines running Kernel 3.8 or higher OS that can allow attackers to delete files, view private information, and install malicious programs on Android or Linux applications. Researchers reported that no exploits were observed in the wild. Source

January 19, SecurityWeek – (International) Linux trojan takes screenshots every 30 seconds. Security researchers from Doctor Web detected a new Linux trojan dubbed Linux.Ekoms.1 can help cybercriminals spy on users by searching through temporary folders for audio recordings and screenshots with the .aat, .sst, .ddt, and .kkt extensions in users’ devices, which are uploaded to a remote server hardcoded within the malware. Once the stolen data is sent to the remote server, the data is encrypted and attackers can use the command and control (C&C) server to send various commands to the infected machine. Source

January 18, SecurityWeek – (International) Authentication flaw found in Advantech ICS Gateways. Security researchers from Rapid7 discovered a serious authentication bypass vulnerability and a potential backdoor account in Advantech’s EKI products that allowed attackers to bypass the authentication process by using any public key and password via the Dropbear SSH daemon, which was lacking a verification protocol. In addition, researchers discovered an alleged backdoor account after a hardcoded username and password could be used by an unauthenticated attacker to access a production device. Source

January 18, Softpedia – (International) Kaspersky warns of potential cyberattacks against World Economic Forum participants. Kaspersky security experts reported that it is expecting advanced persistent threat (APT) groups to increase their efforts and attempts at hacking high-ranking officials’ computers and mobile devices from various countries and companies at the World Economic Forum (WEF) in Davos, Switzerland. The security firm advised attendees to use Virtual Private Network (VPN) connections to browse the Internet, charge mobile devices from an outlet, and use passwords instead of PINs to protect devices. Source

January 18, The Register – (International) Updated Android malware steals voice two factor authentication. A Symantec security researcher reported that the Android.Bankosy trojan malware can open a backdoor to activate unconditional call forwarding and silent mode on Android handsets, collect a list of system-specific information and send it to the command and control (C&C) server to register the infected device, and obtain a unique identifier to further communicate with the C&C server to receive commands. Source

January 17, Softpedia – (International) DDoS attack hits Kickass Torrents, DNS servers crippled. The largest Internet portal, Kickass Torrents, reported that its web site was offline for almost 24 hours after an unknown attacker conducted denial-of-service (DDoS) attacks to its web site’s domain name servers (DNS), and that during the week of January 10, the web site was hit with smaller DDoS attacks. Officials reported the web site is running, but are anticipating further attacks. Source

January 15, SecurityWeek – (International) Apple’s Gatekeeper bypassed again. A security researcher from Synack discovered a Gatekeeper bypass technique that managed to bypass Apple’s operating system (OS) X’s Gatekeeper security feature by finding a signed application that loads and executes an external binary at runtime, create a .dmg file in which the external binary is replaced with a malicious file, and deliver the malicious file to users via injecting the file into insecure download connections or by uploading the file to third-party application stores. Apple released a temporary patch addressing the vulnerability. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.